gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature: delete 7400 build code.

Browse Source
This commit is contained in:
fumingwei
2024-10-21 11:41:04 +08:00
parent 5d0e7529a4
commit 0d211d715d
73 changed files with 0 additions and 4882 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
.gitlab-ci.yml
View File

@@ -1,7 +1,6 @@
#image: "git.mesalab.cn:7443/mesa_platform/build-env:master"
variables:
GIT_STRATEGY: "clone"
BUILD_BASED_IMAGE_CENTOS7: "git.mesalab.cn:7443/mesa_platform/build-env:master"
BUILD_BASED_IMAGE_ROCKYLINUX8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux-dindind"
GIT_DEPTH: 1
@@ -11,18 +10,6 @@ stages:
- deploy
- notify
.build_tsg-buildimage:
script:
- env | sort
- sed -i 's+https://download.docker.com+https://mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
- yum -y install pbzip2 ansible
- make DALIY_BUILD_VERSION=$DALIY_BUILD_VERSION
- chmod +x ./tools/upload.sh
- ./tools/upload.sh
tags:
- tsg-os-installer
resource_group: global
.build_onie_bin_x86_64_COTS:
script:
- env | sort
@@ -94,32 +81,6 @@ stages:
- tsg-os-builder-el8
resource_group: global
# feature_branch_build_7400_mcn0:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN0P01R01
# DALIY_BUILD_VERSION: 1
# except:
# - tags
# - /^dev-.*$/i
# - /^rel-.*$/i
# - /^update-.*$/i
# feature_branch_build_7400_mcn123:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN123P01R01
# DALIY_BUILD_VERSION: 1
# except:
# - tags
# - /^dev-.*$/i
# - /^rel-.*$/i
# - /^update-.*$/i
feature_branch_build_container_images_x86_64_COTS:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
@@ -182,34 +143,6 @@ feature_branch_notify_jobs_done_x86_64_COTS:
- /^rel-.*$/i
- /^update-.*$/i
# develop_build_7400_mcn0:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN0P01R01
# UPLOAD_TO_FILE_REPO: 1
# PULP3_FILE_REPO_NAME: tsg-os-images-develop
# PULP3_FILE_DIST_NAME: tsg-os-images-develop
# DALIY_BUILD_VERSION: 1
# FILE_REPO_PATH: install/develop/tsg-os-images
# only:
# - /^dev-.*$/i
# develop_build_7400_mcn123:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN123P01R01
# UPLOAD_TO_FILE_REPO: 1
# PULP3_FILE_REPO_NAME: tsg-os-images-develop
# PULP3_FILE_DIST_NAME: tsg-os-images-develop
# DALIY_BUILD_VERSION: 1
# FILE_REPO_PATH: install/develop/tsg-os-images
# only:
# - /^dev-.*$/i
develop_build_container_images_x86_64_COTS:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
@@ -273,34 +206,6 @@ develop_notify_jobs_done_x86_64_COTS:
only:
- /^dev-.*$/i
# testing_build_7400_mcn0:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN0P01R01
# UPLOAD_TO_FILE_REPO: 1
# PULP3_FILE_REPO_NAME: tsg-os-images-testing
# PULP3_FILE_DIST_NAME: tsg-os-images-testing
# FILE_REPO_PATH: install/testing/tsg-os-images
# DALIY_BUILD_VERSION: 1
# only:
# - /^rel-.*$/i
# testing_build_7400_mcn123:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN123P01R01
# UPLOAD_TO_FILE_REPO: 1
# PULP3_FILE_REPO_NAME: tsg-os-images-testing
# PULP3_FILE_DIST_NAME: tsg-os-images-testing
# FILE_REPO_PATH: install/testing/tsg-os-images
# DALIY_BUILD_VERSION: 1
# only:
# - /^rel-.*$/i
testing_build_container_images_x86_64_COTS:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
@@ -366,34 +271,6 @@ testing_notify_jobs_done_x86_64_COTS:
only:
- /^rel-.*$/i
# rc_build_7400_mcn0:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN0P01R01
# UPLOAD_TO_FILE_REPO: 1
# DALIY_BUILD_VERSION: 0
# PULP3_FILE_REPO_NAME: tsg-os-images-rc
# PULP3_FILE_DIST_NAME: tsg-os-images-rc
# FILE_REPO_PATH: install/rc/tsg-os-images
# only:
# - /^.*-rc.*$/i
# rc_build_7400_mcn123:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN123P01R01
# UPLOAD_TO_FILE_REPO: 1
# DALIY_BUILD_VERSION: 0
# PULP3_FILE_REPO_NAME: tsg-os-images-rc
# PULP3_FILE_DIST_NAME: tsg-os-images-rc
# FILE_REPO_PATH: install/rc/tsg-os-images
# only:
# - /^.*-rc.*$/i
rc_build_container_images_x86_64_COTS:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
@@ -459,39 +336,6 @@ rc_notify_jobs_done_x86_64_COTS:
only:
- /^.*-rc.*$/i
# release_build_7400_mcn0:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN0P01R01
# UPLOAD_TO_FILE_REPO: 1
# DALIY_BUILD_VERSION: 0
# PULP3_FILE_REPO_NAME: tsg-os-images-release
# PULP3_FILE_DIST_NAME: tsg-os-images-release
# FILE_REPO_PATH: install/release/tsg-os-images
# only:
# - tags
# except:
# - /^.*-rc.*$/i
# release_build_7400_mcn123:
# image: $BUILD_BASED_IMAGE_CENTOS7
# stage: build
# extends: .build_tsg-buildimage
# variables:
# PROFILE_LIST: 7400MCN123P01R01
# UPLOAD_TO_FILE_REPO: 1
# DALIY_BUILD_VERSION: 0
# PULP3_FILE_REPO_NAME: tsg-os-images-release
# PULP3_FILE_DIST_NAME: tsg-os-images-release
# FILE_REPO_PATH: install/release/tsg-os-images
# only:
# - tags
# except:
# - /^.*-rc.*$/i
release_build_container_images_x86_64_COTS:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build

2
Makefile
View File

@@ -114,8 +114,6 @@ all: $(PROFILE_LIST)
$(Q) chmod 0755 $(TOOLSDIR)/*
$(Q) sed -i -e 's/PULP_REPO_USERNAME/$(PULP_REPO_USERNAME)/g' $(CONFDIR)/yum-RockyLinux-8.conf
$(Q) sed -i -e 's/PULP_REPO_PASSWORD/$(PULP_REPO_PASSWORD)/g' $(CONFDIR)/yum-RockyLinux-8.conf
$(Q) sed -i -e 's/PULP_REPO_USERNAME/$(PULP_REPO_USERNAME)/g' $(CONFDIR)/yum-CentOS-7.conf
$(Q) sed -i -e 's/PULP_REPO_PASSWORD/$(PULP_REPO_PASSWORD)/g' $(CONFDIR)/yum-CentOS-7.conf
$(Q) echo "=== Building $< $(OS_RELEASE_VER) ==="
$(Q) echo "=== Building chart version $< $(HELM_CHART_VER) ==="
$(Q) $(MAKE) -f make/Makefile.$< all

57
ansible/HAL_deploy.yml
View File

@@ -1,51 +1,3 @@
- hosts: 7400-MCN0-P01R01
remote_user: root
vars_files:
- install_config/group_vars/HAL_7400MCN0P01R01.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: coredump, tags: coredump}
- {role: system-init-7400-mcn0, tags: system-init-7400-mcn0}
- {role: tsg_device_tag, tags: tsg_device_tag}
- {role: tsg_sn, tags: tsg_sn}
- {role: docker, tags: docker}
- {role: framework, tags: framework}
- {role: mrzcpd, tags: mrzcpd}
- {role: sapp, tags: sapp}
- {role: kni, tags: kni}
- {role: firewall, tags: firewall}
- {role: http_healthcheck,tags: http_healthcheck}
- {role: redis, tags: redis}
- {role: maat-redis, tags: maat-redis}
- {role: certstore, tags: certstore}
- {role: telegraf, tags: telegraf}
- {role: sysctl, tags: sysctl}
- {role: exporter, tags: exporter}
- {role: tsg-diagnose, tags: tsg-diagnose}
- {role: system-init, tags: system-init}
- {role: consul, tags: consul}
- {role: hasp, tags: hasp}
- hosts: 7400-MCN123-P01R01
remote_user: root
vars_files:
- install_config/group_vars/HAL_7400MCN123P01R01.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: coredump, tags: coredump}
- {role: system-init-7400-mcn123, tags: system-init-7400-mcn123}
- {role: tsg_device_tag, tags: tsg_device_tag}
- {role: framework, tags: framework}
- {role: mrzcpd, tags: mrzcpd}
- {role: exporter, tags: exporter}
- {role: tsg_sn, tags: tsg_sn}
- {role: tfe, tags: tfe}
- {role: sysctl, tags: sysctl}
- {role: system-init, tags: system-init}
- {role: hasp, tags: hasp}
- hosts: x86_64_COTS
remote_user: root
vars_files:
@@ -53,7 +5,6 @@
- install_config/group_vars/rpm_version.yml
roles:
- {role: k3s-install, tags: k3s-install}
- {role: coredump, tags: coredump}
- {role: coredump-tools, tags: coredump-tools}
- {role: clixon, tags: clixon}
- {role: tsg-os-HAL, tags: tsg-os-HAL}
@@ -77,14 +28,6 @@
- {role: tsg-os-oobc, tags: tsg-os-oobc}
- {role: tsg-os-logfile-cleaner, tags: tsg-os-logfile-cleaner}
- hosts: x86_64_COTS-init
remote_user: root
vars_files:
- install_config/group_vars/HAL_x86_64_COTS.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: tsg_sn, tags: tsg_sn}
- hosts: x86_64_COTS-firewall
remote_user: root
vars_files:

59
ansible/install_config/group_vars/HAL_7400MCN0P01R01.yml
View File

@@ -1,59 +0,0 @@
# TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-7400 硬件平台
# variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "." 和
control_and_policy:
nic_name: eth_ctl
workload_zcpd:
cpu_affinity: 52,53,54,55
hugepage_num_1G: 32
workload_firewall:
cpu_affinity: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
worker_threads: 42
send_only_threads_max: 1
dp_steering_proxy:
###### location: value {local, foreign}
location: foreign
node_count: 3
node_list:
- id: 0
nic_name: eth_mcn1
addr: 192.168.100.2
- id: 1
nic_name: eth_mcn2
addr: 192.168.100.3
- id: 2
nic_name: eth_mcn3
addr: 192.168.100.4
nic_cmsg_and_watchdog: eth_pf.100
dp_traffic_mirror:
nic_name: eth_mirr_d
traffic_mirror_vlan_id: 0
dp_steering_firewall:
#deloyment value: mirror,inline, transparent. mirror = one arm + mirror, inline = one arm + series, transparent = two arm + series
deployment: inline
#encapsulation value: vlan, vxlan, raw, provision
encapsulation: provision
# capture_packet value: pcap, driver
capture_packet: driver
nic_internal: eth_raw
enable_mirror: 0
diagnose:
virtual_server_nic: eth_dign_s
virtual_client_nic: eth_dign_c
prefix_path:
mrzcpd: /opt/tsg/mrzcpd
framework: /opt/tsg/framework
sapp: /opt/tsg/sapp
monitor:
enable_redis_exporter: 1
enable_ipmi_exporter: 1
### TSG-7400-mcn0 TSG-7400-mcn123 TSG-9140
runtime_env: TSG-7400-mcn0

43
ansible/install_config/group_vars/HAL_7400MCN123P01R01.yml
View File

@@ -1,43 +0,0 @@
# TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-7400 硬件平台
# variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "." 和
control_and_policy:
nic_name: eth_ctl
workload_zcpd:
cpu_affinity: 53,54
hugepage_num_1G: 32
dp_traffic_mirror:
nic_name: eth_mirr_d
traffic_mirror_vlan_id: 0
prefix_path:
mrzcpd: /opt/tsg/mrzcpd
framework: /opt/tsg/framework
dp_steering_proxy:
###### location: value {local, foreign}
location: foreign
node_list:
- nic_name: eth_vf_kni
workload_proxy:
enable_cpu_affinity: 0
cpu_affinity: 1-8
worker_thread: 32
dp_proxy:
nic_name_data_incoming: eth_pxy
mac_addr_data_incoming: aa:bb:cc:dd:ee:ff
enable_traffic_mirror: 1
traffic_mirror_type: 1
dp_certstore:
location: foreign
monitor:
enable_redis_exporter: 0
enable_ipmi_exporter: 1
runtime_env: TSG-7400-mcn123

8
ansible/roles/coredump/files/coredump_setup_override.conf.TSGXNXR620G40R01P0906
View File

@@ -1,8 +0,0 @@
[Coredump]
Storage=none
ProcessSizeMax=0G
ExternalSizeMax=0G
JournalSizeMax=0G
Compress=no
MaxUse=80
KeepFree=80

15
ansible/roles/coredump/files/coredump_setup_override.conf.j2.j2
View File

@@ -1,15 +0,0 @@
[Coredump]
{% if coredump.format == 'core' %}
Storage=external
ProcessSizeMax=256G
ExternalSizeMax=256G
JournalSizeMax=256G
{% else %}
Storage=none
ProcessSizeMax=0G
ExternalSizeMax=0G
JournalSizeMax=0G
{% endif %}
Compress=no
MaxUse=80
KeepFree=80

16
ansible/roles/coredump/tasks/main.yml
View File

@@ -1,16 +0,0 @@
- name: "mkdir -p /usr/lib/systemd/coredump.conf.d/"
file:
path: /usr/lib/systemd/coredump.conf.d/
state: directory
- name: "copy coredump config file to dest -- tsg-x-p0906"
copy:
src: '{{ role_path }}/files/coredump_setup_override.conf.TSGXNXR620G40R01P0906'
dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
when: runtime_env == 'TSG-X-P0906'
- name: "copy coredump config file to dest -- not tsg-x-p0906"
copy:
src: '{{ role_path }}/files/coredump_setup_override.conf.j2.j2'
dest: /opt/tsg/tsg-os-provision/templates/coredump_setup_override.conf.j2
when: runtime_env != 'TSG-X-P0906'

1
ansible/roles/docker/files/daemon.json
View File

@@ -1 +0,0 @@
{"iptables":false,"bridge": "none"}

BIN
ansible/roles/docker/files/docker-compose-Linux-x86_64
View File

Binary file not shown.

21
ansible/roles/docker/tasks/main.yml
View File

@@ -1,21 +0,0 @@
- name: "docker: copy daemon.json to target"
copy:
src: '{{ role_path }}/files/daemon.json'
dest: /etc/docker/
#- name: "docker: download docker-compose"
# get_url:
# url: https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
# dest: /usr/bin/docker-compose
# mode: '0755'
- name: "docker: copy docker-compose binary to target"
copy:
src: '{{ role_path }}/files/docker-compose-Linux-x86_64'
dest: /usr/bin/docker-compose
mode: 0755
- name: "enable docker"
systemd:
name: docker
enabled: yes

19
ansible/roles/kni/tasks/main.yml
View File

@@ -1,19 +0,0 @@
---
- name: "download rpm packages: kni"
yum:
name:
- "{{ kni_rpm_version.kni }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: "{{ path_download }}"
- name: "Install kni that is sapp plugin with prefix option"
shell: rpm -i /tmp/rpm_download/{{ kni_rpm_version.kni }}* --prefix {{ prefix_path.sapp }}
- name: Template the kni.conf
template:
src: "{{ role_path }}/templates/kni.conf.j2"
dest: /opt/tsg/sapp/etc/kni/kni.conf
tags: template
when: runtime_env != 'TSG-X-P0906'

188
ansible/roles/kni/templates/kni.conf.j2
View File

@@ -1,188 +0,0 @@
[global]
log_path = ./log/kni/kni.log
log_level = 30
{% if dp_steering_proxy.location == 'local' %}
tfe_node_count = 1
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
tfe_node_count = {{ dp_steering_proxy.node_count }}
{% endif %}
manage_eth = {{ control_and_policy.nic_name }}
# deploy_mode: normal/tap
{% if dp_steering_proxy.tap_mode is defined %}
deploy_mode = tap
{% else %}
deploy_mode = normal
{% endif %}
src_mac_addr = 00:0e:c6:d6:72:c1
dst_mac_addr = fe:65:b7:03:50:bd
[tap]
{% for tfe_node_info in dp_steering_proxy.node_list %}
tap_name= {{ tfe_node_info.nic_name }}
{% endfor %}
# tap_allow_mutilthread=1 load bpf
# tap_allow_mutilthread=0 not load bpf
tap_allow_mutilthread=1
bpf_obj=/opt/tsg/sapp/plug/business/kni/bpf_tun_rss_steering.o
bpf_default_queue=-1
# tap_bpf_debug_log: cat /sys/kernel/debug/tracing/trace_pipe
bpf_debug_log=0
# 2: BPF 使用二元组分流; 4: BPF 使用四元组分流
bpf_hash_mode=2
tap_rps_enable=1
# cat /sys/class/net/tap0/queues/rx-%{d}/rps_cpus
tap_rps_mask="{% raw %}{{ tfe_env_rps_info.rps_mask }}{% endraw %}"
[io_uring]
enable_iouring=1
enable_debuglog=0
ring_size=1024
buff_size=2048
flags=0
sq_thread_idle=0
{% for tfe_node_info in dp_steering_proxy.node_list %}
{% if dp_steering_proxy.location == 'local' %}
[tfe0]
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
[tfe{{ tfe_node_info.id }}]
{% endif %}
enabled = 1
dev_eth_symbol = {{ tfe_node_info.nic_name }}
{% if dp_steering_proxy.location == 'local' %}
ip_addr = 127.0.0.1
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
ip_addr = {{ tfe_node_info.addr }}
{% endif %}
{% endfor %}
[tfe_cmsg_receiver]
{% if dp_steering_proxy.location == 'local' %}
listen_eth = lo
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
listen_eth = {{ dp_steering_proxy.nic_cmsg_and_watchdog }}
{% endif %}
listen_port = 2475
[watch_dog]
switch = 1
{% if dp_steering_proxy.location == 'local' %}
listen_eth = lo
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
listen_eth = {{ dp_steering_proxy.nic_cmsg_and_watchdog }}
{% endif %}
listen_port = 2476
keepalive_idle = 2
keepalive_intvl = 1
keepalive_cnt = 3
[marsio]
appsym = knifw
[dup_traffic]
switch = 0
action = 2
capacity = 10000000
error_rate = 0.00001
expiry_time = 60
[traceid2pme_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 30
mho_eliminate_type = LRU
#per thread
[tuple2stream_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 0
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 0
mho_eliminate_type = LRU
[field_stat]
remote_switch = 1
remote_ip = 127.0.0.1
remote_port = 58100
local_path = ./fs2_kni.status
stat_cycle = 1
print_mode = 1
# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
statsd_format = 2
APP_NAME = fs2_kni
#self test Shunt rules security policy id
[tsg_diagnose]
enabled = 1
security_policy_id = 3,4
[ssl_dynamic_bypass]
enabled = 0
#kni dynamic bypass
[traceid2sslinfo_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 300
mho_eliminate_type = FIFO
[sslinfo2bypass_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 300
mho_eliminate_type = FIFO
[proxy_tcp_option]
enabled = 1
maat_table_compile = PXY_TCP_OPTION_COMPILE
maat_table_addr = PXY_TCP_OPTION_ADDR
maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
enable_override = 0
client_tcp_maxseg_enable = 0
client_tcp_maxseg = 1460
client_tcp_nodelay = 1
client_tcp_ttl = 70
client_tcp_keepalive_enable = 1
client_tcp_keepalive_keepcnt = 8
client_tcp_keepalive_keepidle = 30
client_tcp_keepalive_keepintvl = 15
client_tcp_user_timeout = 600
server_tcp_maxseg_enable = 0
server_tcp_maxseg = 1460
server_tcp_nodelay = 1
server_tcp_ttl = 75
server_tcp_keepalive_enable = 1
server_tcp_keepalive_keepcnt = 8
server_tcp_keepalive_keepidle = 30
server_tcp_keepalive_keepintvl = 15
server_tcp_user_timeout = 600
bypass_duplicated_packet = 0
tcp_passthrough = 0
[share_session_attribute]
SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL
[proxy_hits]
interval_ms=1000
telegraf_port=8900
telegraf_ip=127.0.0.1
app_name="proxy_rule_hits"

12
ansible/roles/maat-redis/files/maat-redis-exporter.service
View File

@@ -1,12 +0,0 @@
[Unit]
Description=Redis Exporter for MAAT-REDIS
After=network.target maat-redis.service
Requires=maat-redis.service
[Service]
ExecStart=/opt/tsg/exporter/redis_exporter -redis.addr=redis://localhost:7002 -redis-only-metrics
Type=simple
[Install]
WantedBy=multi-user.target

13
ansible/roles/maat-redis/files/maat-redis.service
View File

@@ -1,13 +0,0 @@
[Unit]
Description=Redis persistent key-value database
After=network.target
[Service]
ExecStart=/usr/bin/redis-server /etc/maat-redis.conf --supervised systemd
ExecStop=/usr/libexec/redis-shutdown maat-redis
Type=notify
TimeoutSec=300s
[Install]
WantedBy=multi-user.target

58
ansible/roles/maat-redis/tasks/main.yml
View File

@@ -1,58 +0,0 @@
- name: "copy maat-redis file to dest"
copy:
src: "{{ role_path }}/files/maat-redis.service"
dest: "/usr/lib/systemd/system"
mode: 0644
- name: "copy maat-redis exporter file to dest"
copy:
src: "{{ role_path }}/files/maat-redis-exporter.service"
dest: "/usr/lib/systemd/system"
mode: 0644
- name: "Create /usr/lib/systemd/system/maat-redis.service.d directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/maat-redis.service.d
- name: "Create /usr/lib/systemd/system/maat-redis-exporter.service.d directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/maat-redis-exporter.service.d
- name: "copy slice file to maat-redis.service.d"
copy:
src: "{{ role_path }}/templates/service_override_slice.conf.j2"
dest: /usr/lib/systemd/system/maat-redis.service.d/service_override_slice.conf
mode: 0644
when: runtime_env != 'TSG-X-P0906'
- name: "copy slice file to maat-redis-exporter.service.d"
copy:
src: "{{ role_path }}/templates/service_override_slice.conf.j2"
dest: /usr/lib/systemd/system/maat-redis-exporter.service.d/service_override_slice.conf
mode: 0644
when: runtime_env != 'TSG-X-P0906'
- name: "Template the maat-redis.conf"
template:
src: "{{ role_path }}/templates/maat-redis.conf.j2.j2"
dest: /opt/tsg/tsg-os-provision/templates/maat-redis.conf.j2
tags: template
when: runtime_env != 'TSG-X-P0906'
- name: "replace action: replace service WantedBy from multi-user.target to workload.target"
replace:
path: "{{ item }}"
regexp: 'WantedBy=multi-user.target'
replace: 'WantedBy=workload.target'
with_items:
- /usr/lib/systemd/system/maat-redis.service
- /usr/lib/systemd/system/maat-redis-exporter.service
when: runtime_env != 'TSG-X-P0906'

2052
ansible/roles/maat-redis/templates/maat-redis.conf.j2.j2
View File

File diff suppressed because it is too large Load Diff

2
ansible/roles/maat-redis/templates/service_override_slice.conf.j2
View File

@@ -1,2 +0,0 @@
[Service]
Slice=workload.slice

133
ansible/roles/system-init-7400-mcn0/files/setup
View File

@@ -1,133 +0,0 @@
#!/bin/bash
# set -x
CURRENT_PATH=`dirname $0`
TP_SVR=192.168.100.5
TP_PORT=10000
function get_netdev_by_pci()
{
DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'`
for i in ${DEV_LIST}
do
ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1
if [ $? -eq 0 ];then
TARGET=${i}
break
fi
done
echo ${TARGET}
}
function pf_setup()
{
echo 1 > /proc/sys/net/ipv6/conf/eth_pf/disable_ipv6
ifconfig eth_pf up
modprobe 8021q
vconfig add eth_pf 100
vconfig set_flag eth_pf.100 1 1
ifconfig eth_pf.100 192.168.100.1 netmask 255.255.255.0 up
sleep 1
}
function vf_setup()
{
echo 8 > /sys/class/net/eth_pf/device/sriov_numvfs
sleep 5
ifconfig eth_ctl up
ifconfig eth_ctl mtu 2000
ip link set eth_pf vf 2 vlan 200
ifconfig eth_ctl 192.168.200.1 netmask 255.255.255.0
ifconfig eth_dign_s up
ifconfig eth_rsv up
ifconfig eth_ctl up
ifconfig eth_raw up
ifconfig eth_mcn1 up
ifconfig eth_mcn2 up
ifconfig eth_mcn3 up
ifconfig eth_dign_c up
sleep 5
}
function bring_down_pfvf()
{
echo 0 > /sys/class/net/eth_pf/device/sriov_numvfs
ifconfig eth_pf down
sleep 3
}
# Main loop
while :
do
FAIL_FLAG=0
# Make sure PF is valid
ping ${TP_SVR} -c 1
if [ $? -ne 0 ];then
echo "Please make sure switch board is up."
bring_down_pfvf
pf_setup
continue
fi
# Make sure TestPoint is up.
echo "show version" | nc ${TP_SVR} ${TP_PORT}
if [ $? -ne 0 ];then
echo "Cannot reach TestPoint!"
echo "Please make sure TestPoint is up and in remote-listen mode."
sleep 5
continue
fi
# Create VFs and get MAC addresses
vf_setup
PF=`get_netdev_by_pci 01:00.0`
VF1=`get_netdev_by_pci 01:00.1`
VF2=`get_netdev_by_pci 01:00.2`
VF3=`get_netdev_by_pci 01:00.3`
VF4=`get_netdev_by_pci 01:00.4`
VF5=`get_netdev_by_pci 01:00.5`
VF6=`get_netdev_by_pci 01:00.6`
VF7=`get_netdev_by_pci 01:00.7`
VF8=`get_netdev_by_pci 01:01.0`
MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'`
MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'`
MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'`
MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'`
MAC5=`ifconfig ${VF5} |grep ether |awk -F' ' '{print $2}'`
MAC6=`ifconfig ${VF6} |grep ether |awk -F' ' '{print $2}'`
MAC7=`ifconfig ${VF7} |grep ether |awk -F' ' '{print $2}'`
MAC8=`ifconfig ${VF8} |grep ether |awk -F' ' '{print $2}'`
MAC9=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'`
# Make sure VFs are valid
MAC_TABLE=$(echo "show mac table all" | nc ${TP_SVR} ${TP_PORT})
for i in ${MAC1} ${MAC2} ${MAC3} ${MAC4} ${MAC5} ${MAC6} ${MAC7} ${MAC8} ${MAC9}
do
echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "MAC ${i} is not in table!"
FAIL_FLAG=1
break
fi
done
if [ ${FAIL_FLAG} -eq 1 ];then
bring_down_pfvf
continue
fi
echo "PF/VF setup successful."
exit 0
done

15
ansible/roles/system-init-7400-mcn0/files/tsg-env.service
View File

@@ -1,15 +0,0 @@
[Unit]
Description=tsg sled-mcn0 env init
Requires=network.target
After=network.target
Before=mrenv.service tsg-os-provision.service
[Service]
ExecStart=/opt/tsg/env/setup
ExecStop=/opt/tsg/env/tsg-env_stop
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
RequiredBy=mrenv.service

6
ansible/roles/system-init-7400-mcn0/files/tsg-env_stop
View File

@@ -1,6 +0,0 @@
#!/bin/bash
#
echo 0 >/sys/class/net/eth_pf/device/sriov_numvfs
ifconfig eth_pf.100 down
vconfig rem eth_pf.100
ifconfig eth_pf down

130
ansible/roles/system-init-7400-mcn0/tasks/main.yml
View File

@@ -1,130 +0,0 @@
---
- name: "set 60-7400MCN0P01R01.rules"
template:
src: "{{ role_path }}/templates/60-7400MCN0P01R01.rules.j2"
dest: /usr/lib/udev/rules.d/60-7400MCN0P01R01.rules
mode: 0644
tags: template
- name: "disable NetworkManager"
systemd:
name: NetworkManager.service
enabled: no
- name: "set 90-7400-dracut.rules"
template:
src: "{{ role_path }}/templates/90-7400-dracut.rules.j2"
dest: /usr/lib/dracut/dracut.conf.d/90-7400-dracut.conf
mode: 0644
tags: template
- name: "update depmod"
shell: depmod -v 5.4.159-1.el7.elrepo.x86_64
- name: "set eth_pf"
template:
src: "{{ role_path }}/templates/ifcfg-eth_pf.j2"
dest: /etc/sysconfig/network-scripts/ifcfg-eth_pf
tags: template
- name: "copy setup script"
copy:
src: "{{ role_path }}/files/setup"
dest: "/opt/tsg/env/"
mode: 0755
- name: "copy tsg-env.service"
copy:
src: "{{ role_path }}/files/tsg-env.service"
dest: "/usr/lib/systemd/system/"
mode: 0644
- name: "copy tsg-env_stop"
copy:
src: "{{ role_path }}/files/tsg-env_stop"
dest: "/opt/tsg/env/"
mode: 0755
- name: "enable tsg-env"
systemd:
name: tsg-env
enabled: yes
# 禁用 IPMI
- name: "disable ipmi"
systemd:
name: ipmi
enabled: no
# 禁用 Watchdog
- name: "disable watchdog"
systemd:
name: watchdog
enabled: no
# systemctl set-property user.slice CPUShares=1500 MemoryLimit=13G
# systemctl set-property system.slice CPUShares=1000 MemoryLimit=13G
# systemctl set-property workload.slice CPUShares=7500 MemoryLimit=99G
# workload.slice
- name: "Create /usr/lib/systemd/system/workload.slice.d/ directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/workload.slice.d/
- name: "copy 50-CPUShares.conf to workload.slice.d"
copy:
src: "{{ role_path }}/templates/override_workload_slice_cpu.conf.j2"
dest: /usr/lib/systemd/system/workload.slice.d/50-CPUShares.conf
mode: 0644
- name: "copy 50-MemoryLimit.conf to workload.slice.d"
copy:
src: "{{ role_path }}/templates/override_workload_slice_mem.conf.j2"
dest: /usr/lib/systemd/system/workload.slice.d/50-MemoryLimit.conf
mode: 0644
# user.slice
- name: "Create /usr/lib/systemd/system/user.slice.d/ directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/user.slice.d/
- name: "copy 50-CPUShares.conf to user.slice.d"
copy:
src: "{{ role_path }}/templates/override_user_slice_cpu.conf.j2"
dest: /usr/lib/systemd/system/user.slice.d/50-CPUShares.conf
mode: 0644
- name: "copy 50-MemoryLimit.conf to user.slice.d"
copy:
src: "{{ role_path }}/templates/override_user_slice_mem.conf.j2"
dest: /usr/lib/systemd/system/user.slice.d/50-MemoryLimit.conf
mode: 0644
# system.slice
- name: "Create /usr/lib/systemd/system/system.slice.d/ directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/system.slice.d/
- name: "copy 50-CPUShares.conf to system.slice.d"
copy:
src: "{{ role_path }}/templates/override_system_slice_cpu.conf.j2"
dest: /usr/lib/systemd/system/system.slice.d/50-CPUShares.conf
mode: 0644
- name: "copy 50-MemoryLimit.conf to system.slice.d"
copy:
src: "{{ role_path }}/templates/override_system_slice_mem.conf.j2"
dest: /usr/lib/systemd/system/system.slice.d/50-MemoryLimit.conf
mode: 0644

26
ansible/roles/system-init-7400-mcn0/templates/60-7400MCN0P01R01.rules.j2
View File

@@ -1,26 +0,0 @@
# rename ens1 to eth_pf
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.0", NAME:="eth_pf"
# rename ens1s1 to eth_dign_c
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:01.0", NAME:="eth_dign_c"
# rename ens1f1 to eth_dign_s
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.1", NAME:="eth_dign_s"
# rename ens1f2 to eth_rsv
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.2", NAME:="eth_rsv"
# rename ens1f3 to eth_ctl
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.3", NAME:="eth_ctl"
# rename ens1f4 to eth_raw
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.4", NAME:="eth_raw"
# rename ens1f5 to eth_mcn1
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.5", NAME:="eth_mcn1"
# rename ens1f6 to eth_mcn2
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.6", NAME:="eth_mcn2"
# rename ens1f7 to eth_mcn3
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.7", NAME:="eth_mcn3"

1
ansible/roles/system-init-7400-mcn0/templates/90-7400-dracut.rules.j2
View File

@@ -1 +0,0 @@
omit_dracutmodules+="ifcfg network"

15
ansible/roles/system-init-7400-mcn0/templates/ifcfg-eth_pf.j2
View File

@@ -1,15 +0,0 @@
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth_pf
#UUID=2af69d2b-6746-489f-9e05-97a8b25e259b
DEVICE=eth_pf
ONBOOT=yes

2
ansible/roles/system-init-7400-mcn0/templates/override_system_slice_cpu.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
CPUShares=1000

2
ansible/roles/system-init-7400-mcn0/templates/override_system_slice_mem.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
MemoryLimit=13G

2
ansible/roles/system-init-7400-mcn0/templates/override_user_slice_cpu.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
CPUShares=1500

2
ansible/roles/system-init-7400-mcn0/templates/override_user_slice_mem.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
MemoryLimit=13G

2
ansible/roles/system-init-7400-mcn0/templates/override_workload_slice_cpu.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
CPUShares=7500

2
ansible/roles/system-init-7400-mcn0/templates/override_workload_slice_mem.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
MemoryLimit=99G

140
ansible/roles/system-init-7400-mcn123/files/setup
View File

@@ -1,140 +0,0 @@
#!/bin/bash
# set -x
CURRENT_PATH=`dirname $0`
TP_SVR=192.168.100.5
TP_PORT=10000
modprobe 8021q
function get_netdev_by_pci()
{
DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'`
for i in ${DEV_LIST}
do
ethtool -i ${i} |grep bus-info |grep -E "$1" > /dev/null 2>&1
if [ $? -eq 0 ];then
TARGET=${i}
break
fi
done
echo ${TARGET}
}
function pf_setup()
{
echo 1 > /proc/sys/net/ipv6/conf/eth_pf/disable_ipv6
ifconfig eth_pf up
vconfig add eth_pf 100
vconfig set_flag eth_pf.100 1 1
ifconfig eth_pf.100 192.168.100.$1 netmask 255.255.255.0 up
sleep 1
}
function vf_setup()
{
echo 4 > /sys/class/net/eth_pf/device/sriov_numvfs
sleep 5
ifconfig eth_ctl up
ip link set eth_pf vf 2 vlan 200
ifconfig eth_ctl 192.168.200.$1 netmask 255.255.255.0
ifconfig eth_pxy up
ifconfig eth_mirr_d up
ifconfig eth_ctl up
ifconfig eth_rsv up
sleep 5
}
function bring_down_pfvf()
{
echo 0 > /sys/class/net/eth_pf/device/sriov_numvfs
ifconfig eth_pf down
sleep 3
}
# Main loop
while :
do
FAIL_FLAG=0
# 1:mcn0; 2:mcn1; 3:mcn2; 4:mcn3
mcn_mgnt_id=0
card_info=$(ipmitool raw 0x2e 0x32 0x13 0x5f 0x00 | awk '{print $NF}')
case ${card_info} in
90)
# mcn0
mcn_mgnt_id=1
;;
80)
# mcn1
mcn_mgnt_id=2
;;
98)
# mcn2
mcn_mgnt_id=3
;;
88)
# mcn3
mcn_mgnt_id=4
;;
*)
echo "ipmitool get unknown card id"
;;
esac
# Make sure PF is valid
ping ${TP_SVR} -c 1
if [ $? -ne 0 ];then
echo "Please make sure switch board is up."
bring_down_pfvf
pf_setup ${mcn_mgnt_id}
continue
fi
# Make sure TestPoint is up.
echo "show version" | nc ${TP_SVR} ${TP_PORT}
if [ $? -ne 0 ];then
echo "Cannot reach TestPoint!"
echo "Please make sure TestPoint is up and in remote-listen mode."
sleep 5
continue
fi
# Create VFs and get MAC addresses
vf_setup ${mcn_mgnt_id}
PF=`get_netdev_by_pci "01:00.0|85:00.0"`
VF1=`get_netdev_by_pci "01:00.1|85:00.1"`
VF2=`get_netdev_by_pci "01:00.2|85:00.2"`
VF3=`get_netdev_by_pci "01:00.3|85:00.3"`
VF4=`get_netdev_by_pci "01:00.4|85:00.4"`
MAC0=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'`
MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'`
MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'`
MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'`
MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'`
# Make sure VFs are valid
MAC_TABLE=$(echo "show mac table all" | nc ${TP_SVR} ${TP_PORT})
for i in ${MAC0} ${MAC1} ${MAC2} ${MAC3} ${MAC4}
do
echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "MAC ${i} is not in table!"
FAIL_FLAG=1
break
fi
done
if [ ${FAIL_FLAG} -eq 1 ];then
bring_down_pfvf
continue
fi
echo "PF/VF setup successful."
exit 0
done

15
ansible/roles/system-init-7400-mcn123/files/tsg-env.service
View File

@@ -1,15 +0,0 @@
[Unit]
Description=tsg sled-mcn1/2/3 env init
Requires=network.target
After=network.target
Before=tfe-env.service mrenv.service tsg-os-provision.service
[Service]
ExecStart=/opt/tsg/env/setup
ExecStop=/opt/tsg/env/tsg-env_stop
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
RequiredBy=tfe-env.service mrenv.service

6
ansible/roles/system-init-7400-mcn123/files/tsg-env_stop
View File

@@ -1,6 +0,0 @@
#!/bin/bash
#
echo 0 >/sys/class/net/eth_pf/device/sriov_numvfs
ifconfig eth_pf.100 down
vconfig rem eth_pf.100
ifconfig eth_pf down

130
ansible/roles/system-init-7400-mcn123/tasks/main.yml
View File

@@ -1,130 +0,0 @@
---
- name: "set 60-7400MCN123P01R01.rules"
template:
src: "{{ role_path }}/templates/60-7400MCN123P01R01.rules.j2"
dest: /usr/lib/udev/rules.d/60-7400MCN123P01R01.rules
mode: 0644
tags: template
- name: "disable NetworkManager"
systemd:
name: NetworkManager.service
enabled: no
- name: "set 90-7400-dracut.rules"
template:
src: "{{ role_path }}/templates/90-7400-dracut.rules.j2"
dest: /usr/lib/dracut/dracut.conf.d/90-7400-dracut.conf
mode: 0644
tags: template
- name: "update depmod"
shell: depmod -v 5.4.159-1.el7.elrepo.x86_64
- name: "set eth_pf"
template:
src: "{{ role_path }}/templates/ifcfg-eth_pf.j2"
dest: /etc/sysconfig/network-scripts/ifcfg-eth_pf
tags: template
- name: "copy setup script"
copy:
src: "{{ role_path }}/files/setup"
dest: "/opt/tsg/env/"
mode: 0755
- name: "copy tsg-env.service"
copy:
src: "{{ role_path }}/files/tsg-env.service"
dest: "/usr/lib/systemd/system/"
mode: 0644
- name: "copy tsg-env_stop"
copy:
src: "{{ role_path }}/files/tsg-env_stop"
dest: "/opt/tsg/env/"
mode: 0755
- name: "enable tsg-env"
systemd:
name: tsg-env
enabled: yes
# 禁用 IPMI
- name: "disable ipmi"
systemd:
name: ipmi
enabled: no
# 禁用 Watchdog
- name: "disable watchdog"
systemd:
name: watchdog
enabled: no
# systemctl set-property user.slice CPUShares=1500 MemoryLimit=13G
# systemctl set-property system.slice CPUShares=1000 MemoryLimit=13G
# systemctl set-property workload.slice CPUShares=7500 MemoryLimit=99G
# workload.slice
- name: "Create /usr/lib/systemd/system/workload.slice.d/ directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/workload.slice.d/
- name: "copy 50-CPUShares.conf to workload.slice.d"
copy:
src: "{{ role_path }}/templates/override_workload_slice_cpu.conf.j2"
dest: /usr/lib/systemd/system/workload.slice.d/50-CPUShares.conf
mode: 0644
- name: "copy 50-MemoryLimit.conf to workload.slice.d"
copy:
src: "{{ role_path }}/templates/override_workload_slice_mem.conf.j2"
dest: /usr/lib/systemd/system/workload.slice.d/50-MemoryLimit.conf
mode: 0644
# user.slice
- name: "Create /usr/lib/systemd/system/user.slice.d/ directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/user.slice.d/
- name: "copy 50-CPUShares.conf to user.slice.d"
copy:
src: "{{ role_path }}/templates/override_user_slice_cpu.conf.j2"
dest: /usr/lib/systemd/system/user.slice.d/50-CPUShares.conf
mode: 0644
- name: "copy 50-MemoryLimit.conf to user.slice.d"
copy:
src: "{{ role_path }}/templates/override_user_slice_mem.conf.j2"
dest: /usr/lib/systemd/system/user.slice.d/50-MemoryLimit.conf
mode: 0644
# system.slice
- name: "Create /usr/lib/systemd/system/system.slice.d/ directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/system.slice.d/
- name: "copy 50-CPUShares.conf to system.slice.d"
copy:
src: "{{ role_path }}/templates/override_system_slice_cpu.conf.j2"
dest: /usr/lib/systemd/system/system.slice.d/50-CPUShares.conf
mode: 0644
- name: "copy 50-MemoryLimit.conf to system.slice.d"
copy:
src: "{{ role_path }}/templates/override_system_slice_mem.conf.j2"
dest: /usr/lib/systemd/system/system.slice.d/50-MemoryLimit.conf
mode: 0644

19
ansible/roles/system-init-7400-mcn123/templates/60-7400MCN123P01R01.rules.j2
View File

@@ -1,19 +0,0 @@
# rename ens1/ens8 to eth_pf
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.0", NAME:="eth_pf"
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:85:00.0", NAME:="eth_pf"
# rename ens1f1/ens8f1 to eth_pxy
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.1", NAME:="eth_pxy"
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:85:00.1", NAME:="eth_pxy"
# rename ens1f2/ens8f2 to eth_mirr_d
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.2", NAME:="eth_mirr_d"
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:85:00.2", NAME:="eth_mirr_d"
# rename ens1f3/ens8f3 to eth_ctl
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.3", NAME:="eth_ctl"
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:85:00.3", NAME:="eth_ctl"
# rename ens1f4/ens8f4 to eth_rsv
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:01:00.4", NAME:="eth_rsv"
ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:85:00.4", NAME:="eth_rsv"

1
ansible/roles/system-init-7400-mcn123/templates/90-7400-dracut.rules.j2
View File

@@ -1 +0,0 @@
omit_dracutmodules+="ifcfg network"

15
ansible/roles/system-init-7400-mcn123/templates/ifcfg-eth_pf.j2
View File

@@ -1,15 +0,0 @@
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth_pf
#UUID=2af69d2b-6746-489f-9e05-97a8b25e259b
DEVICE=eth_pf
ONBOOT=yes

2
ansible/roles/system-init-7400-mcn123/templates/override_system_slice_cpu.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
CPUShares=1000

2
ansible/roles/system-init-7400-mcn123/templates/override_system_slice_mem.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
MemoryLimit=13G

2
ansible/roles/system-init-7400-mcn123/templates/override_user_slice_cpu.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
CPUShares=1500

2
ansible/roles/system-init-7400-mcn123/templates/override_user_slice_mem.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
MemoryLimit=13G

2
ansible/roles/system-init-7400-mcn123/templates/override_workload_slice_cpu.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
CPUShares=7500

2
ansible/roles/system-init-7400-mcn123/templates/override_workload_slice_mem.conf.j2
View File

@@ -1,2 +0,0 @@
[Slice]
MemoryLimit=99G

BIN
ansible/roles/telegraf/files/telegraf-1.30.2-1.x86_64.rpm
View File

Binary file not shown.

16
ansible/roles/telegraf/files/telegraf_proxy.service
View File

@@ -1,16 +0,0 @@
[Unit]
Description=Security information
Documentation=https://github.com/influxdata/telegraf
After=network.target
[Service]
EnvironmentFile=-/etc/default/telegraf
User=telegraf
ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf_proxy.conf -config-directory /etc/telegraf/telegraf_statistic.d $TELEGRAF_OPTS
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartForceExitStatus=SIGPIPE
KillMode=control-group
[Install]
WantedBy=multi-user.target

66
ansible/roles/telegraf/tasks/main.yml
View File

@@ -1,66 +0,0 @@
- name: "copy telegraf.rpm to destination server"
copy:
src: "{{ role_path }}/files/telegraf-1.30.2-1.x86_64.rpm"
dest: /tmp
- name: "install telegraf"
yum:
name:
- /tmp/telegraf-1.30.2-1.x86_64.rpm
state: present
disable_gpg_check: yes
- name: "Templates telegraf_proxy.conf"
template:
src: "{{role_path}}/templates/telegraf_proxy.conf.j2.j2"
dest: /opt/tsg/tsg-os-provision/templates/telegraf_proxy.conf.j2
tags: template
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "copy telegraf_proxy.service to destination server"
copy:
src: "{{ role_path }}/files/telegraf_proxy.service"
dest: /usr/lib/systemd/system
mode: 0644
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "Create service override dictionary"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/telegraf_proxy.service.d
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "Copy slice override file to dest"
copy:
src: "{{ role_path }}/templates/service_override_slice.conf.j2"
dest: "{{ item }}"
mode: 0644
with_items:
- /usr/lib/systemd/system/telegraf_proxy.service.d/service_override_slice.conf
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "Change service WantedBy target"
replace:
path: "{{ item }}"
regexp: 'WantedBy=multi-user.target'
replace: 'WantedBy=workload.target'
with_items:
- /usr/lib/systemd/system/telegraf_proxy.service
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
##################### telegraf #####################
- name: "disable telegraf"
systemd:
name: telegraf.service
enabled: no
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "Start telegraf_proxy"
systemd:
name: telegraf_proxy.service
enabled: yes
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'

2
ansible/roles/telegraf/templates/service_override_slice.conf.j2
View File

@@ -1,2 +0,0 @@
[Service]
Slice=workload.slice

75
ansible/roles/telegraf/templates/telegraf_proxy.conf.j2.j2
View File

@@ -1,75 +0,0 @@
[global_tags]
device_id = "${device_id}"
{% raw %}{% if data_center.name is defined %}
data_center = "{{ data_center.name }}"
{% endif %}
{% if device.tags is defined %}
{% for device_tag in device.tags %}
{% for key,value in device_tag.items() %}
{{ key }} = "{{value}}"
{% endfor %}
{% endfor %}
{% endif %}
{% endraw %}
[agent]
interval = "1s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 100000
collection_jitter = "0s"
flush_interval = "1s"
flush_jitter = "0s"
precision = ""
debug = false
quiet = false
logfile = ""
hostname = ""
omit_hostname = true
[[outputs.kafka]]
sasl_username = "admin"
sasl_password = "galaxy2019"
{% raw %} brokers = [ "{{ olap.kafka_broker.address_list | join("\",\"") }}" ]
{% endraw %}
topic = "POLICY-RULE-METRIC"
client_id = "POLICY-RULE-METRIC"
data_format = "json"
json_timestamp_units = "1ms"
json_transformation = '''
$merge([$, { "timestamp_ms": timestamp}]) ~> |$|{}, ['timestamp']|
'''
[[inputs.socket_listener]]
service_address = "udp://:8900"
data_format = "influx"
read_buffer_size = "32MiB"
[[processors.rename]]
[[processors.rename.replace]]
field = "hit_count_sum"
dest = "hit_count"
[[processors.rename.replace]]
field = "in_bytes_sum"
dest = "in_bytes"
[[processors.rename.replace]]
field = "out_bytes_sum"
dest = "out_bytes"
[[processors.rename.replace]]
field = "in_pkts_sum"
dest = "in_pkts"
[[processors.rename.replace]]
field = "out_pkts_sum"
dest = "out_pkts"
[[aggregators.basicstats]]
period = "1s"
delay = "1s"
grace = "1s"
drop_original = true
stats = ["sum"]
fieldpass = ["hit_count", "in_bytes", "out_bytes", "in_pkts", "out_pkts"]
namepass = ["proxy_rule_hits"] # only "pass" swap metrics through the aggregator.

79
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
View File

@@ -1,79 +0,0 @@
feature:
enable_policy_local_cache: 1
enable_stream_bypass_under_ddos: 0
firewall:
enable: 1
enable_dtls: 1
enable_sip: 1
proxy:
enable: 1
sessionrecord:
enable: 1
enable_dns_record: 1
enable_rtp_record: 1
enable_interim_record: 1
enable_transcation_record: 1
enable_contains_app_id: 0
enable_contains_dns_resource_record: 0
capturepacket:
enable: 1
app_behavior:
enable: 0
ddossketch:
enable: 1
tcp_flood_report_thresh: 0.0008
udp_flood_report_thresh: 0.0008
icmp_flood_report_thresh: 0.0008
dns_flood_report_thresh: 0.0008
app:
identify_by:
user_defined_signature: 1
builtin_app_engine: 1
coredump:
format: none
collect: local
sentry_url: http://127.0.0.1:9000/api/2/minidump/
advanced_settings:
stream_tcp_max: 50000
stream_tcp_timeout: 30
stream_udp_max: 50000
stream_udp_timeout: 60
stream_bypass_trigger_cpu_usage: 90
cm:
policy_server:
port_num: 1
db_static: 0
db_dynamic: 1
#####session_distribution_policy.hash_key in [outer-most-sip-dip,outer-most-sip-dip-sport-dport,inner-most-sip-dip,inner-most-sip-dip-sport-dport]
session_distribution_policy:
mode: sym-hash
hash_key: inner-most-sip-dip
olap:
hos_server:
token: "c21f969b5f03d33d43e04f8f136e7682"
vsys_id: 1
consul_agent:
mode: "server"
encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
datacenter: "dc1"
node_name: ""
shaping:
enable: 0
sid:
shaping: 1000

19
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN123P01R01
View File

@@ -1,19 +0,0 @@
feature:
enable_policy_local_cache: 1
coredump:
format: none
collect: local
sentry_url: http://127.0.0.1:9000/api/2/minidump/
cm:
policy_server:
port_num: 1
db_static: 0
db_dynamic: 1
olap:
hos_server:
token: "c21f969b5f03d33d43e04f8f136e7682"
vsys_id: 1

112
ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
View File

@@ -1,112 +0,0 @@
version: 1
device:
tags:
- key1: value1
- key2: value2
session_id_generator:
snowflake_worker_id_base: 1
snowflake_worker_id_offset: 1
feature:
enable_policy_local_cache: 1
enable_stream_bypass_under_ddos: 0
firewall:
enable: 0/1
proxy:
enable: 0/1
sessionrecord:
enable: 0/1
enable_dns_record: 0/1
enable_rtp_record: 0/1
enable_interim_record: 0/1
enable_transcation_record: 0/1
capturepacket:
enable: 0/1
ddossketch:
enable: 0/1
app:
identify_by:
user_defined_signature: 0/1
builtin_app_engine: 0/1
cm:
policy_server:
address: "127.0.0.1"
port: 7002
olap:
kafka_broker:
address_list: ['1.1.1.1:9092','2.2.2.2:9092']
hos_server:
address: "127.0.0.1"
port: 9098
token: "xxxxxxxxxx"
# npb_device value in [inline_device, tera,direct]
npb_device: inline_device
tera_steering_group:
- internal:
vlan_id: 1301
keepalive:
ipv4: 127.0.0.1/24
ipv6: 'fe80\:\:1/64'
external:
vlan_id: 1302
keepalive:
ipv4: 127.0.0.1/24
ipv6: 'fe80\:\:2/64'
- internal:
vlan_id: 1201
keepalive:
ipv4: 127.0.0.1/24
ipv6: 'fe80\:\:3/64'
external:
vlan_id: 1202
keepalive:
ipv4: 127.0.0.1/24
ipv6: 'fe80\:\:4/64'
inline_device_settings:
keepalive:
ip: 127.0.0.1
mask: 255.255.255.0
network_setting:
nic_policy_log:
ipv4: 127.0.0.1/24
gateway_ipv4: 192.168.1.1
coredump:
format: minidump/core/none
collect: local/sentry
sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
vsys_id: 1
consul_agent:
mode: client/server
#encrypt: ""
bootstrapExpect: 1
#node_name: ""
#datacenter: "dc1"
join:
- address: 111.111.111.111
port: 8301
- address: 222.222.222.222
port: 8301
shaping:
enable: 1
sid:
shaping: 1000

34
ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01
View File

@@ -1,34 +0,0 @@
version: 1
device:
tags:
- key1: value1
- key2: value2
feature:
enable_policy_local_cache: 1
cm:
policy_server:
address: "127.0.0.1"
port: 7002
olap:
kafka_broker:
address_list: ['1.1.1.1:9092','2.2.2.2:9092']
hos_server:
address: "127.0.0.1"
port: 9098
token: "xxxxxxxxxx"
network_setting:
nic_policy_log:
ipv4: 127.0.0.1/24
gateway_ipv4: 192.168.1.1
coredump:
format: minidump/core/none
collect: local/sentry
sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
vsys_id: 1

2
ansible/roles/tsg-os-provision/files/hosts
View File

@@ -1,2 +0,0 @@
[provision]
localhost ansible_connection=local

11
ansible/roles/tsg-os-provision/files/network_settings/adapt_tera_network_setting.sh.j2
View File

@@ -1,11 +0,0 @@
#!/bin/bash -ex
{% for zone_group in tera_steering_group %}
ip link add link eth_rsv name eth_rsv.{{ zone_group.internal.vlan_id }} type vlan id {{ zone_group.internal.vlan_id }}
ip addr add {{ zone_group.internal.keepalive.ipv4 }} dev eth_rsv.{{ zone_group.internal.vlan_id }}
ip -6 addr add {{ zone_group.internal.keepalive.ipv6 }} dev eth_rsv.{{ zone_group.internal.vlan_id }}
ifconfig eth_rsv.{{ zone_group.internal.vlan_id }} up
ip link add link eth_rsv name eth_rsv.{{ zone_group.external.vlan_id }} type vlan id {{ zone_group.external.vlan_id }}
ip addr add {{ zone_group.external.keepalive.ipv4 }} dev eth_rsv.{{ zone_group.external.vlan_id }}
ip -6 addr add {{ zone_group.external.keepalive.ipv6 }} dev eth_rsv.{{ zone_group.external.vlan_id }}
ifconfig eth_rsv.{{ zone_group.external.vlan_id }} up
{% endfor %}

20
ansible/roles/tsg-os-provision/files/network_settings/setup_policy_log_nic_network.sh.j2
View File

@@ -1,20 +0,0 @@
#!/bin/bash
status_address_add_ipv4=0
status_address_add_ipv6=0
status_route_add_ipv4=0
static_hostname=$(hostnamectl status --static)
hostnamectl set-hostname $static_hostname --transient --pretty
ifconfig eth_ctl {{ network_setting.nic_policy_log.ipv4 }}
status_address_add_ipv4=$?
if [ $status_address_add_ipv4 -ne 0 ]; then
echo "Fail to add ipv4 address to eth_ctl,return code:${status_address_add_ipv4}"
exit $status_address_add_ipv4
fi
route add default gw {{ network_setting.nic_policy_log.gateway_ipv4 }} dev eth_ctl
status_route_add_ipv4=$?
if [ $status_route_add_ipv4 -ne 7 ] && [ $status_route_add_ipv4 -ne 0 ]; then
echo "Fail to add ipv4 route to eth_ctl,return code:${status_route_add_ipv4}"
exit $status_route_add_ipv4
fi

3
ansible/roles/tsg-os-provision/files/script/convertor.sh
View File

@@ -1,3 +0,0 @@
#!/bin/bash -ex
echo "Reserved for provision config convert"

36
ansible/roles/tsg-os-provision/files/script/provision.sh
View File

@@ -1,36 +0,0 @@
#!/bin/bash -ex
enable_config_apply=$1
config_path=/data/tsg-os-provision/provision.yml
config_d_path=/data/tsg-os-provision/provision.yml.d
snapshot_config_path=/data/tsg-os-provision/provision.yml.snapshot
snapshot_config_d_path=/data/tsg-os-provision/provision.yml.d.snapshot
hosts_path=/opt/tsg/tsg-os-provision/hosts
provision_path=/opt/tsg/tsg-os-provision/tasks/provision.yml
convertor_script_path=/opt/tsg/tsg-os-provision/scripts/convertor.sh
succ_sign_file=/data/tsg-os-provision/.provision_succeeded
#execute_provision_del_succ_sign(){
# rm -rf ${succ_sign_file}
#}
execute_provision_convert_action(){
/opt/tsg/tsg-os-provision/scripts/convertor.sh
}
execute_provision_action(){
ansible-playbook -i ${hosts_path} ${provision_path} -e "enable_config_apply=${enable_config_apply}"
cp ${config_path} ${snapshot_config_path} -r
rm ${snapshot_config_d_path} -rf
cp -r ${config_d_path} ${snapshot_config_d_path}
}
#execute_provision_add_succ_sign(){
# touch ${succ_sign_file}
#}
#execute_provision_del_succ_sign
execute_provision_convert_action
execute_provision_action
#execute_provision_add_succ_sign

1
ansible/roles/tsg-os-provision/files/script/tsg-os-provision.sh
View File

@@ -1 +0,0 @@
export PATH=/opt/tsg/tsg-os-provision:$PATH

14
ansible/roles/tsg-os-provision/files/service/tsg-os-provision.service.TSG7400
View File

@@ -1,14 +0,0 @@
[Unit]
Description=Tsg os provision
Requires=network.target
After=network.target
Before=tfe-env.service mrenv.service certstore.service telegraf_proxy.service cert-redis.service consul.service
[Service]
ExecStart=/bin/sh -c "/opt/tsg/tsg-os-provision/scripts/provision.sh 0"
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
RequiredBy=tfe-env.service mrenv.service certstore.service telegraf_proxy.service cert-redis.service consul.service

321
ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01
View File

@@ -1,321 +0,0 @@
---
- hosts: provision
tasks:
- name: Load default config file variable
include_vars:
file: /opt/tsg/tsg-os-provision/provision.default.yml
- name: Load general config file variable
include_vars:
file: /data/tsg-os-provision/provision.yml
- name: Load provision.yml.d config file variable
include_vars:
dir: /data/tsg-os-provision/provision.yml.d/
ignore_unknown_extensions: yes
extensions:
- 'yml'
- 'yaml'
- name: "template setup_policy_log_nic_network.sh"
template:
src: ../templates/setup_policy_log_nic_network.sh.j2
dest: /opt/tsg/tsg-os-provision/scripts/setup_policy_log_nic_network.sh
mode: 0755
- name: "execute setup_policy_log_nic_network.sh"
shell: /opt/tsg/tsg-os-provision/scripts/setup_policy_log_nic_network.sh
register: result_exec_setup_policy_log_nic_network
- name: "Output results that executes command that gets the result_exec_setup_policy_log_nic_network"
debug:
msg: "{{ result_exec_setup_policy_log_nic_network }}"
- name: "Verify result_exec_setup_policy_log_nic_network"
assert:
that:
- result_exec_setup_policy_log_nic_network.rc == 0
- result_exec_setup_policy_log_nic_network.failed == False
fail_msg: "error:{{ result_exec_setup_policy_log_nic_network.stderr }},stdout:{{ result_exec_setup_policy_log_nic_network }}"
success_msg: "{{ result_exec_setup_policy_log_nic_network.stdout_lines }}"
- name: "template adapt_tera_network_setting.sh when NPB device is tera"
template:
src: ../templates/adapt_tera_network_setting.sh.j2
dest: /opt/tsg/tsg-os-provision/scripts/adapt_tera_network_setting.sh
mode: 0755
when: npb_device == 'tera'
- name: "execute adapt_tera_network_setting.sh when NPB device is tera"
shell: /opt/tsg/tsg-os-provision/scripts/adapt_tera_network_setting.sh
register: result_exec_adapt_tera_network_setting
when: npb_device == 'tera'
- name: "Output results that executes command that gets the result_exec_adapt_tera_network_setting"
debug:
msg: "{{ result_exec_adapt_tera_network_setting }}"
when: npb_device == 'tera'
- name: "Verify result_exec_adapt_tera_network_setting"
assert:
that:
- result_exec_adapt_tera_network_setting.rc == 0
- result_exec_adapt_tera_network_setting.failed == False
fail_msg: "error:{{ result_exec_adapt_tera_network_setting.stderr }},stdout:{{ result_exec_adapt_tera_network_setting }}"
success_msg: "{{ result_exec_adapt_tera_network_setting.stdout_lines }}"
when: npb_device == 'tera'
- name: "set sapp_overlay_mode var when NPB device is tera"
set_fact:
sapp_overlay_mode: "none"
gdev_conf_keep_alive_ip: "127.0.0.1"
when: npb_device == 'tera'
- name: "set sapp_overlay_mode var when NPB device is inline_device"
set_fact:
sapp_overlay_mode: "vxlan"
gdev_conf_keep_alive_ip: "{{ inline_device_settings.keepalive.ip }}"
when: npb_device == 'inline_device'
- name: "set sapp_overlay_mode var when NPB device is direct"
set_fact:
sapp_overlay_mode: "none"
gdev_conf_keep_alive_ip: "127.0.0.1"
when: npb_device == 'direct'
- name: "set cm_policy_server_ip var depend on enable_policy_local_cache"
set_fact:
cm_policy_server_ip: "{{ item.cm_policy_server_ip }}"
cm_policy_server_port: "{{ item.cm_policy_server_port }}"
when: feature.enable_policy_local_cache == item.enable_policy_local_cache
with_items:
- { "enable_policy_local_cache": 1, "npb_device": tera, "cm_policy_server_ip": 192.168.100.1, "cm_policy_server_port": 7002 }
- { "enable_policy_local_cache": 0, "npb_device": inline_device, "cm_policy_server_ip": "{{ cm.policy_server.address }}", "cm_policy_server_port": "{{ cm.policy_server.port }}"}
- name: "Add sapp service service_attach_startpre.conf.tera when NPB_device type is tera"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
when: npb_device == 'tera'
with_items:
- { "src": "../files/service_attach_startpre.conf.tera", "dest": "/usr/lib/systemd/system/sapp.service.d/service_attach_startpre.conf", "mode": "0644" }
- { "src": "../files/tera_fake_promisc_setup.sh", "dest": "/opt/tsg/sapp/", "mode": "0755" }
- name: "Add sapp service service_attach_startpre.conf.except_tera when NPB_device type is inline_device and direct"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
when: npb_device == 'inline_device' or npb_device == 'direct'
with_items:
- { "src": "../files/service_attach_startpre.conf.except_tera", "dest": "/usr/lib/systemd/system/sapp.service.d/service_attach_startpre.conf", "mode": "0644" }
- name: "tsg-os-provision: Template the conflist.inf"
template:
src: ../templates/conflist.inf.j2
dest: /opt/tsg/sapp/plug/conflist.inf
tags: sapp
- name: "tsg-os-provision: vlan_flipping_map.conf"
template:
src: ../templates/vlan_flipping_map.conf.j2
dest: /opt/tsg/sapp/etc/vlan_flipping_map.conf
tags: sapp
- name: "tsg-os-provision: template gdev.conf file"
template:
src: "../templates/gdev.conf.j2"
dest: /opt/tsg/sapp/etc/gdev.conf
tags: sapp
- name: "tsg-os-provision: template mrglobal.conf file"
template:
src: "../templates/mrglobal.conf.j2"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
tags: mrzcpd
- name: "tsg-os-provision: template certstore configure file"
template:
src: "../templates/cert_store.ini.j2"
dest: /opt/tsg/certstore/conf/cert_store.ini
tags: certstore
- name: "tsg-os-provision: Template the tsgconf/main.conf"
template:
src: "../templates/main.conf.j2"
dest: /opt/tsg/sapp/tsgconf/main.conf
tags: firewall
- name: "tsg-os-provision: Template the tsgconf/maat.conf"
template:
src: "../templates/maat.conf.j2"
dest: /opt/tsg/sapp/tsgconf/maat.conf
tags: firewall
- name: "tsg-os-provision: Template the session_record.inf"
template:
src: "../templates/session_record.inf.j2"
dest: /opt/tsg/sapp/plug/business/session_record/session_record.inf
tags: firewall
- name: "tsg-os-provision: Template the firewall.inf"
template:
src: "../templates/firewall.inf.j2"
dest: /opt/tsg/sapp/plug/business/firewall/firewall.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"
dest: /opt/tsg/sapp/etc/sapp.toml
tags: sapp
# - name: "tsg-os-provision: Templates telegraf.conf"
# template:
# src: "../templates/telegraf_shaping.conf.j2"
# dest: /etc/telegraf/telegraf_shaping.conf
# tags: telegraf_shaping
- name: "tsg-os-provision: Templates telegraf_proxy.conf"
template:
src: "../templates/telegraf_proxy.conf.j2"
dest: /etc/telegraf/telegraf_proxy.conf
tags: telegraf_security
- name: "tsg-os-provision: template consul"
template:
src: "../templates/consul.hcl.j2"
dest: /etc/consul.d/consul.hcl
tags: consul
when: shaping.enable == 1
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
state: directory
- name: "tsg-os-provision: obtain sn from mxn and write sn to tsg_sn.json"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh 192.168.100.5
register: result_exec_obtain_sn_and_write_sn_in_file
- name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file"
assert:
that:
- result_exec_obtain_sn_and_write_sn_in_file.rc == 0
- result_exec_obtain_sn_and_write_sn_in_file.failed == False
fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}"
success_msg: "Successded: obtain the sn and write sn into tsg_sn.json"
- name: "tsg-os-provision: template the tsg_device_tag"
template:
src: "../templates/tsg_device_tag.json.j2"
dest: /opt/tsg/etc/tsg_device_tag.json
tags: tsg_device_tag
- name: "Template the maat-redis.conf"
template:
src: "/opt/tsg/tsg-os-provision/templates/maat-redis.conf.j2"
dest: /etc/maat-redis.conf
tags: maat-redis
when: feature.enable_policy_local_cache == 1
- name: 'tsg-os-provision: execute command - systemctl daemon-reload'
systemd:
daemon_reload: yes
- name: "start maat-redis and maat-redis-exporter"
systemd:
name: "{{ item }}"
enabled: yes
state: started
when: feature.enable_policy_local_cache == 1
with_items:
- maat-redis
- maat-redis-exporter
- name: "tsg-os-provision: coredump setup override - mkdir"
file:
path: /usr/lib/systemd/coredump.conf.d/
state: directory
- name: "tsg-os-provision: coredump setup override - override"
template:
src: "../templates/coredump_setup_override.conf.j2"
dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
- name: "tsg-os-provision: snapshot the stage2 config files"
copy:
src: /data/tsg-os-provision/provision.yml
dest: /data/tsg-os-provision/provision.yml.snapshot
- name: "tsg-os-provision: restart maat-redis"
systemd:
name: maat-redis
enabled: yes
state: started
when:
- feature.enable_policy_local_cache == 1
- enable_config_apply == '1'
- name: "tsg-os-provision: restart consul"
systemd:
name: consul
state: restarted
when:
- enable_config_apply == '1'
- shaping.enable == 1
- name: "tsg-os-provision: restart mrenv"
systemd:
name: mrenv
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrzcpd"
systemd:
name: mrzcpd
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_device"
systemd:
name: mrapm_device
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_stream"
systemd:
name: mrapm_stream
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart telegraf_proxy"
systemd:
name: telegraf_proxy
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart certstore"
systemd:
name: certstore
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart cert-redis"
systemd:
name: cert-redis
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart sapp"
systemd:
name: sapp
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart tfe"
systemd:
name: tfe
state: restarted
when: enable_config_apply == '1'

127
ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01
View File

@@ -1,127 +0,0 @@
---
- hosts: provision
tasks:
- name: Load default config file variable
include_vars:
file: /opt/tsg/tsg-os-provision/provision.default.yml
- name: Load general config file variable
include_vars:
file: /data/tsg-os-provision/provision.yml
- name: Load provision.yml.d config file variable
include_vars:
dir: /data/tsg-os-provision/provision.yml.d/
ignore_unknown_extensions: yes
extensions:
- 'yml'
- 'yaml'
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
state: directory
- name: "template setup_policy_log_nic_network.sh"
template:
src: ../templates/setup_policy_log_nic_network.sh.j2
dest: /opt/tsg/tsg-os-provision/scripts/setup_policy_log_nic_network.sh
mode: 0755
- name: "execute setup_policy_log_nic_network.sh"
shell: /opt/tsg/tsg-os-provision/scripts/setup_policy_log_nic_network.sh
register: result_exec_setup_policy_log_nic_network
- name: "Output results that executes command that gets the result_exec_setup_policy_log_nic_network"
debug:
msg: "{{ result_exec_setup_policy_log_nic_network }}"
- name: "Verify result_exec_setup_policy_log_nic_network"
assert:
that:
- result_exec_setup_policy_log_nic_network.rc == 0
- result_exec_setup_policy_log_nic_network.failed == False
fail_msg: "error:{{ result_exec_setup_policy_log_nic_network.stderr }},stdout:{{ result_exec_setup_policy_log_nic_network }}"
success_msg: "{{ result_exec_setup_policy_log_nic_network.stdout_lines }}"
- name: "tsg-os-provision: obtain sn from mxn and write sn to tsg_sn.json"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh 192.168.100.5
register: result_exec_obtain_sn_and_write_sn_in_file
- name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file"
assert:
that:
- result_exec_obtain_sn_and_write_sn_in_file.rc == 0
- result_exec_obtain_sn_and_write_sn_in_file.failed == False
fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}"
success_msg: "Successded: obtain the sn and write sn into tsg_sn.json"
- name: "set cm_policy_server_ip var depend on enable_policy_local_cache"
set_fact:
cm_policy_server_ip: "{{ item.cm_policy_server_ip }}"
cm_policy_server_port: "{{ item.cm_policy_server_port }}"
when: feature.enable_policy_local_cache == item.enable_policy_local_cache
with_items:
- { "enable_policy_local_cache": 1, "cm_policy_server_ip": 192.168.100.1, "cm_policy_server_port": 7002 }
- { "enable_policy_local_cache": 0, "cm_policy_server_ip": "{{cm.policy_server.address}}", "cm_policy_server_port": "{{ cm.policy_server.port }}"}
- name: "tsg-os-provision: template the tsg_device_tag"
template:
src: "../templates/tsg_device_tag.json.j2"
dest: /opt/tsg/etc/tsg_device_tag.json
tags: tsg_device_tag
- name: "tsg-os-provision: template the tfe.conf"
template:
src: "../templates/tfe.conf.j2"
dest: /opt/tsg/tfe/conf/tfe/tfe.conf
tags: tfe
- name: "tsg-os-provision: coredump setup override - mkdir"
file:
path: /usr/lib/systemd/coredump.conf.d/
state: directory
- name: "tsg-os-provision: coredump setup override - override"
template:
src: "../templates/coredump_setup_override.conf.j2"
dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
- name: 'tsg-os-provision: execute command - systemctl daemon-reload'
systemd:
daemon_reload: yes
- name: "tsg-os-provision: snapshot the stage2 config files"
copy:
src: /data/tsg-os-provision/provision.yml
dest: /data/tsg-os-provision/provision.yml.snapshot
- name: "tsg-os-provision: restart mrenv"
systemd:
name: mrenv
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrzcpd"
systemd:
name: mrzcpd
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_device"
systemd:
name: mrapm_device
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_stream"
systemd:
name: mrapm_stream
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart tfe"
systemd:
name: tfe
state: restarted
when: enable_config_apply == '1'

110
ansible/roles/tsg-os-provision/tasks/main.yml
View File

@@ -1,110 +0,0 @@
- name: "set system default.target"
shell: ln -vfs /usr/lib/systemd/system/workload.target /etc/systemd/system/default.target
- name: "tsg-os-provision: build tsg-os-provision directory and sub directory"
file:
path: "{{ item }}"
state: directory
with_items:
- "/opt/tsg/tsg-os-provision/"
- "/opt/tsg/tsg-os-provision/files/"
- "/opt/tsg/tsg-os-provision/tasks/"
- "/opt/tsg/tsg-os-provision/templates/"
- "/opt/tsg/tsg-os-provision/scripts/"
- name: "tsg-os-provision: copy hosts file dest"
copy:
src: "{{ role_path }}/files/hosts"
dest: /opt/tsg/tsg-os-provision/hosts
mode: 0644
- name: "tsg-os-provision: template network settings shell"
copy:
src: "{{ role_path }}/files/network_settings/{{ item }}"
dest: "/opt/tsg/tsg-os-provision/templates/"
with_items:
- adapt_tera_network_setting.sh.j2
- setup_policy_log_nic_network.sh.j2
- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg7400 mcn0"
copy:
src: "{{ role_path }}/files/tasks/provision.yml.7400MCN0P01R01"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: runtime_env == 'TSG-7400-mcn0'
- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg7400 mcn1 mcn2 mcn3"
copy:
src: "{{ role_path }}/files/tasks/provision.yml.7400MCN123P01R01"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: runtime_env == 'TSG-7400-mcn123'
- name: "tsg-os-provision: copy provision.default.yml - tsg7400 mcn0"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.7400MCN0P01R01"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: runtime_env == 'TSG-7400-mcn0'
- name: "tsg-os-provision: copy provision.default.yml - tsg7400 mcn123"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.7400MCN123P01R01"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: runtime_env == 'TSG-7400-mcn123'
- name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0"
copy:
src: "{{ role_path }}/files/config_sample/provision.yml.sample.7400MCN0P01R01"
dest: /opt/tsg/tsg-os-provision/provision.yml.sample
mode: 0644
when: runtime_env == 'TSG-7400-mcn0'
- name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn1 mcn2 mcn3"
copy:
src: "{{ role_path }}/files/config_sample/provision.yml.sample.7400MCN123P01R01"
dest: /opt/tsg/tsg-os-provision/provision.yml.sample
mode: 0644
when: runtime_env == 'TSG-7400-mcn123'
- name: "tsg-os-provision: copy provision.sh file to dest"
copy:
src: "{{ role_path }}/files/script/{{ item }}"
dest: /opt/tsg/tsg-os-provision/scripts
mode: 0755
with_items:
- provision.sh
- convertor.sh
- name: "install tsg-os-provision.service -- TSG7400"
copy:
src: "{{ role_path }}/files/service/{{ item.src }}"
dest: /usr/lib/systemd/system/{{ item.dest }}
mode: 0644
with_items:
- { "src": tsg-os-provision.service.TSG7400, "dest": tsg-os-provision.service }
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "replace action: replace service WantedBy from multi-user.target to workload.target --TSG7400"
replace:
path: "{{ item }}"
regexp: 'WantedBy=multi-user.target'
replace: 'RequiredBy=workload.target'
with_items:
- /usr/lib/systemd/system/tsg-os-provision.service
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "tsg-os-provision: enable tsg-os-provison -- TSG7400"
systemd:
name: "{{ item }}"
enabled: yes
with_items:
- tsg-os-provision
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "copy tsg-os-provision.sh to destination"
copy:
src: "{{ role_path }}/files/script/tsg-os-provision.sh"
dest: /etc/profile.d/
mode: 0755

6
ansible/roles/tsg_device_tag/tasks/main.yml
View File

@@ -1,6 +0,0 @@
---
- name: "Template the tsg_device_tag.json.j2"
template:
src: "{{ role_path }}/templates/tsg_device_tag.json.j2.j2"
dest: /opt/tsg/tsg-os-provision/templates/tsg_device_tag.json.j2
tags: template

17
ansible/roles/tsg_device_tag/templates/tsg_device_tag.json.j2.j2
View File

@@ -1,17 +0,0 @@
[MAAT]
{% raw %}{% set tags_list = [] %}
{% if data_center.name is defined %}
{% set tag_json = "{\"tag\":\"" ~ "data_center" ~ "\",\"value\":\"" ~ data_center.name ~ "\"}" %}
{{tags_list.append(tag_json)}}{% endif %}
{% if device.tags is defined %}
{% for device_tag in device.tags %}
{% for key,value in device_tag.items() %}
{% set tag_json = "{\"tag\":\"" ~ key ~ "\",\"value\":\"" ~ value ~ "\"}" %}
{{tags_list.append(tag_json)}}{% endfor %}
{% endfor %}
{% endif %}
{% if data_center.name is not defined and device.tags is not defined %}
{{ device.tags }}
{% endif %}
ACCEPT_TAGS={"tags":[{{ tags_list | join(",") }}]}
{% endraw %}

BIN
ansible/roles/tsg_sn/files/cmm_api_tst
View File

Binary file not shown.

36
ansible/roles/tsg_sn/files/obtain_sn.sh.TSG7400
View File

@@ -1,36 +0,0 @@
#!/bin/bash -x
ip_of_obtain_sn=$1
if [ $ip_of_obtain_sn == '127.0.0.1' ];then
echo "{\"sn\": \"CBT22021250000020625\"}" > /opt/tsg/etc/tsg_sn.json
exit 0
fi
if [ ! -f "/opt/tsg/tsg-os-provision/scripts/cmm_api_tst" ];then
echo "not found cmm_api_tst!"
echo "{\"sn\": \"unknown\"}" > /opt/tsg/etc/tsg_sn.json
echo "device_id=\"unknown\"" > /etc/default/telegraf
exit 0
fi
/opt/tsg/tsg-os-provision/scripts/cmm_api_tst 9 1 1 $ip_of_obtain_sn | tee chid.id
if [ $? != 0 ]; then
echo "cmm_api_tst failed!"
echo "{\"sn\": \"unknown\"}" > /opt/tsg/etc/tsg_sn.json
echo "device_id=\"unknown\"" > /etc/default/telegraf
exit 0
fi
CHID=`cat chid.id | sed -n '1p' | awk -F ":" '{print $2}' | sed 's/ //g'`
CHIDL=`echo $CHID | awk '{print length($0)}'`
if [ $CHIDL != 20 ];then
echo "CHID length is not 20!"
echo "{\"sn\": \"unknown\"}" > /opt/tsg/etc/tsg_sn.json
echo "device_id=\"unknown\"" > /etc/default/telegraf
exit 0
fi
echo "{\"sn\": \"$CHID\"}" > /opt/tsg/etc/tsg_sn.json
echo "device_id=\"$CHID\"" > /etc/default/telegraf

42
ansible/roles/tsg_sn/files/read_sn_to_env.sh
View File

@@ -1,42 +0,0 @@
#!/bin/bash -x
DEVICE_TYPE=
SN=
function read_device_type()
{
product_name=`ipmitool fru list | grep 'Product Name' | awk '{print $4}' | head -n 1`
case ${product_name} in
"ACB300-040-00" | "9000-NPB-P01R01")
DEVICE_TYPE="9000-NPB"
;;
*)
;;
esac
}
function read_sn()
{
if [ ${DEVICE_TYPE} == "9000-NPB" ]; then
SN=`ipmitool fru -t 130 | awk 'NR==12' | awk '{ print $4}'`
else
SN=`ipmitool fru list | grep 'Product Serial' | awk '{ print $4}' | head -n 1`
fi
if [ -z "${SN}" ]; then
SN="unknown"
fi
}
function add_sn_env()
{
env_profile="/etc/profile.d/sn.sh"
#export SN=${SN}. Not set in present session.
echo "export SN=${SN}" > ${env_profile}
chmod 0755 ${env_profile}
}
read_device_type
read_sn
add_sn_env

29
ansible/roles/tsg_sn/tasks/main.yml
View File

@@ -1,29 +0,0 @@
---
- name: "7400-mcn0 & 7400-mcn123: Create /opt/tsg/tsg-os-provision/scripts/"
file:
path: "/opt/tsg/tsg-os-provision/scripts/"
state: directory
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "7400-mcn0 & 7400-mcn123: Deploy obtain_sn.sh"
copy:
src: "{{ role_path }}/files/{{ item.src }}"
dest: "/opt/tsg/tsg-os-provision/scripts/{{ item.dest }}"
mode: 0755
with_items:
- { "src": "obtain_sn.sh.TSG7400", "dest": "obtain_sn.sh" }
- { "src": "cmm_api_tst", "dest": "cmm_api_tst" }
when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
- name: "TSG-X: Create /opt/tsg/scripts/"
file:
path: "/opt/tsg/scripts/"
state: directory
when: runtime_env == 'TSG-X-P0906'
- name: "TSG-X: Deploy obtain-sn.sh"
copy:
src: "{{ role_path }}/files/read_sn_to_env.sh"
dest: /opt/tsg/scripts/read_sn_to_env.sh
mode: 0755
when: runtime_env == 'TSG-X-P0906'

142
conf/yum-CentOS-7.conf
View File

@@ -1,142 +0,0 @@
[main]
cachedir=/var/cache/yum/x86_64/7
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
distroverpkg=centos-release
reposdir=./
[base]
name=CentOS-7 - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/
https://mirrors.tuna.tsinghua.edu.cn/centos/7/os/x86_64/
http://mirrors.aliyuncs.com/centos/7/os/x86_64/
http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[updates]
name=CentOS-7 - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/updates/x86_64/
https://mirrors.tuna.tsinghua.edu.cn/centos/7/updates/x86_64/
http://mirrors.aliyuncs.com/centos/7/updates/x86_64/
http://mirrors.cloud.aliyuncs.com/centos/7/updates/x86_64/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[extras]
name=CentOS-7 - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/extras/x86_64/
https://mirrors.tuna.tsinghua.edu.cn/centos/7/extras/x86_64/
http://mirrors.aliyuncs.com/centos/7/extras/x86_64/
http://mirrors.cloud.aliyuncs.com/centos/7/extras/x86_64/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[epel]
name=Extra Packages for Enterprise Linux 7 - x86_64
baseurl=https://mirrors.aliyun.com/epel/7/x86_64
https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[docker-ce-stable]
name=Docker CE Stable
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[home_opcm]
name=home:opcm (CentOS_7)
type=rpm-md
baseurl=https://download.opensuse.org/repositories/home:/opcm/CentOS_7/
https://ftp.gwdg.de/pub/opensuse/repositories/home:/opcm/CentOS_7/
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/home:/opcm/CentOS_7/repodata/repomd.xml.key
https://ftp.gwdg.de/pub/opensuse/repositories/home:/opcm/CentOS_7/repodata/repomd.xml.key
enabled=1
[shells_fish_release_3]
name=Fish shell - 3.x release series (CentOS_7)
type=rpm-md
baseurl=https://download.opensuse.org/repositories/shells:/fish:/release:/3/CentOS_7/
https://ftp.gwdg.de/pub/opensuse/repositories/shells:/fish:/release:/3/CentOS_7/
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/shells:/fish:/release:/3/CentOS_7/repodata/repomd.xml.key
https://ftp.gwdg.de/pub/opensuse/repositories/shells:/fish:/release:/3/CentOS_7/repodata/repomd.xml.key
enabled=1
[framework]
name=framework
baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/framework/
enabled=1
gpgcheck=0
username=PULP_REPO_USERNAME
password=PULP_REPO_PASSWORD
[platform]
name=platform
baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/platform/
enabled=1
gpgcheck=0
username=PULP_REPO_USERNAME
password=PULP_REPO_PASSWORD
[protocol]
name=protocol
baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/protocol/
enabled=1
gpgcheck=0
username=PULP_REPO_USERNAME
password=PULP_REPO_PASSWORD
[tsg]
name=tsg
baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/tsg/
enabled=1
gpgcheck=0
username=PULP_REPO_USERNAME
password=PULP_REPO_PASSWORD
[AppSktech]
name=AppSketch
baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/AppSketch/
enabled=1
gpgcheck=0
username=PULP_REPO_USERNAME
password=PULP_REPO_PASSWORD
[tfe]
name=tfe
baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/tfe/
enabled=1
gpgcheck=0
username=PULP_REPO_USERNAME
password=PULP_REPO_PASSWORD
[ofed]
name=ofed
baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/ofed/
enabled=1
gpgcheck=0
username=PULP_REPO_USERNAME
password=PULP_REPO_PASSWORD
[stellar]
name=stellar
baseurl=https://repo.geedge.net/pulp/content/7/x86_64/stable/stellar/
enabled=1
gpgcheck=0
username=PULP_REPO_USERNAME
password=PULP_REPO_PASSWORD

72
make/Makefile.7400MCN0P01R01
View File

@@ -1,72 +0,0 @@
PROFILE_ID := 7400-MCN0-P01R01
SUPPORTED_MACHINE_ID := 7400-MCN0-P01R01
KERNEL_ARGS := console=ttyS0,115200n8 crashkernel=512M intel_iommu=on iommu=pt pci=realloc,assign-busses selinux=0 transparent_hugepage=never processor.max_cstate=0 intel_idle.max_cstate=0 intel_pstate=disable
GRUB_SERIAL_COMMAND :=
SIZE_PART_SYSROOT := 16384M
SIZE_PART_UPDATE := 16384M
PROFILE_ID_IN_SHORT := $(subst -,$e,$(PROFILE_ID))
CHROOT_PKG := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-chroot.tar.bz2
CHROOT_BIN := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-ONIE.bin
TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID)
TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer
TARGET_SYSROOT_DIR := $(TARGET_BUILD_DIR)/sysroot
.PHONY: all builddir installer sysroot-base sysroot-ansible sysroot-cleanup sysroot-archive sysroot-binary clean
all: sysroot-binary
builddir:
mkdir -p $(TARGET_BUILD_DIR)
installer: builddir
rm -rf $(TARGET_INSTALLER_DIR)
mkdir -p $(TARGET_INSTALLER_DIR)
cp $(INSTALLERDIR)/install.sh $(TARGET_INSTALLER_DIR)/install.sh
cp $(INSTALLERDIR)/distro-setup.sh $(TARGET_INSTALLER_DIR)/distro-setup.sh
chmod +x $(TARGET_INSTALLER_DIR)/install.sh
chmod +x $(TARGET_INSTALLER_DIR)/distro-setup.sh
sed -i -e "s/%%DISTR0_VER%%/$(OS_RELEASE_VER)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%MACHINE_ID%%/$(SUPPORTED_MACHINE_ID)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%CHROOT_PKG%%/$(CHROOT_PKG)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%KERNAL_ARGS%%/$(KERNEL_ARGS)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%GRUB_SERIAL_COMMAND%%/$(GRUB_SERIAL_COMMAND)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i '/sapp-pr:/d;/mrzcpd-icelake-server:/d;/mrzcpd-znver1:/d;/mrzcpd-corei7:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
sysroot-base: builddir
$(TOOLSDIR)/mk-base-image $(CONFDIR)/yum-CentOS-7.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR) $(PROFILE_ID)
sysroot-verfile: sysroot-base
sed -i -e "s/^NAME=.*/NAME=\"TSG-OS\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sed -i -e "s/^VERSION=.*/VERSION=\"$(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sed -i -e "s/^PRETTY_NAME=.*/PRETTY_NAME=\"TSG-OS $(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sysroot-ansible: sysroot-verfile sysroot-base
cp $(CONFDIR)/yum-CentOS-7.conf $(TARGET_SYSROOT_DIR)/tmp/ -r
cp /etc/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r
cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r
cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
$(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf $(OS_RELEASE_VER)
cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
rm -rf $(TARGET_SYSROOT_DIR)/etc/resolv.conf
sysroot-cleanup:
rm -rf $(TARGET_SYSROOT_DIR)/tmp/*
rm -rf $(TARGET_SYSROOT_DIR)/dev/*
sysroot-archive: installer sysroot-ansible sysroot-cleanup
tar --exclude=*~ --exclude-backups --owner=root --group=root -c -C $(TARGET_SYSROOT_DIR) . | pbzip2 -p9 > $(TARGET_INSTALLER_DIR)/$(CHROOT_PKG)
sysroot-binary: sysroot-archive
mkdir -p $(TARGET_BUILD_DIR)/cook-bits
$(TOOLSDIR)/cook-bits $(TARGET_BUILD_DIR) $(TARGET_BUILD_DIR)/cook-bits $(IMAGEDIR_BASE)/$(CHROOT_BIN)
sha256sum $(IMAGEDIR_BASE)/$(CHROOT_BIN) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(CHROOT_BIN).sha256sum.txt
clean:
rm -rf $(TARGET_BUILD_DIR)

72
make/Makefile.7400MCN123P01R01
View File

@@ -1,72 +0,0 @@
PROFILE_ID := 7400-MCN123-P01R01
SUPPORTED_MACHINE_ID := 7400-MCN123-P01R01
KERNEL_ARGS := console=ttyS0,115200n8 crashkernel=512M intel_iommu=on iommu=pt pci=realloc,assign-busses selinux=0 transparent_hugepage=never processor.max_cstate=0 intel_idle.max_cstate=0 intel_pstate=disable
GRUB_SERIAL_COMMAND :=
SIZE_PART_SYSROOT := 16384M
SIZE_PART_UPDATE := 16384M
PROFILE_ID_IN_SHORT := $(subst -,$e,$(PROFILE_ID))
CHROOT_PKG := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-chroot.tar.bz2
CHROOT_BIN := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-ONIE.bin
TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID)
TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer
TARGET_SYSROOT_DIR := $(TARGET_BUILD_DIR)/sysroot
.PHONY: all builddir installer sysroot-base sysroot-ansible sysroot-cleanup sysroot-archive sysroot-binary clean
all: sysroot-binary
builddir:
mkdir -p $(TARGET_BUILD_DIR)
installer: builddir
rm -rf $(TARGET_INSTALLER_DIR)
mkdir -p $(TARGET_INSTALLER_DIR)
cp $(INSTALLERDIR)/install.sh $(TARGET_INSTALLER_DIR)/install.sh
cp $(INSTALLERDIR)/distro-setup.sh $(TARGET_INSTALLER_DIR)/distro-setup.sh
chmod +x $(TARGET_INSTALLER_DIR)/install.sh
chmod +x $(TARGET_INSTALLER_DIR)/distro-setup.sh
sed -i -e "s/%%DISTR0_VER%%/$(OS_RELEASE_VER)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%MACHINE_ID%%/$(SUPPORTED_MACHINE_ID)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%CHROOT_PKG%%/$(CHROOT_PKG)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%KERNAL_ARGS%%/$(KERNEL_ARGS)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%GRUB_SERIAL_COMMAND%%/$(GRUB_SERIAL_COMMAND)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i '/mrzcpd-icelake-server:/d;/mrzcpd-znver1:/d;/mrzcpd-corei7:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
sysroot-base: builddir
$(TOOLSDIR)/mk-base-image $(CONFDIR)/yum-CentOS-7.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR) $(PROFILE_ID)
sysroot-verfile: sysroot-base
sed -i -e "s/^NAME=.*/NAME=\"TSG-OS\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sed -i -e "s/^VERSION=.*/VERSION=\"$(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sed -i -e "s/^PRETTY_NAME=.*/PRETTY_NAME=\"TSG-OS $(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sysroot-ansible: sysroot-verfile sysroot-base
cp $(CONFDIR)/yum-CentOS-7.conf $(TARGET_SYSROOT_DIR)/tmp/ -r
cp /etc/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r
cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r
cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
$(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf $(OS_RELEASE_VER)
cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
rm -rf $(TARGET_SYSROOT_DIR)/etc/resolv.conf
sysroot-cleanup:
rm -rf $(TARGET_SYSROOT_DIR)/tmp/*
rm -rf $(TARGET_SYSROOT_DIR)/dev/*
sysroot-archive: installer sysroot-ansible sysroot-cleanup
tar --exclude=*~ --exclude-backups --owner=root --group=root -c -C $(TARGET_SYSROOT_DIR) . | pbzip2 -p9 > $(TARGET_INSTALLER_DIR)/$(CHROOT_PKG)
sysroot-binary: sysroot-archive
mkdir -p $(TARGET_BUILD_DIR)/cook-bits
$(TOOLSDIR)/cook-bits $(TARGET_BUILD_DIR) $(TARGET_BUILD_DIR)/cook-bits $(IMAGEDIR_BASE)/$(CHROOT_BIN)
sha256sum $(IMAGEDIR_BASE)/$(CHROOT_BIN) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(CHROOT_BIN).sha256sum.txt
clean:
rm -rf $(TARGET_BUILD_DIR)

20
tools/mk-base-image
View File

@@ -21,11 +21,6 @@ case $profile_id in
$projectdir/package/kernel-ml-$kernel_version.rpm
$projectdir/package/kernel-ml-devel-$kernel_version.rpm"
;;
"7400-MCN0-P01R01" | "7400-MCN123-P01R01")
kernel_version="5.4.159-1.el7.elrepo.x86_64"
append_package_to_install="$projectdir/package/kernel-lt-$kernel_version.rpm
$projectdir/package/kernel-lt-devel-$kernel_version.rpm"
;;
*)
kernel_version="error_profile_id"
echo "Set kernel_version failed, error profile_id: $profile_id"
@@ -45,12 +40,6 @@ case $profile_id in
python3-docutils libnsl liburing hwloc-gui perl-open perl python2 js-d3-flame-graph xmlstarlet conntrack-tools crudini"
;;
"7400-MCN0-P01R01" | "7400-MCN123-P01R01")
base_package_to_install="@base @core @debugging @directory-client @guest-agents
@hardware-monitoring @network-file-system-client @performance @remote-system-management
grub2 epel-release efibootmgr ansible yum-utils ipmitool docker-ce docker-ce-cli
containerd.io lrzsz python3 vconfig watchdog pcm git tmux fish rpm-build hwloc-gui"
;;
*)
base_package_to_install="error_profile_id"
echo "Set base_package_to_install failed, error profile_id: $profile_id"
@@ -145,15 +134,6 @@ if [ ! -f "$target/etc/pam.d/password-auth-local" ]; then
ln -vfs --relative $target/etc/pam.d/password-auth-local $target/etc/pam.d/password-auth
fi
case $profile_id in
"7400-MCN0-P01R01" | "7400-MCN123-P01R01")
cp -rf $projectdir/rootconf/sysroot-usr/target/* $target/usr/lib/systemd/system
mkdir -p $target/usr/lib/systemd/system/workload.target.wants
;;
*)
echo "Profile_id: $profile_id not need workload.target"
;;
esac
# ansible-playbook -i tsg-9140-scripts/install_config/tsg_9140_host tsg-9140-scripts/tsg_9140_deploy.yml
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt clean all