增加MRZCPD在firewall容器中的集成。
This commit is contained in:
Lu Qiuwen
@@ -1,34 +1,23 @@
|
||||
[device]
|
||||
device=eth0,vxlan_user,vxlan_fwd
|
||||
sz_tunnel=8192
|
||||
sz_buffer=0
|
||||
|
||||
[device:eth0]
|
||||
jumbo_frame=1
|
||||
max_rx_pkt_len=15360
|
||||
clear_tx_flags=1
|
||||
promisc=1
|
||||
device=virtio_user0
|
||||
virtio_user=virtio_user0
|
||||
|
||||
[service]
|
||||
# lcore id for i/o service, use comma to split
|
||||
iocore=46,47
|
||||
iocore=1,2,3,4
|
||||
distmode=2
|
||||
hashmode=0
|
||||
|
||||
[eal]
|
||||
virtaddr=0x7f40c4a00000
|
||||
loglevel=7
|
||||
no-pci=1
|
||||
|
||||
[keepalive]
|
||||
check_spinlock=0
|
||||
|
||||
[ctrlzone]
|
||||
ctrlzone0=tunnat,64
|
||||
check_spinlock=1
|
||||
|
||||
[pool]
|
||||
create_mode=3
|
||||
sz_direct_pktmbuf=4194304
|
||||
sz_direct_pktmbuf=65536
|
||||
sz_indirect_pktmbuf=8192
|
||||
sz_cache=256
|
||||
sz_data=4096
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ instance_name = "sapp_v4.0"
|
||||
[CPU]
|
||||
worker_threads=4
|
||||
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
|
||||
bind_mask=[1,2,3,4]
|
||||
bind_mask=[5,6,7,8]
|
||||
[MEM]
|
||||
dictator_enable=1
|
||||
|
||||
@@ -23,12 +23,12 @@ dictator_enable=1
|
||||
#inject_mode_inline_device_sport=54789
|
||||
### note, depolyment.mode options: [mirror, inline, transparent, dumpfile]
|
||||
[packet_io.depolyment]
|
||||
mode=mirror
|
||||
mode=inline
|
||||
|
||||
### note, interface.type options: [pag,pcap,marsio]
|
||||
[packet_io.internal.interface]
|
||||
type=pcap
|
||||
name=eth0
|
||||
type=marsio
|
||||
name=virtio_user0
|
||||
|
||||
[packet_io.external.interface]
|
||||
type=pcap
|
||||
|
||||
@@ -4,13 +4,13 @@ services:
|
||||
build:
|
||||
context: ./dockerfile/firewall
|
||||
dockerfile: Dockerfile
|
||||
image: "centos7:firewallInstalled"
|
||||
container_name: "firewall"
|
||||
image: "tsg-firewall-v21.03"
|
||||
container_name: "tsg-container-firewall-v21.03"
|
||||
security_opt:
|
||||
- seccomp:unconfined
|
||||
volumes:
|
||||
- ./config/mrzcpd/etc/mrapp.sapp4.conf:/opt/mrzcpd/etc/mrapp.sapp4.conf
|
||||
- ./config/mrzcpd/etc/mrapm.conf:/opt/mrzcpd/etc/mrapm.conf
|
||||
- /dev/hugepages:/dev/hugepages
|
||||
- /tmp/vhost_tsg_container_firewall:/run/usvhost/
|
||||
- ./config/mrzcpd/etc/mrglobal.conf:/opt/mrzcpd/etc/mrglobal.conf
|
||||
- ./config/sapp_run/etc/sapp.toml:/home/mesasoft/sapp_run/etc/sapp.toml
|
||||
- ./config/sapp_run/etc/sapp_log.conf:/home/mesasoft/sapp_run/etc/sapp_log.conf
|
||||
|
||||
@@ -1,9 +1,22 @@
|
||||
FROM docker.io/centos:7
|
||||
|
||||
COPY mrzcpd-debug-4.3.30.cee158a-1.el7.x86_64.rpm /run/
|
||||
COPY mrzcpd-debug-debuginfo-4.3.30.cee158a-1.el7.x86_64.rpm /run/
|
||||
|
||||
COPY MESA-Framework.repo /etc/yum.repos.d/
|
||||
COPY framework.conf aws.conf /etc/ld.so.conf.d/
|
||||
#COPY aws.conf /etc/ld.so.conf.d/
|
||||
COPY supervisord.conf /etc/
|
||||
COPY usvhost_create.sh /tmp/
|
||||
|
||||
RUN sed -e 's|^mirrorlist=|#mirrorlist=|g' \
|
||||
-e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
|
||||
-i.bak /etc/yum.repos.d/CentOS-*.repo
|
||||
|
||||
RUN yum install libpcap numactl systemd-libs -y && \
|
||||
yum localinstall -y /run/mrzcpd-debug-4.3.30.cee158a-1.el7.x86_64.rpm && \
|
||||
yum localinstall -y /run/mrzcpd-debug-debuginfo-4.3.30.cee158a-1.el7.x86_64.rpm
|
||||
|
||||
RUN mkdir -p /var/run/mrzcpd/
|
||||
|
||||
RUN yum makecache \
|
||||
&& yum install -y \
|
||||
@@ -22,7 +35,6 @@ RUN yum makecache \
|
||||
libWiredLB \
|
||||
lz4 \
|
||||
libbreakpad_mini \
|
||||
mrzcpd \
|
||||
sapp \
|
||||
tcpdump_mesa \
|
||||
tsg_master \
|
||||
|
||||
BIN
dockerfile/firewall/mrzcpd-debug-4.3.30.cee158a-1.el7.x86_64.rpm
Normal file
BIN
dockerfile/firewall/mrzcpd-debug-4.3.30.cee158a-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
@@ -147,9 +147,23 @@ serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
|
||||
;[include]
|
||||
;files = relative/directory/*.ini
|
||||
|
||||
[program:usvhost0]
|
||||
command=/bin/bash -ex /tmp/usvhost_create.sh
|
||||
priority=300
|
||||
user=root
|
||||
redirect_stderr=true
|
||||
|
||||
[program:mrzcpd]
|
||||
command=/opt/mrzcpd/bin/mrzcpd -c /opt/mrzcpd/etc/mrglobal.conf
|
||||
autostart=true
|
||||
priority=400
|
||||
user=root
|
||||
redirect_stderr=true
|
||||
|
||||
[program:sapp]
|
||||
command=/home/mesasoft/sapp_run/sapp
|
||||
autostart=true
|
||||
directory=/home/mesasoft/sapp_run
|
||||
stdout_logfile=/tmp/sapp_stdout.log
|
||||
stderr_logfile=/tmp/sapp_stderr.log
|
||||
priority=401
|
||||
user=root
|
||||
redirect_stderr=true
|
||||
|
||||
5
dockerfile/firewall/usvhost_create.sh
Executable file
5
dockerfile/firewall/usvhost_create.sh
Executable file
@@ -0,0 +1,5 @@
|
||||
#!/bin/bash -ex
|
||||
mkdir -p /run/usvhost
|
||||
python -c "import socket as s; sock = s.socket(s.AF_UNIX); sock.bind('/run/usvhost/usvhost0')"
|
||||
python -c "import socket as s; sock = s.socket(s.AF_UNIX); sock.bind('/run/usvhost/usvhost1')"
|
||||
exec tail -f /dev/null
|
||||
Reference in New Issue
Block a user