diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 71c23e3..5dd5036 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -38,7 +38,7 @@ package_debug: paths: - build/*.rpm only: - - tags + - tags package_release: stage: package @@ -51,4 +51,4 @@ package_release: paths: - build/*.rpm only: - - tags + - tags diff --git a/conf/pangu/pangu_pxy.conf b/conf/pangu/pangu_pxy.conf index 82ad8ad..a274def 100644 --- a/conf/pangu/pangu_pxy.conf +++ b/conf/pangu/pangu_pxy.conf @@ -1,54 +1,55 @@ -[DEBUG] -LOG_LEVEL=0 -[LOG] -NIC_NAME=enp131s0f2 -ENTRANCE_ID=0 -KAFKA_BROKERLIST=192.168.10.73:9092 +[debug] +log_level=0 -[MAAT] +[log] +nic_name=enp131s0f2 +entrance_id=0 +kafka_brokerlist=192.168.10.73:9092 + +[maat] # 0:json 1: redis 2: iris -MAAT_INPUT_MODE=0 -TABLE_INFO=./pangu_conf/table_info.conf -JSON_CFG_FILE=./pangu_conf/pangu_ctrl.json -STAT_FILE=./log/pangu_scan.status -FULL_CFG_DIR=./pangu_policy/full/index/ -INC_CFG_DIR=./pangu_policy/inc/index/ -MAAT_REDIS_SERVER=192.168.11.243 -MAAT_REDIS_PORT=6379 -MAAT_REDIS_DB_INDEX=4 -EFFECT_INTERVAL_S=1 +maat_input_mode=0 +table_info=resource/pangu/table_info.conf +json_cfg_file=resource/ +stat_file=log/pangu_scan.status +full_cfg_dir=pangu_policy/full/index/ +inc_cfg_dir=pangu_policy/inc/index/ +maat_redis_server=192.168.11.243 +maat_redis_port=6379 +maat_redis_db_index=4 +effect_interval_s=1 -[TANGO_CACHE] +[tango_cache] enable_cache=1 -#MINIO IP, As WiredLB required -MINIO_IP_LIST=192.168.10.61-64; -MINIO_LISTEN_PORT=9000 +#minio ip, as wiredlb required +minio_ip_list=192.168.10.61-64; +minio_listen_port=9000 -#MAX_CONNECTION_PER_HOST=1 -MAX_CNNT_PIPELINE_NUM=20 -#MAX_CURL_SESSION_NUM=100 -MAX_CURL_TRANSFER_TIMEOUT_S=15 +#max_connection_per_host=1 +max_cnnt_pipeline_num=20 +#max_curl_session_num=100 +max_curl_transfer_timeout_s=15 -CACHE_BUCKET_NAME=openbucket -MAX_USED_MEMORY_SIZE_MB=5120 -CACHE_DEFAULT_TTL_SECOND=3600 -CACHE_OBJECT_KEY_HASH_SWITCH=1 +cache_bucket_name=openbucket +max_used_memory_size_mb=5120 +cache_default_ttl_second=3600 +cache_object_key_hash_switch=1 -#1-MINIO,2-REDIS -CACHE_HEAD_FROM_SOURCE=2 -CACHE_HEAD_REDIS_KEY=MINIO_EVENTS_INFO -CACHE_HEAD_MAIN_REDIS_IP=192.168.10.63 -CACHE_HEAD_REDIS_IPLIST=192.168.10.62-63; -CACHE_HEAD_REDIS_PORT=6379 +#1-minio,2-redis +cache_head_from_source=2 +cache_head_redis_key=minio_events_info +cache_head_main_redis_ip=192.168.10.63 +cache_head_redis_iplist=192.168.10.62-63; +cache_head_redis_port=6379 -#WIRED LOAD BALANCER Configuration -#WIREDLB_OVERRIDE=1 -#WIREDLB_TOPIC= -#WIREDLB_DATACENTER= -WIREDLB_MINIO_HEALTH_PORT=52100 -#WIREDLB_MINIO_GROUP= -WIREDLB_REDIS_HEALTH_PORT=52101 -#WIREDLB_REDIS_GROUP= +#wired load balancer configuration +#wiredlb_override=1 +#wiredlb_topic= +#wiredlb_datacenter= +wiredlb_minio_health_port=52100 +#wiredlb_minio_group= +wiredlb_redis_health_port=52101 +#wiredlb_redis_group= cache_undefined_obj=1 query_undefined_obj=0 diff --git a/platform/src/key_keeper.cpp b/platform/src/key_keeper.cpp index dcac4ed..3dc0ec4 100644 --- a/platform/src/key_keeper.cpp +++ b/platform/src/key_keeper.cpp @@ -507,9 +507,14 @@ struct key_keeper* key_keeper_init(const char * profile, const char* section, vo { keeper->work_mode = KK_MODE_NORMAL; } - MESA_load_profile_string_def(profile, section, "ca_path", keeper->trusted_ca_path, sizeof(keeper->trusted_ca_path), "./conf/mesalab-ca.pem"); - MESA_load_profile_string_def(profile, section, "untrusted_ca_path", keeper->untrusted_ca_path, sizeof(keeper->untrusted_ca_path), "./conf/mesalab-ca-untrust.pem"); - MESA_load_profile_string_def(profile, section, "cert_store_host", keeper->cert_store_host, sizeof(keeper->cert_store_host), "xxxxx"); + + MESA_load_profile_string_def(profile, section, "ca_path", keeper->trusted_ca_path, + sizeof(keeper->trusted_ca_path), "./resource/tfe/mesalab-ca.pem"); + MESA_load_profile_string_def(profile, section, "untrusted_ca_path", keeper->untrusted_ca_path, + sizeof(keeper->untrusted_ca_path), "./resource/tfe/mesalab-ca-untrust.pem"); + MESA_load_profile_string_def(profile, section, "cert_store_host", keeper->cert_store_host, + sizeof(keeper->cert_store_host), ""); + MESA_load_profile_uint_def(profile, section, "cert_store_port", &(keeper->cert_store_port), 80); MESA_load_profile_uint_def(profile, section, "hash_slot_size", &(keeper->hash_slot_size), 1024*128); MESA_load_profile_uint_def(profile, section, "hash_expire_seconds", &(keeper->hash_expire_seconds), 5*60); diff --git a/platform/src/proxy.cpp b/platform/src/proxy.cpp index 14b2910..cef1479 100644 --- a/platform/src/proxy.cpp +++ b/platform/src/proxy.cpp @@ -302,7 +302,7 @@ int tfe_stat_init(struct tfe_proxy * proxy, const char * profile) int main(int argc, char * argv[]) { - const char * main_profile = "./conf/tfe.conf"; + const char * main_profile = "./conf/tfe/tfe.conf"; unsigned int __log_level = RLOG_LV_INFO; MESA_load_profile_uint_def(main_profile, "log", "level", &__log_level, RLOG_LV_INFO); diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index 33b18ee..e4ad72b 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -570,7 +570,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"); MESA_load_profile_string_def(ini_profile, section, "trusted_cert_dir", mgr->trusted_cert_dir, sizeof(mgr->trusted_cert_dir), - "./conf/trusted_storage"); + "./resource/tfe/trusted_storage"); MESA_load_profile_uint_def(ini_profile, section, "check_cert_crl", &(mgr->cert_verify_param.check_crl), 0); mgr->trust_CA_store = ssl_trusted_cert_storage_create(mgr->trusted_cert_file, mgr->trusted_cert_dir, &(mgr->cert_verify_param)); @@ -597,9 +597,6 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section mgr->fs_handle=tfe_proxy_get_fs_handle(); ssl_stat_init(mgr); - - - return mgr; error_out: diff --git a/plugin/business/decrypt-mirroring/src/decrypt_mirror_plugin.cpp b/plugin/business/decrypt-mirroring/src/decrypt_mirror_plugin.cpp index afe5743..7cb2200 100644 --- a/plugin/business/decrypt-mirroring/src/decrypt_mirror_plugin.cpp +++ b/plugin/business/decrypt-mirroring/src/decrypt_mirror_plugin.cpp @@ -5,7 +5,7 @@ int decrypt_mirror_init(struct tfe_proxy * proxy) { - const char* filepath="./conf/decrypt_mirror.conf"; + const char* filepath="./conf/tfe/decrypt_mirror.conf"; int thread_num=2, ret=0;//todo: aquire from proxy; ret=mirror_stream_init(thread_num, filepath); // assert(ret==0); diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp index f2aa2b4..ca3d9ee 100644 --- a/plugin/business/pangu-http/src/pangu_http.cpp +++ b/plugin/business/pangu-http/src/pangu_http.cpp @@ -312,7 +312,7 @@ void trusted_CA_update_finish_cb(void* u_para) int pangu_http_init(struct tfe_proxy * proxy) { - const char * profile = "./pangu_conf/pangu_pxy.conf"; + const char * profile = "./conf/pangu/pangu_pxy.conf"; const char * logfile = "./log/pangu_pxy.log"; int table_id=0; @@ -345,7 +345,6 @@ int pangu_http_init(struct tfe_proxy * proxy) table_name[PXY_CTRL_HTTP_RES_BODY] = "PXY_CTRL_HTTP_RES_BODY"; for (int i = 0; i < __SCAN_TABLE_MAX; i++) { - g_pangu_rt->scan_table_id[i] = Maat_table_register(g_pangu_rt->maat, table_name[i]); if (g_pangu_rt->scan_table_id[i] < 0) { @@ -357,15 +356,15 @@ int pangu_http_init(struct tfe_proxy * proxy) char page_path[256]; memset(page_path, 0, sizeof(page_path)); MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path, sizeof(page_path), - "./pangu_conf/template/HTTP403.html"); + "./resource/pangu/HTTP403.html"); g_pangu_rt->tpl_403 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); memset(page_path, 0, sizeof(page_path)); MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path, sizeof(page_path), - "./pangu_conf/template/HTTP404.html"); + "./resource/pangu/template/HTTP404.html"); g_pangu_rt->tpl_404 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); memset(page_path, 0, sizeof(page_path)); MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path, sizeof(page_path), - "./pangu_conf/template/HTTP451.html"); + "./resource/pangu/template/HTTP451.html"); g_pangu_rt->tpl_451 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); MESA_load_profile_int_def(profile, "TANGO_CACHE", "enable_cache", &(g_pangu_rt->cache_enabled), 1);