增加MRZCPD在firewall容器中的集成。
This commit is contained in:
Lu Qiuwen
@@ -1,34 +1,23 @@
|
|||||||
[device]
|
[device]
|
||||||
device=eth0,vxlan_user,vxlan_fwd
|
device=virtio_user0
|
||||||
sz_tunnel=8192
|
virtio_user=virtio_user0
|
||||||
sz_buffer=0
|
|
||||||
|
|
||||||
[device:eth0]
|
|
||||||
jumbo_frame=1
|
|
||||||
max_rx_pkt_len=15360
|
|
||||||
clear_tx_flags=1
|
|
||||||
promisc=1
|
|
||||||
|
|
||||||
[service]
|
[service]
|
||||||
# lcore id for i/o service, use comma to split
|
# lcore id for i/o service, use comma to split
|
||||||
iocore=46,47
|
iocore=1,2,3,4
|
||||||
distmode=2
|
distmode=2
|
||||||
hashmode=0
|
hashmode=0
|
||||||
|
|
||||||
[eal]
|
[eal]
|
||||||
virtaddr=0x7f40c4a00000
|
virtaddr=0x7f40c4a00000
|
||||||
loglevel=7
|
loglevel=7
|
||||||
|
no-pci=1
|
||||||
|
|
||||||
[keepalive]
|
[keepalive]
|
||||||
check_spinlock=0
|
check_spinlock=1
|
||||||
|
|
||||||
[ctrlzone]
|
|
||||||
ctrlzone0=tunnat,64
|
|
||||||
|
|
||||||
[pool]
|
[pool]
|
||||||
create_mode=3
|
create_mode=3
|
||||||
sz_direct_pktmbuf=4194304
|
sz_direct_pktmbuf=65536
|
||||||
sz_indirect_pktmbuf=8192
|
sz_indirect_pktmbuf=8192
|
||||||
sz_cache=256
|
sz_cache=256
|
||||||
sz_data=4096
|
|
||||||
|
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ instance_name = "sapp_v4.0"
|
|||||||
[CPU]
|
[CPU]
|
||||||
worker_threads=4
|
worker_threads=4
|
||||||
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
|
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
|
||||||
bind_mask=[1,2,3,4]
|
bind_mask=[5,6,7,8]
|
||||||
[MEM]
|
[MEM]
|
||||||
dictator_enable=1
|
dictator_enable=1
|
||||||
|
|
||||||
@@ -23,12 +23,12 @@ dictator_enable=1
|
|||||||
#inject_mode_inline_device_sport=54789
|
#inject_mode_inline_device_sport=54789
|
||||||
### note, depolyment.mode options: [mirror, inline, transparent, dumpfile]
|
### note, depolyment.mode options: [mirror, inline, transparent, dumpfile]
|
||||||
[packet_io.depolyment]
|
[packet_io.depolyment]
|
||||||
mode=mirror
|
mode=inline
|
||||||
|
|
||||||
### note, interface.type options: [pag,pcap,marsio]
|
### note, interface.type options: [pag,pcap,marsio]
|
||||||
[packet_io.internal.interface]
|
[packet_io.internal.interface]
|
||||||
type=pcap
|
type=marsio
|
||||||
name=eth0
|
name=virtio_user0
|
||||||
|
|
||||||
[packet_io.external.interface]
|
[packet_io.external.interface]
|
||||||
type=pcap
|
type=pcap
|
||||||
|
|||||||
@@ -4,13 +4,13 @@ services:
|
|||||||
build:
|
build:
|
||||||
context: ./dockerfile/firewall
|
context: ./dockerfile/firewall
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
image: "centos7:firewallInstalled"
|
image: "tsg-firewall-v21.03"
|
||||||
container_name: "firewall"
|
container_name: "tsg-container-firewall-v21.03"
|
||||||
security_opt:
|
security_opt:
|
||||||
- seccomp:unconfined
|
- seccomp:unconfined
|
||||||
volumes:
|
volumes:
|
||||||
- ./config/mrzcpd/etc/mrapp.sapp4.conf:/opt/mrzcpd/etc/mrapp.sapp4.conf
|
- /dev/hugepages:/dev/hugepages
|
||||||
- ./config/mrzcpd/etc/mrapm.conf:/opt/mrzcpd/etc/mrapm.conf
|
- /tmp/vhost_tsg_container_firewall:/run/usvhost/
|
||||||
- ./config/mrzcpd/etc/mrglobal.conf:/opt/mrzcpd/etc/mrglobal.conf
|
- ./config/mrzcpd/etc/mrglobal.conf:/opt/mrzcpd/etc/mrglobal.conf
|
||||||
- ./config/sapp_run/etc/sapp.toml:/home/mesasoft/sapp_run/etc/sapp.toml
|
- ./config/sapp_run/etc/sapp.toml:/home/mesasoft/sapp_run/etc/sapp.toml
|
||||||
- ./config/sapp_run/etc/sapp_log.conf:/home/mesasoft/sapp_run/etc/sapp_log.conf
|
- ./config/sapp_run/etc/sapp_log.conf:/home/mesasoft/sapp_run/etc/sapp_log.conf
|
||||||
|
|||||||
@@ -1,9 +1,22 @@
|
|||||||
FROM docker.io/centos:7
|
FROM docker.io/centos:7
|
||||||
|
|
||||||
|
COPY mrzcpd-debug-4.3.30.cee158a-1.el7.x86_64.rpm /run/
|
||||||
|
COPY mrzcpd-debug-debuginfo-4.3.30.cee158a-1.el7.x86_64.rpm /run/
|
||||||
|
|
||||||
COPY MESA-Framework.repo /etc/yum.repos.d/
|
COPY MESA-Framework.repo /etc/yum.repos.d/
|
||||||
COPY framework.conf aws.conf /etc/ld.so.conf.d/
|
COPY framework.conf aws.conf /etc/ld.so.conf.d/
|
||||||
#COPY aws.conf /etc/ld.so.conf.d/
|
|
||||||
COPY supervisord.conf /etc/
|
COPY supervisord.conf /etc/
|
||||||
|
COPY usvhost_create.sh /tmp/
|
||||||
|
|
||||||
|
RUN sed -e 's|^mirrorlist=|#mirrorlist=|g' \
|
||||||
|
-e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
|
||||||
|
-i.bak /etc/yum.repos.d/CentOS-*.repo
|
||||||
|
|
||||||
|
RUN yum install libpcap numactl systemd-libs -y && \
|
||||||
|
yum localinstall -y /run/mrzcpd-debug-4.3.30.cee158a-1.el7.x86_64.rpm && \
|
||||||
|
yum localinstall -y /run/mrzcpd-debug-debuginfo-4.3.30.cee158a-1.el7.x86_64.rpm
|
||||||
|
|
||||||
|
RUN mkdir -p /var/run/mrzcpd/
|
||||||
|
|
||||||
RUN yum makecache \
|
RUN yum makecache \
|
||||||
&& yum install -y \
|
&& yum install -y \
|
||||||
@@ -22,7 +35,6 @@ RUN yum makecache \
|
|||||||
libWiredLB \
|
libWiredLB \
|
||||||
lz4 \
|
lz4 \
|
||||||
libbreakpad_mini \
|
libbreakpad_mini \
|
||||||
mrzcpd \
|
|
||||||
sapp \
|
sapp \
|
||||||
tcpdump_mesa \
|
tcpdump_mesa \
|
||||||
tsg_master \
|
tsg_master \
|
||||||
|
|||||||
BIN
dockerfile/firewall/mrzcpd-debug-4.3.30.cee158a-1.el7.x86_64.rpm
Normal file
BIN
dockerfile/firewall/mrzcpd-debug-4.3.30.cee158a-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
@@ -147,9 +147,23 @@ serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
|
|||||||
;[include]
|
;[include]
|
||||||
;files = relative/directory/*.ini
|
;files = relative/directory/*.ini
|
||||||
|
|
||||||
|
[program:usvhost0]
|
||||||
|
command=/bin/bash -ex /tmp/usvhost_create.sh
|
||||||
|
priority=300
|
||||||
|
user=root
|
||||||
|
redirect_stderr=true
|
||||||
|
|
||||||
|
[program:mrzcpd]
|
||||||
|
command=/opt/mrzcpd/bin/mrzcpd -c /opt/mrzcpd/etc/mrglobal.conf
|
||||||
|
autostart=true
|
||||||
|
priority=400
|
||||||
|
user=root
|
||||||
|
redirect_stderr=true
|
||||||
|
|
||||||
[program:sapp]
|
[program:sapp]
|
||||||
command=/home/mesasoft/sapp_run/sapp
|
command=/home/mesasoft/sapp_run/sapp
|
||||||
autostart=true
|
autostart=true
|
||||||
directory=/home/mesasoft/sapp_run
|
directory=/home/mesasoft/sapp_run
|
||||||
stdout_logfile=/tmp/sapp_stdout.log
|
priority=401
|
||||||
stderr_logfile=/tmp/sapp_stderr.log
|
user=root
|
||||||
|
redirect_stderr=true
|
||||||
|
|||||||
5
dockerfile/firewall/usvhost_create.sh
Executable file
5
dockerfile/firewall/usvhost_create.sh
Executable file
@@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash -ex
|
||||||
|
mkdir -p /run/usvhost
|
||||||
|
python -c "import socket as s; sock = s.socket(s.AF_UNIX); sock.bind('/run/usvhost/usvhost0')"
|
||||||
|
python -c "import socket as s; sock = s.socket(s.AF_UNIX); sock.bind('/run/usvhost/usvhost1')"
|
||||||
|
exec tail -f /dev/null
|
||||||
Reference in New Issue
Block a user