From 103ba64265c2b0363460ae5d6a51c5a88f26a999 Mon Sep 17 00:00:00 2001 From: Lu Qiuwen Date: Wed, 10 Mar 2021 16:14:15 +0800 Subject: [PATCH] yInitial commit --- config/framework/framework.conf | 1 + config/mrzcpd/etc/mrapm.conf | 4 + config/mrzcpd/etc/mrapp.sapp4.conf | 2 + config/mrzcpd/etc/mrglobal.conf | 34 ++++++ config/mrzcpd/mrzcpd | 3 + docker-compose.yml | 28 +++++ dockerfile/sapp/Dockerfile | 63 +++++++++++ dockerfile/sapp/MESA-Framework.repo | 56 ++++++++++ dockerfile/sapp/framework.conf | 1 + dockerfile/sapp/supervisord.conf | 155 ++++++++++++++++++++++++++++ dockerfile/tfe/Dockerfile | 39 +++++++ dockerfile/tfe/MESA-Framework.repo | 56 ++++++++++ 12 files changed, 442 insertions(+) create mode 100644 config/framework/framework.conf create mode 100644 config/mrzcpd/etc/mrapm.conf create mode 100644 config/mrzcpd/etc/mrapp.sapp4.conf create mode 100644 config/mrzcpd/etc/mrglobal.conf create mode 100644 config/mrzcpd/mrzcpd create mode 100644 docker-compose.yml create mode 100644 dockerfile/sapp/Dockerfile create mode 100644 dockerfile/sapp/MESA-Framework.repo create mode 100644 dockerfile/sapp/framework.conf create mode 100644 dockerfile/sapp/supervisord.conf create mode 100644 dockerfile/tfe/Dockerfile create mode 100644 dockerfile/tfe/MESA-Framework.repo diff --git a/config/framework/framework.conf b/config/framework/framework.conf new file mode 100644 index 0000000..28152a9 --- /dev/null +++ b/config/framework/framework.conf @@ -0,0 +1 @@ +/opt/MESA/lib/ diff --git a/config/mrzcpd/etc/mrapm.conf b/config/mrzcpd/etc/mrapm.conf new file mode 100644 index 0000000..d4ae4f1 --- /dev/null +++ b/config/mrzcpd/etc/mrapm.conf @@ -0,0 +1,4 @@ +[sendlog_apm] +apm_device_server=udp://127.0.0.1:8100 +apm_stream_server=udp://127.0.0.1:8100 +apm_send_interval=15 \ No newline at end of file diff --git a/config/mrzcpd/etc/mrapp.sapp4.conf b/config/mrzcpd/etc/mrapp.sapp4.conf new file mode 100644 index 0000000..2dbbe6c --- /dev/null +++ b/config/mrzcpd/etc/mrapp.sapp4.conf @@ -0,0 +1,2 @@ +[bpfdump:vxlan_user] +enable=0 diff --git a/config/mrzcpd/etc/mrglobal.conf b/config/mrzcpd/etc/mrglobal.conf new file mode 100644 index 0000000..75b3599 --- /dev/null +++ b/config/mrzcpd/etc/mrglobal.conf @@ -0,0 +1,34 @@ +[device] +device=eth0,vxlan_user,vxlan_fwd +sz_tunnel=8192 +sz_buffer=0 + +[device:eth0] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[service] +# lcore id for i/o service, use comma to split +iocore=46,47 +distmode=2 +hashmode=0 + +[eal] +virtaddr=0x7f40c4a00000 +loglevel=7 + +[keepalive] +check_spinlock=0 + +[ctrlzone] +ctrlzone0=tunnat,64 + +[pool] +create_mode=3 +sz_direct_pktmbuf=4194304 +sz_indirect_pktmbuf=8192 +sz_cache=256 +sz_data=4096 + diff --git a/config/mrzcpd/mrzcpd b/config/mrzcpd/mrzcpd new file mode 100644 index 0000000..ef7fc2f --- /dev/null +++ b/config/mrzcpd/mrzcpd @@ -0,0 +1,3 @@ +MRZCPD_ROOT=/opt/mrzcpd +HUGEPAGE_NUM_2M=16384 +DEFAULT_UIO_MODULE="igb_uio" \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..dff68bf --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,28 @@ +version: '2.2' +services: + badssl_server: + image: "centos7:sappInstalled" + container_name: "sapp" +# security_opt: +# - seccomp:unconfined + privileged: true + volumes: + - ./config/mrzcpd/etc/mrapp.sapp4.conf:/opt/mrzcpd/etc/mrapp.sapp4.conf + - ./config/mrzcpd/etc/mrapm.conf:/opt/mrzcpd/etc/mrapm.conf + - ./config/mrzcpd/etc/mrglobal.conf:/opt/mrzcpd/etc/mrglobal.conf +# - ./config/etc/tmpfiles.d/sapp_tmpfile.conf:/etc/tmpfiles.d/sapp_tmpfile.conf + - ./config/sapp_run/etc/sapp.toml:/home/mesasoft/sapp_run/etc/sapp.toml + - ./config/sapp_run/etc/project_list.conf:/home/mesasoft/sapp_run/etc/project_list.conf + - ./config/sapp_run/etc/sapp_log.conf:/home/mesasoft/sapp_run/etc/sapp_log.conf:rw + - ./config/sapp_run/etc/kni/kni.conf:/home/mesasoft/sapp_run/etc/kni/kni.conf + - ./config/sapp_run/tsgconf/main.conf:/home/mesasoft/sapp_run/tsgconf/main.conf + - ./config/sapp_run/tsgconf/maat.conf:/home/mesasoft/sapp_run/tsgconf/maat.conf + - ./config/sapp_run/conf/capture_packet_plug.conf:/home/mesasoft/sapp_run/conf/capture_packet_plug.conf + - ./config/sapp_run/tsgconf/app_l7_proto_id.conf:/home/mesasoft/sapp_run/tsgconf/app_l7_proto_id.conf + - ./config/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf:/home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf + - ./config/sapp_run/plug/conflist.inf:/home/mesasoft/sapp_run/plug/conflist.inf + - ./config/sapp_run/etc/entrylist.conf:/home/mesasoft/sapp_run/etc/entrylist.conf +# - ./config/framework/framework.conf:/etc/ld.so.conf.d/framework.conf + - /etc/localtime:/etc/localtime:ro +# command: > +# bash -c "ldconfig && tail -f /dev/null" diff --git a/dockerfile/sapp/Dockerfile b/dockerfile/sapp/Dockerfile new file mode 100644 index 0000000..091571e --- /dev/null +++ b/dockerfile/sapp/Dockerfile @@ -0,0 +1,63 @@ +FROM centos:7 + +COPY MESA-Framework.repo /etc/yum.repos.d/ +COPY framework.conf /etc/ld.so.conf.d/ +COPY supervisord.conf /etc/ + +RUN yum makecache && yum install -y \ + libcjson \ + libdocumentanalyze \ + libmaatframe \ + libMESA_field_stat \ + libMESA_field_stat2 \ + libMESA_handle_logger \ + libMESA_htable\ + libMESA_prof_load \ + librdkafka \ + librulescan \ + libtsglua \ + libwiredcfg \ + libWiredLB \ + lz4 \ + libbreakpad_mini \ + mrzcpd \ + sapp \ + tcpdump_mesa \ + tsg_master \ + kni \ + capture_packet_plug \ + conn_telemetry \ + dns \ + ftp \ + fw_dns_plug \ + #fw_ftp_plug \ + fw_http_plug \ + fw_mail_plug \ + fw_quic_plug \ + fw_ssl_plug \ + http \ + mail \ + quic \ + ssl \ + tsg_conn_sketch \ + app_control_plug \ + tcpdump \ + net-tools \ + vim + +RUN yum install -y fw_ftp_plug \ + epel-release \ + python3 \ + gdb \ + numactl \ + && pip3 install supervisor \ + && yum clean all \ + && ldconfig + +RUN yum install -y strace + + +WORKDIR /home/mesasoft/sapp_run/ +ENTRYPOINT ["/usr/local/bin/supervisord" ,"-n","-c", "/etc/supervisord.conf"] + +#CMD tail -f /dev/null diff --git a/dockerfile/sapp/MESA-Framework.repo b/dockerfile/sapp/MESA-Framework.repo new file mode 100644 index 0000000..b74d481 --- /dev/null +++ b/dockerfile/sapp/MESA-Framework.repo @@ -0,0 +1,56 @@ +# CentOS-Base.repo +# +# The mirror system uses the connecting IP address of the client and the +# update status of each mirror to pick mirrors that are updated to and +# geographically close to the client. You should use this for CentOS updates +# unless you are manually picking other mirrors. +# +# If the mirrorlist= does not work for you, as a fall back you can try the +# remarked out baseurl= line instead. +# +# + +#[MESA_framework] +#name=MESA_framework +#baseurl=ftp://192.168.41.182/pub/framework +#gpgcheck=0 + +[framework] +name=framework +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/framework/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo + +[platform] +name=platform +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/platform/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo + +[protocol] +name=protocol +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/protocol/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo + +[tsg] +name=tsg +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/tsg/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo + +[AppSketch] +name=AppSketch +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/AppSketch/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo diff --git a/dockerfile/sapp/framework.conf b/dockerfile/sapp/framework.conf new file mode 100644 index 0000000..28152a9 --- /dev/null +++ b/dockerfile/sapp/framework.conf @@ -0,0 +1 @@ +/opt/MESA/lib/ diff --git a/dockerfile/sapp/supervisord.conf b/dockerfile/sapp/supervisord.conf new file mode 100644 index 0000000..56e1e1c --- /dev/null +++ b/dockerfile/sapp/supervisord.conf @@ -0,0 +1,155 @@ +; Sample supervisor config file. +; +; For more information on the config file, please see: +; http://supervisord.org/configuration.html +; +; Notes: +; - Shell expansion ("~" or "$HOME") is not supported. Environment +; variables can be expanded using this syntax: "%(ENV_HOME)s". +; - Quotes around values are not supported, except in the case of +; the environment= options as shown below. +; - Comments must have a leading space: "a=b ;comment" not "a=b;comment". +; - Command will be truncated if it looks like a config file comment, e.g. +; "command=bash -c 'foo ; bar'" will truncate to "command=bash -c 'foo ". + +[unix_http_server] +file=/tmp/supervisor.sock ; the path to the socket file +;chmod=0700 ; socket file mode (default 0700) +;chown=nobody:nogroup ; socket file uid:gid owner +;username=user ; default is no username (open server) +;password=123 ; default is no password (open server) + +;[inet_http_server] ; inet (TCP) server disabled by default +;port=127.0.0.1:9001 ; ip_address:port specifier, *:port for all iface +;username=user ; default is no username (open server) +;password=123 ; default is no password (open server) + +[supervisord] +logfile=/tmp/supervisord.log ; main log file; default $CWD/supervisord.log +logfile_maxbytes=50MB ; max main logfile bytes b4 rotation; default 50MB +logfile_backups=10 ; # of main logfile backups; 0 means none, default 10 +loglevel=info ; log level; default info; others: debug,warn,trace +pidfile=/tmp/supervisord.pid ; supervisord pidfile; default supervisord.pid +nodaemon=false ; start in foreground if true; default false +minfds=1024 ; min. avail startup file descriptors; default 1024 +minprocs=200 ; min. avail process descriptors;default 200 +;umask=022 ; process file creation umask; default 022 +;user=supervisord ; setuid to this UNIX account at startup; recommended if root +;identifier=supervisor ; supervisord identifier, default is 'supervisor' +;directory=/tmp ; default is not to cd during start +;nocleanup=true ; don't clean up tempfiles at start; default false +;childlogdir=/tmp ; 'AUTO' child log dir, default $TEMP +;environment=KEY="value" ; key value pairs to add to environment +;strip_ansi=false ; strip ansi escape codes in logs; def. false + +; The rpcinterface:supervisor section must remain in the config file for +; RPC (supervisorctl/web interface) to work. Additional interfaces may be +; added by defining them in separate [rpcinterface:x] sections. + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +; The supervisorctl section configures how supervisorctl will connect to +; supervisord. configure it match the settings in either the unix_http_server +; or inet_http_server section. + +[supervisorctl] +serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket +;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket +;username=chris ; should be same as in [*_http_server] if set +;password=123 ; should be same as in [*_http_server] if set +;prompt=mysupervisor ; cmd line prompt (default "supervisor") +;history_file=~/.sc_history ; use readline history if available + +; The sample program section below shows all possible program subsection values. +; Create one or more 'real' program: sections to be able to control them under +; supervisor. + +;[program:theprogramname] +;command=/bin/cat ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=999 ; the relative start priority (default 999) +;autostart=true ; start at supervisord start (default: true) +;startsecs=1 ; # of secs prog must stay up to be running (def. 1) +;startretries=3 ; max # of serial start failures when starting (default 3) +;autorestart=unexpected ; when to restart if exited after running (def: unexpected) +;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;stopasgroup=false ; send stop signal to the UNIX process group (default false) +;killasgroup=false ; SIGKILL the UNIX process group (def false) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) +;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) +;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A="1",B="2" ; process environment additions (def no adds) +;serverurl=AUTO ; override serverurl computation (childutils) + +; The sample eventlistener section below shows all possible eventlistener +; subsection values. Create one or more 'real' eventlistener: sections to be +; able to handle event notifications sent by supervisord. + +;[eventlistener:theeventlistenername] +;command=/bin/eventlistener ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;events=EVENT ; event notif. types to subscribe to (req'd) +;buffer_size=10 ; event buffer queue size (default 10) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=-1 ; the relative start priority (default -1) +;autostart=true ; start at supervisord start (default: true) +;startsecs=1 ; # of secs prog must stay up to be running (def. 1) +;startretries=3 ; max # of serial start failures when starting (default 3) +;autorestart=unexpected ; autorestart if exited after running (def: unexpected) +;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;stopasgroup=false ; send stop signal to the UNIX process group (default false) +;killasgroup=false ; SIGKILL the UNIX process group (def false) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=false ; redirect_stderr=true is not allowed for eventlisteners +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A="1",B="2" ; process environment additions +;serverurl=AUTO ; override serverurl computation (childutils) + +; The sample group section below shows all possible group values. Create one +; or more 'real' group: sections to create "heterogeneous" process groups. + +;[group:thegroupname] +;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions +;priority=999 ; the relative start priority (default 999) + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +;[include] +;files = relative/directory/*.ini + +[program:sapp] +command=/home/mesasoft/sapp_run/sapp +autostart=true +directory=/home/mesasoft/sapp_run +stdout_logfile=/tmp/sapp_stdout.log +stderr_logfile=/tmp/sapp_stderr.log diff --git a/dockerfile/tfe/Dockerfile b/dockerfile/tfe/Dockerfile new file mode 100644 index 0000000..3bba4df --- /dev/null +++ b/dockerfile/tfe/Dockerfile @@ -0,0 +1,39 @@ +FROM centos:7 + +COPY MESA-Framework.repo /etc/yum.repos.d/ + +RUN yum makecache && yum install -y \ + libcjson \ + libdocumentanalyze \ + libmaatframe \ + libMESA_field_stat \ + libMESA_field_stat2 \ + libMESA_handle_logger \ + libMESA_htable\ + libMESA_prof_load \ + librdkafka \ + librulescan \ + libtsglua \ + libwiredcfg \ + libWiredLB \ + lz4 \ + libbreakpad_mini \ + mrzcpd \ + tfe + +RUN yum install -y \ + epel-release \ + python3 \ + gdb \ + numactl \ + tcpdump \ + net-tools \ + vim \ + && pip3 install supervisor \ + && yum clean all + +CMD tail -f /dev/null + + +#ENTRYPOINT ["cat","/root/test.txt"] + diff --git a/dockerfile/tfe/MESA-Framework.repo b/dockerfile/tfe/MESA-Framework.repo new file mode 100644 index 0000000..b74d481 --- /dev/null +++ b/dockerfile/tfe/MESA-Framework.repo @@ -0,0 +1,56 @@ +# CentOS-Base.repo +# +# The mirror system uses the connecting IP address of the client and the +# update status of each mirror to pick mirrors that are updated to and +# geographically close to the client. You should use this for CentOS updates +# unless you are manually picking other mirrors. +# +# If the mirrorlist= does not work for you, as a fall back you can try the +# remarked out baseurl= line instead. +# +# + +#[MESA_framework] +#name=MESA_framework +#baseurl=ftp://192.168.41.182/pub/framework +#gpgcheck=0 + +[framework] +name=framework +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/framework/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo + +[platform] +name=platform +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/platform/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo + +[protocol] +name=protocol +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/protocol/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo + +[tsg] +name=tsg +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/tsg/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo + +[AppSketch] +name=AppSketch +baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/AppSketch/ +enabled=1 +gpgcheck=0 +username=liuxueli +password=LXL@repo