diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 221a8313..f61502fc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -111,32 +111,6 @@ feature_branch_build_9000: - /^rel-.*$/i - /^update-.*$/i -# feature_branch_build_TSGXP1403: -# image: $BUILD_BASED_IMAGE_CENTOS7 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P1403 -# DALIY_BUILD_VERSION: 1 -# except: -# - tags -# - /^dev-.*$/i -# - /^rel-.*$/i -# - /^update-.*$/i - -# feature_branch_build_TSGXP0804: -# image: $BUILD_BASED_IMAGE_ROCKYLINUX8 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P0804 -# DALIY_BUILD_VERSION: 1 -# except: -# - tags -# - /^dev-.*$/i -# - /^rel-.*$/i -# - /^update-.*$/i - feature_branch_build_container_images_TSGXP0906: image: $BUILD_BASED_IMAGE_ROCKYLINUX8 stage: build @@ -259,34 +233,6 @@ develop_build_9000: only: - /^dev-.*$/i -# develop_build_TSGXP1403: -# image: $BUILD_BASED_IMAGE_CENTOS7 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P1403 -# UPLOAD_TO_FILE_REPO: 1 -# PULP3_FILE_REPO_NAME: tsg-os-images-develop -# PULP3_FILE_DIST_NAME: tsg-os-images-develop -# DALIY_BUILD_VERSION: 1 -# FILE_REPO_PATH: install/develop/tsg-os-images -# only: -# - /^dev-.*$/i - -# develop_build_TSGXP0804: -# image: $BUILD_BASED_IMAGE_ROCKYLINUX8 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P0804 -# UPLOAD_TO_FILE_REPO: 1 -# PULP3_FILE_REPO_NAME: tsg-os-images-develop -# PULP3_FILE_DIST_NAME: tsg-os-images-develop -# DALIY_BUILD_VERSION: 1 -# FILE_REPO_PATH: install/develop/tsg-os-images -# only: -# - /^dev-.*$/i - develop_build_container_images_TSGXP0906: image: $BUILD_BASED_IMAGE_ROCKYLINUX8 stage: build @@ -415,34 +361,6 @@ testing_build_9000: only: - /^rel-.*$/i -# testing_build_TSGXP1403: -# image: $BUILD_BASED_IMAGE_CENTOS7 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P1403 -# UPLOAD_TO_FILE_REPO: 1 -# PULP3_FILE_REPO_NAME: tsg-os-images-testing -# PULP3_FILE_DIST_NAME: tsg-os-images-testing -# FILE_REPO_PATH: install/testing/tsg-os-images -# DALIY_BUILD_VERSION: 1 -# only: -# - /^rel-.*$/i - -# testing_build_TSGXP0804: -# image: $BUILD_BASED_IMAGE_ROCKYLINUX8 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P0804 -# UPLOAD_TO_FILE_REPO: 1 -# PULP3_FILE_REPO_NAME: tsg-os-images-testing -# PULP3_FILE_DIST_NAME: tsg-os-images-testing -# FILE_REPO_PATH: install/testing/tsg-os-images -# DALIY_BUILD_VERSION: 1 -# only: -# - /^rel-.*$/i - testing_build_container_images_TSGXP0906: image: $BUILD_BASED_IMAGE_ROCKYLINUX8 stage: build @@ -571,34 +489,6 @@ rc_build_9000: only: - /^.*-rc.*$/i -# rc_build_TSGXP1403: -# image: $BUILD_BASED_IMAGE_CENTOS7 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P1403 -# UPLOAD_TO_FILE_REPO: 1 -# DALIY_BUILD_VERSION: 0 -# PULP3_FILE_REPO_NAME: tsg-os-images-rc -# PULP3_FILE_DIST_NAME: tsg-os-images-rc -# FILE_REPO_PATH: install/rc/tsg-os-images -# only: -# - /^.*-rc.*$/i - -# rc_build_TSGXP0804: -# image: $BUILD_BASED_IMAGE_ROCKYLINUX8 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P0804 -# UPLOAD_TO_FILE_REPO: 1 -# DALIY_BUILD_VERSION: 0 -# PULP3_FILE_REPO_NAME: tsg-os-images-rc -# PULP3_FILE_DIST_NAME: tsg-os-images-rc -# FILE_REPO_PATH: install/rc/tsg-os-images -# only: -# - /^.*-rc.*$/i - rc_build_container_images_TSGXP0906: image: $BUILD_BASED_IMAGE_ROCKYLINUX8 stage: build @@ -733,38 +623,6 @@ release_build_9000: except: - /^.*-rc.*$/i -# release_build_TSGXP1403: -# image: $BUILD_BASED_IMAGE_CENTOS7 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P1403 -# UPLOAD_TO_FILE_REPO: 1 -# DALIY_BUILD_VERSION: 0 -# PULP3_FILE_REPO_NAME: tsg-os-images-release -# PULP3_FILE_DIST_NAME: tsg-os-images-release -# FILE_REPO_PATH: install/release/tsg-os-images -# only: -# - tags -# except: -# - /^.*-rc.*$/i - -# release_build_TSGXP0804: -# image: $BUILD_BASED_IMAGE_ROCKYLINUX8 -# stage: build -# extends: .build_tsg-buildimage -# variables: -# PROFILE_LIST: TSGXNXR620G40R01P0804 -# UPLOAD_TO_FILE_REPO: 1 -# DALIY_BUILD_VERSION: 0 -# PULP3_FILE_REPO_NAME: tsg-os-images-release -# PULP3_FILE_DIST_NAME: tsg-os-images-release -# FILE_REPO_PATH: install/release/tsg-os-images -# only: -# - tags -# except: -# - /^.*-rc.*$/i - release_build_container_images_TSGXP0906: image: $BUILD_BASED_IMAGE_ROCKYLINUX8 stage: build diff --git a/ansible/HAL_deploy.yml b/ansible/HAL_deploy.yml index 343fe380..405c60c8 100644 --- a/ansible/HAL_deploy.yml +++ b/ansible/HAL_deploy.yml @@ -13,8 +13,6 @@ - {role: framework, tags: framework} - {role: mrzcpd, tags: mrzcpd} - {role: sapp, tags: sapp} - - {role: tsg_master, tags: tsg_master} - - {role: shaping_master, tags: shaping_master} - {role: kni, tags: kni} - {role: firewall, tags: firewall} - {role: tsg_app, tags: tsg_app} @@ -65,8 +63,6 @@ - {role: framework, tags: framework} - {role: mrzcpd, tags: mrzcpd} - {role: sapp, tags: sapp} - - {role: tsg_master, tags: tsg_master} - - {role: shaping_master, tags: shaping_master} - {role: kni, tags: kni} - {role: firewall, tags: firewall} - {role: tsg_app, tags: tsg_app} @@ -90,70 +86,6 @@ - {role: consul, tags: consul} - {role: hasp, tags: hasp} -- hosts: TSG-X-NXR620G40-R01-P1403 - remote_user: root - vars_files: - - install_config/group_vars/HAL_TSGXNXR620G40R01P1403.yml - - install_config/group_vars/rpm_version.yml - roles: - - {role: tsg-os-provision, tags: tsg-os-provision} - - {role: coredump, tags: coredump} - - {role: tsg_device_tag, tags: tsg_device_tag} - - {role: tsg_sn, tags: tsg_sn} - - {role: framework, tags: framework} - - {role: mrzcpd, tags: mrzcpd} - - {role: sapp, tags: sapp} - - {role: tsg_master, tags: tsg_master} - - {role: shaping_master, tags: shaping_master} - - {role: firewall, tags: firewall} - - {role: tsg_app, tags: tsg_app} - - {role: telegraf_statistic, tags: telegraf_statistic} - - {role: sysctl, tags: sysctl} - - {role: exporter, tags: exporter} - - {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403} - - {role: system-init, tags: system-init} - - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition} - - {role: consul, tags: consul} - - {role: hasp, tags: hasp} - - {role: OFED, tags: OFED} - -- hosts: TSG-X-NXR620G40-R01-P0804 - remote_user: root - vars_files: - - install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml - - install_config/group_vars/rpm_version.yml - roles: - - {role: tsg-os-provision, tags: tsg-os-provision} - - {role: coredump, tags: coredump} - - {role: tsg_device_tag, tags: tsg_device_tag} - - {role: tsg_sn, tags: tsg_sn} - - {role: framework, tags: framework} - - {role: mrzcpd, tags: mrzcpd} - - {role: sapp, tags: sapp} - - {role: tsg_master, tags: tsg_master} - - {role: shaping_master, tags: shaping_master} - - {role: kni, tags: kni} - - {role: firewall, tags: firewall} - - {role: tsg_app, tags: tsg_app} - - {role: redis, tags: redis} - - {role: certstore, tags: certstore} - - {role: tfe, tags: tfe} - - {role: telegraf_statistic, tags: telegraf_statistic} - - {role: sysctl, tags: sysctl} - - {role: exporter, tags: exporter} - - {role: docker, tags: docker} - - {role: tsg-diagnose, tags: tsg-diagnose} - - {role: tsg-exporter-proxy-TSGXP0804, tags: tsg-exporter-proxy-TSGXP0804} - - {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403} - - {role: system-init, tags: system-init} - - {role: wannat_wangw, tags: wannat_wangw} - - {role: wannat_common, tags: wannat_common} - - {role: wire_graft, tags: wire_graft} - - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition} - - {role: consul, tags: consul} - - {role: hasp, tags: hasp} - - {role: OFED, tags: OFED} - - hosts: TSG-X-NXR620G40-R01-P0906 remote_user: root vars_files: @@ -198,7 +130,6 @@ roles: - {role: framework, tags: framework} - {role: sapp, tags: sapp} - - {role: tsg_master, tags: tsg_master} - {role: firewall, tags: firewall} - {role: tsg_app, tags: tsg_app} - {role: wannat_wangw, tags: wannat_wangw} diff --git a/ansible/install_config/group_vars/HAL_SERVER.yml b/ansible/install_config/group_vars/HAL_SERVER.yml deleted file mode 100644 index 77d55a57..00000000 --- a/ansible/install_config/group_vars/HAL_SERVER.yml +++ /dev/null @@ -1,72 +0,0 @@ -# TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-9140 硬件平台 -# variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "." - -control_and_policy: - nic_name: eth_pf_ctl - -workload_zcpd: - cpu_affinity: 100,101,102,103 - hugepage_num_1G: 16 - -dp_traffic_mirror: - nic_name: eth_pf_mirr - traffic_mirror_vlan_id: 0 - -workload_firewall: - cpu_affinity: 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99 - worker_threads: 83 - send_only_threads_max: 0 - -dp_steering_firewall: - deployment: inline - encapsulation: vxlan - capture_packet: driver - nic_internal: eth_vf_raw - nic_internal_mac: 90:00:00:91:40:01 - enable_mirror: 1 - -diagnose: - virtual_server_nic: eth_vf_dign_s - virtual_client_nic: eth_vf_dign_c - -prefix_path: - mrzcpd: /opt/tsg/mrzcpd - framework: /opt/tsg/framework - sapp: /opt/tsg/sapp - -dp_steering_proxy: - ###### location: value {local, foreign} - location: local - node_list: - - nic_name: eth_vf_kni - -workload_proxy: - enable_cpu_affinity: 1 - cpu_affinity: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 - worker_thread: 15 - -dp_proxy: - nic_name_data_incoming: eth_vf_tfe - mac_addr_data_incoming: 00:0e:c6:d6:72:c1 - enable_traffic_mirror: 1 - traffic_mirror_type: 1 - -dp_certstore: - location: local - -wannat_wangw: - wangw_conf: - main: - recvfrom_NATGW_bind_first_port: 3545 - NAT_GW_tunnel_send_port: 3544 - -wire_graft: - wire_graft_conf: - toroad: - sendto_toroad_enable: 1 - -monitor: - enable_redis_exporter: 0 - enable_ipmi_exporter: 0 - -runtime_env: TSG-server \ No newline at end of file diff --git a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml deleted file mode 100644 index 70e08dce..00000000 --- a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml +++ /dev/null @@ -1,61 +0,0 @@ -control_and_policy: - nic_name: "{% raw %}{{ network_setting.nic_policy_log.name }}{% endraw %}" - -workload_zcpd: - cpu_affinity: "{% raw %}{{ workload_zcpd_cpu_affinity }}{% endraw %}" - hugepage_num_1G: 32 - -workload_firewall: - cpu_affinity: "{% raw %}{{ workload_firewall_cpu_affinity }}{% endraw %}" - worker_threads: "{% raw %}{{ workload_firewall_worker_threads }}{% endraw %}" - send_only_threads_max: 0 - -workload_proxy: - enable_cpu_affinity: 1 - cpu_affinity: "{% raw %}{{ workload_proxy_cpu_affinity }}{% endraw %}" - worker_thread: "{% raw %}{{ workload_proxy_worker_thread }}{% endraw %}" - -dp_traffic_mirror: - nic_name: "{% raw %}{{ network_setting.nic_mirror.name }}{% endraw %}" - traffic_mirror_vlan_id: 0 - -dp_steering_firewall: - #deloyment value: mirror,inline, transparent. mirror = one arm + mirror, inline = one arm + series, transparent = two arm + series - deployment: inline - #encapsulation value: vlan, vxlan, raw, provision - encapsulation: vxlan - # capture_packet value: pcap, driver - capture_packet: driver - nic_internal: "{% raw %}{{ network_setting.nic_raw.name }}{% endraw %}" - enable_mirror: 1 - -dp_steering_proxy: - ###### location: value {local, foreign} - location: local - node_list: - - nic_name: virtio_kni - -dp_certstore: - location: local - -dp_proxy: - nic_name_data_incoming: virtio_kni - mac_addr_data_incoming: 00:0e:c6:d6:72:c1 - enable_traffic_mirror: 1 - traffic_mirror_type: 1 - -prefix_path: - mrzcpd: /opt/tsg/mrzcpd - framework: /opt/tsg/framework - sapp: /opt/tsg/sapp - -monitor: - enable_redis_exporter: 0 - enable_ipmi_exporter: 0 - -diagnose: - virtual_server_nic: virtio_dign_s - virtual_client_nic: virtio_dign_c - -### TSG-server, TSG-7400-mcn0 TSG-7400-mcn123 TSG-9140 -runtime_env: TSG-X-P0804 \ No newline at end of file diff --git a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P1403.yml b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P1403.yml deleted file mode 100644 index e611a0ac..00000000 --- a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P1403.yml +++ /dev/null @@ -1,36 +0,0 @@ -control_and_policy: - nic_name: "{% raw %}{{ network_setting.nic_policy_log.name }}{% endraw %}" - -workload_zcpd: - cpu_affinity: "{% raw %}{{ workload_zcpd_cpu_affinity }}{% endraw %}" - hugepage_num_1G: 32 - -workload_firewall: - cpu_affinity: "{% raw %}{{ workload_firewall_cpu_affinity }}{% endraw %}" - worker_threads: "{% raw %}{{ workload_firewall_worker_threads }}{% endraw %}" - send_only_threads_max: 0 - -dp_traffic_mirror: - nic_name: eth_mirr_d - traffic_mirror_vlan_id: 0 - -dp_steering_firewall: - #deloyment value: mirror,inline, transparent. mirror = one arm + mirror, inline = one arm + series, transparent = two arm + series - deployment: inline - #encapsulation value: vlan, vxlan, raw, provision - encapsulation: vxlan - # capture_packet value: pcap, driver - capture_packet: driver - nic_internal: "{% raw %}{{ network_setting.nic_raw.name }}{% endraw %}" - enable_mirror: 0 - -prefix_path: - mrzcpd: /opt/tsg/mrzcpd - framework: /opt/tsg/framework - sapp: /opt/tsg/sapp - -monitor: - enable_redis_exporter: 1 - enable_ipmi_exporter: 1 -### TSG-server, TSG-7400-mcn0 TSG-7400-mcn123 TSG-9140 -runtime_env: TSG-X-P1403 \ No newline at end of file diff --git a/ansible/roles/kni/tasks/main.yml b/ansible/roles/kni/tasks/main.yml index 548016d3..151e853f 100644 --- a/ansible/roles/kni/tasks/main.yml +++ b/ansible/roles/kni/tasks/main.yml @@ -16,11 +16,4 @@ src: "{{ role_path }}/templates/kni.conf.j2" dest: /opt/tsg/sapp/etc/kni/kni.conf tags: template - when: runtime_env != 'TSG-X-P0804' and runtime_env != 'TSG-X-P0906' - -- name: Template the kni.conf - template: - src: "{{ role_path }}/templates/kni.conf.j2" - dest: /opt/tsg/tsg-os-provision/templates/kni.conf.j2 - tags: template - when: runtime_env == 'TSG-X-P0804' + when: runtime_env != 'TSG-X-P0906' diff --git a/ansible/roles/system-init-TSG-X-P1403/tasks/main.yml b/ansible/roles/system-init-TSG-X-P1403/tasks/main.yml index b75f7a75..cce6393c 100644 --- a/ansible/roles/system-init-TSG-X-P1403/tasks/main.yml +++ b/ansible/roles/system-init-TSG-X-P1403/tasks/main.yml @@ -149,17 +149,17 @@ mode: '0755' with_items: - /usr/lib/systemd/system/systemd-coredump@.service.d/ - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "copy service_override_RuntimeMaxSec.conf to dest" copy: src: "{{ role_path }}/templates/service_override_RuntimeMaxSec.conf" dest: /usr/lib/systemd/system/systemd-coredump@.service.d/service_override_RuntimeMaxSec.conf mode: 0644 - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "disable sssd" systemd: name: sssd enabled: no - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' diff --git a/ansible/roles/system-init/tasks/main.yml b/ansible/roles/system-init/tasks/main.yml index b2cc3b30..cb36df70 100644 --- a/ansible/roles/system-init/tasks/main.yml +++ b/ansible/roles/system-init/tasks/main.yml @@ -61,7 +61,7 @@ - name: "update initramfs" shell: dracut --force -v /boot/initramfs-5.4.159-1.el7.elrepo.x86_64.img 5.4.159-1.el7.elrepo.x86_64 - when: runtime_env != 'TSG-X-P1403' and runtime_env != 'TSG-X-P0804' and runtime_env != 'TSG-X-P0906' + when: runtime_env != 'TSG-X-P0906' - name: "Export MLX5_GLUE_PATH" lineinfile: @@ -70,7 +70,7 @@ - name: "Generate ansiblg.cfg after ansible upgrade in rockylinux8" shell: ansible-config init --disabled > /etc/ansible/ansible.cfg - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: 'change ansible hash_behaviour value replace to merge' lineinfile: @@ -81,7 +81,7 @@ - name: 'install psutil' shell: pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple psutil - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "add sudo secure_path" lineinfile: diff --git a/ansible/roles/tfe/tasks/main.yml b/ansible/roles/tfe/tasks/main.yml index 61164ee4..81a7e7ba 100644 --- a/ansible/roles/tfe/tasks/main.yml +++ b/ansible/roles/tfe/tasks/main.yml @@ -123,12 +123,12 @@ dest: /opt/tsg/tsg-os-provision/templates/service_add_StartPostForRps.conf.j2 when: runtime_env != 'TSG-X-P0906' -- name: "add condition into service depend provision result TSG-X-P0804" +- name: "add condition into service depend provision result TSG-X-P0906" copy: src: "{{ role_path }}/files/service_override_Requires.conf" dest: "/usr/lib/systemd/system/tfe-env.service.d/" mode: 0644 - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "template tfe-env shell to dest" template: diff --git a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf index 39b8a7ee..80afed24 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf +++ b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf @@ -1,21 +1,9 @@ [platform] +./plug/stellar_on_sapp/start_loader.inf {{- if eq .Values.wannat.enable .Values.define_enable_val_yes }} ./plug/platform/wannat/wangw.inf ./plug/platform/wire_graft/wire_graft.inf {{- end }} -./plug/platform/app_proto_identify/app_proto_identify.inf -{{- if eq .Values.session_flags.enable .Values.define_enable_val_yes }} -./plug/platform/session_flags/session_flags.inf -{{- end }} -{{- if eq .Values.packet_capture.enable .Values.define_enable_val_yes }} -./plug/platform/capture_packet_plug/capture_packet_plug.inf -{{- end }} -./plug/platform/tsg_master/tsg_master.inf -{{- if eq .Values.appsketch.enable .Values.define_enable_val_yes }} -{{- if eq .Values.appsketch.qdpi_detector .Values.define_enable_val_yes }} -./plug/platform/app_proto_engine/app_proto_engine.inf -{{- end }} -{{- end }} {{- if eq .Values.ddos_event.enable .Values.define_enable_val_yes }} ./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf {{- end }} @@ -75,18 +63,10 @@ {{- if eq .Values.firewall.enable .Values.define_enable_val_yes }} ./plug/business/firewall/firewall.inf {{- end }} -{{- if eq .Values.sessionrecord.enable .Values.define_enable_val_yes }} -./plug/business/session_record/session_record.inf -{{- end }} {{- if eq .Values.decoders.GTPC .Values.define_enable_val_yes }} ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf {{- end }} -./plug/business/stat_policy_enforcer/stat_policy_enforcer.inf -{{- if eq .Values.appsketch.enable .Values.define_enable_val_yes }} -{{- if eq .Values.appsketch.context_based_detector .Values.define_enable_val_yes }} -./plug/business/app_sketch_local/app_sketch_local.inf -{{- end }} -{{- end }} {{- if and (eq .Values.radius_record.enable .Values.define_enable_val_yes) (eq .Values.decoders.RADIUS .Values.define_enable_val_yes) }} ./plug/business/radius_collect_plug/radius_collect_plug.inf {{- end }} +./plug/stellar_on_sapp/defer_loader.inf \ No newline at end of file diff --git a/ansible/roles/traffic-engine/files/helm/conf/firewall.inf b/ansible/roles/traffic-engine/files/helm/conf/firewall.inf index bd49c5ca..7bd7e4dd 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/firewall.inf +++ b/ansible/roles/traffic-engine/files/helm/conf/firewall.inf @@ -7,61 +7,54 @@ DESTROY_FUNC=firewall_destroy {{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }} [HTTP] FUNC_FLAG=ALL -FUNC_NAME=fw_http_plug_entry +FUNC_NAME=firewall_http_plug_entry {{- end }} {{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }} [SSL] FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL -FUNC_NAME=fw_ssl_plug_entry +FUNC_NAME=firewall_ssl_plug_entry {{- end }} {{- if eq .Values.decoders.DNS .Values.define_enable_val_yes }} [DNS] FUNC_FLAG=ALL -FUNC_NAME=fw_dns_plug_entry +FUNC_NAME=firewall_dns_plug_entry {{- end }} {{- if eq .Values.decoders.MAIL .Values.define_enable_val_yes }} [MAIL] FUNC_FLAG=ALL -FUNC_NAME=fw_mail_plug_entry +FUNC_NAME=firewall_mail_plug_entry {{- end }} {{- if eq .Values.decoders.RTP .Values.define_enable_val_yes }} [RTP] FUNC_FLAG=ALL -FUNC_NAME=fw_rtp_plug_entry +FUNC_NAME=firewall_rtp_plug_entry {{- end }} {{- if eq .Values.decoders.SIP .Values.define_enable_val_yes }} [SIP] FUNC_FLAG=ALL -FUNC_NAME=fw_sip_plug_entry +FUNC_NAME=firewall_sip_plug_entry {{- end }} {{- if eq .Values.decoders.FTP .Values.define_enable_val_yes }} [FTP] FUNC_FLAG=ALL -FUNC_NAME=fw_ftp_plug_entry +FUNC_NAME=firewall_ftp_plug_entry {{- end }} {{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }} [QUIC] FUNC_FLAG=QUIC_CLIENT_HELLO,QUIC_SERVER_HELLO,QUIC_CACHED_CERT,QUIC_COMM_CERT,QUIC_CERT_CHAIN,QUIC_VERSION,QUIC_APPLICATION_DATA -FUNC_NAME=fw_quic_plug_entry +FUNC_NAME=firewall_quic_plug_entry {{- end }} {{- if eq .Values.decoders.DTLS .Values.define_enable_val_yes }} [DTLS] FUNC_FLAG=DTLS_CLIENT_HELLO,DTLS_SERVER_HELLO,DTLS_HELLO_VERIFY_REQUEST,DTLS_CLIENT_EXTENSION -FUNC_NAME=fw_dtls_plug_entry +FUNC_NAME=firewall_dtls_plug_entry {{- end }} -[UDP] -FUNC_FLAG=ALL -FUNC_NAME=fw_udp_plug_entry - -[TCP] -FUNC_FLAG=ALL -FUNC_NAME=fw_tcp_plug_entry diff --git a/ansible/roles/traffic-engine/files/helm/conf/maat.conf b/ansible/roles/traffic-engine/files/helm/conf/maat.conf index 7dc610a2..ba92b71f 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/maat.conf +++ b/ansible/roles/traffic-engine/files/helm/conf/maat.conf @@ -5,7 +5,7 @@ STAT_SWITCH=1 PERF_SWITCH=0 HIT_GROUP_SWITCH=1 TABLE_INFO=tsgconf/tsg_static_tableinfo.json -STAT_FILE=log/master.maat.status +STAT_FILE=log/firewall.maat.status EFFECT_INTERVAL_MS=1000 GARBAGE_COLLECT_MS=60000 RULE_UPDATE_CHECK_INTERVAL_MS=1000 @@ -16,45 +16,8 @@ JSON_CFG_FILE=tsgconf/tsg_maat.json INC_CFG_DIR=tsgrule/inc/index/ FULL_CFG_DIR=tsgrule/full/index/ EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json -LOG_PATH="log/master.maat" +LOG_PATH="log/firewall.maat" -[APP_SIGNATURE_MAAT] -###file, json, redis -MAAT_MODE=redis -STAT_SWITCH=1 -PERF_SWITCH=0 -TABLE_INFO=tsgconf/app_sketch_tableinfo.json -STAT_FILE=log/app_sketch.maat.status -EFFECT_INTERVAL_MS=1000 -GARBAGE_COLLECT_MS=60000 -RULE_UPDATE_CHECK_INTERVAL_MS=1000 -REDIS_IP={{- include "traffic-engine.global.cm.server-ip" . }} -REDIS_PORT={{- include "traffic-engine.global.cm.server-port" . }} -REDIS_INDEX={{ .Values.vsys_id }} -JSON_CFG_FILE=tsgconf/app_sketch_maat.json -INC_CFG_DIR=tsgrule/inc/index/ -FULL_CFG_DIR=tsgrule/full/index/ -EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json -LOG_PATH="log/app_sketch.maat" - -[STAT_POLICY_ENFORCER_MAAT] -###file, json, redis -MAAT_MODE=redis -STAT_SWITCH=1 -PERF_SWITCH=0 -TABLE_INFO=tsgconf/stat_policy_enforcer_tableinfo.json -STAT_FILE=log/stat_policy_enforcer.maat.status -EFFECT_INTERVAL_MS=1000 -GARBAGE_COLLECT_MS=60000 -RULE_UPDATE_CHECK_INTERVAL_MS=1000 -REDIS_IP={{- include "traffic-engine.global.cm.server-ip" . }} -REDIS_PORT={{- include "traffic-engine.global.cm.server-port" . }} -REDIS_INDEX={{ .Values.vsys_id }} -JSON_CFG_FILE=tsgconf/stat_policy_enforcer_maat.json -INC_CFG_DIR=tsgrule/inc/index/ -FULL_CFG_DIR=tsgrule/full/index/ -EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json -LOG_PATH="log/stat_policy_enforcer.maat" [DYNAMIC_MAPPING_MAAT] MAAT_MODE=redis STAT_SWITCH=1 @@ -75,21 +38,5 @@ EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json LOG_LEVEL=0 LOG_PATH="log/dynamic.mapping.maat" -[CAPTURE] -MAAT_MODE=2 -STAT_SWITCH=1 -PERF_SWITCH=0 -TABLE_INFO=tsgconf/capture_packet_tableinfo.json -STAT_FILE=log/capture_packet.maat.status -EFFECT_INTERVAL_S=1 -REDIS_IP={{- include "traffic-engine.global.cm.server-ip" . }} -REDIS_PORT={{- include "traffic-engine.global.cm.server-port" . }} -REDIS_INDEX={{ .Values.vsys_id }} -JSON_CFG_FILE=tsgconf/capture_packet_maat.json -INC_CFG_DIR=tsgrule/inc/index/ -FULL_CFG_DIR=tsgrule/full/index/ -EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json -LOG_PATH="log/packet_capture.maat" - [MAAT] ACCEPT_TAGS={"tags":[{{- include "traffic-engine.device-tag-list" . }}]} diff --git a/ansible/roles/traffic-engine/files/helm/conf/main.conf b/ansible/roles/traffic-engine/files/helm/conf/main.conf index 6de17b0f..fe6e4f5b 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/main.conf +++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf @@ -1,11 +1,5 @@ [MAAT] PROFILE="./tsgconf/maat.conf" -SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID" -CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP" -IP_ADDR_TABLE="TSG_SECURITY_ADDR" -LOCATION_TABLE_TYPE=19 -LOG_LEVEL=30 -LOG_PATH="log/master.scan" {{- if eq .Values.external_resources.sd.enable .Values.define_enable_val_yes }} DYNAMIC_MAPPING_MAAT_SWITCH=1 {{- else }} @@ -97,24 +91,13 @@ TELEGRAF_PORT=8100 TELEGRAF_IP="127.0.0.1" APP_NAME="app_metric" -[MASTER_STATUS] -CYCLE_INTERVAL_MS=30000 -#TELEGRAF_PORT=8200 -#TELEGRAF_IP="127.0.0.1" -OUTPUT_PATH="log/master.status" -APP_NAME="tsg_master" - [SYSTEM] DATACENTER_ID={{ .Values.session_id_generator.snowflake_worker_id_base }} LOG_LEVEL=30 -LOG_PATH="log/master.log" -POLICY_PRIORITY_LABEL="POLICY_PRIORITY" -L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf" +LOG_PATH="log/firewall.log" +L7_PROTOCOL_FILE="./tsgconf/firewall_l7_protocol.conf" DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'" DEVICE_SEQ_IN_DATA_CENTER={{ .Values.session_id_generator.snowflake_worker_id_offset }} -FEATURE_TAMPER=1 -#IDENTIFY_PROTO_NAME="DNS;QUIC;HTTP;MAIL;FTP;SSL;RTP;SIP;SSH;RADIUS;SOCKS;STRATUM;RDP;BGP;DTLS;GTPC;" -IDENTIFY_PROTO_NAME="{{- include "traffic-engine.config.identify-proto-name" . }}" {{- if eq .Values.service_chaining.enable .Values.define_enable_val_yes }} SERVICE_CHAINING_SID={{ .Values.sid.sce }} {{- end }} @@ -130,11 +113,6 @@ GENERATE_JA3_FINGERPRINT=1 GENERATE_JA3_FINGERPRINT=0 {{- end }} -[FIREWALL] -CYCLE=30 -#TELEGRAF_PORT=8500 -#TELEGRAF_IP=127.0.0.1 -OUTPUT_PATH="log/firewall.status" [APP_SKETCH_LOCAL] LOG_LEVEL=30 @@ -199,7 +177,6 @@ SENDLOG_SWITCH=0 SIGNALING_ORIGIN="REDIS" {{- end }} - [PROTO_IDENTIFY] MAX_IDENTIFY_PACKETS=10 diff --git a/ansible/roles/traffic-engine/files/helm/conf/necessary_plug_list.conf b/ansible/roles/traffic-engine/files/helm/conf/necessary_plug_list.conf index 49aa35b8..e300015d 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/necessary_plug_list.conf +++ b/ansible/roles/traffic-engine/files/helm/conf/necessary_plug_list.conf @@ -5,9 +5,6 @@ ./plug/platform/wannat/wangw.inf ./plug/platform/wire_graft/wire_graft.inf -./plug/platform/app_proto_identify/app_proto_identify.inf 1 -./plug/platform/capture_packet_plug/capture_packet_plug.inf 1 -./plug/platform/tsg_master/tsg_master.inf ./plug/protocol/sip/sip.inf ./plug/protocol/rtp/rtp.inf ./plug/protocol/ssl/ssl.inf @@ -21,16 +18,13 @@ ./plug/protocol/rdp/rdp.inf ./plug/protocol/bgp/bgp.inf ./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf -./plug/business/session_record/session_record.inf 1 ./plug/business/kni/kni.inf -./plug/business/fw_dns_plug/fw_dns_plug.inf ./plug/business/conn_telemetry/conn_telemetry.inf -./plug/business/app_sketch_local/app_sketch_local.inf 1 ./plug/protocol/gtp/gtp.inf ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf ./plug/business/http_healthcheck/http_healthcheck.inf ./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf 1 ./plug/business/radius_collect_plug/radius_collect_plug.inf -./plug/platform/shaping_master/shaping_master.inf ./plug/business/firewall/firewall.inf -./plug/business/stat_policy_enforcer/stat_policy_enforcer.inf \ No newline at end of file +./plug/stellar_on_sapp/start_loader.inf +./plug/stellar_on_sapp/defer_loader.inf \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision-condition/tasks/main.yml b/ansible/roles/tsg-os-provision-condition/tasks/main.yml index e8a6c509..93c48b43 100644 --- a/ansible/roles/tsg-os-provision-condition/tasks/main.yml +++ b/ansible/roles/tsg-os-provision-condition/tasks/main.yml @@ -46,38 +46,6 @@ - tfe when: runtime_env == 'TSG-7400-mcn123' -- name: "add condition into service depend provision result TSG-X-P1403" - copy: - src: "{{ role_path }}/files/service_add_ConditionPathExists.conf" - dest: "/usr/lib/systemd/system/{{ item }}.service.d/" - mode: 0644 - with_items: - - mrapm_device - - mrapm_stream - - mrenv - - mrzcpd - - sapp - - telegraf_statistic - when: runtime_env == 'TSG-X-P1403' - -- name: "add condition into service depend provision result TSG-X-P0804" - copy: - src: "{{ role_path }}/files/service_add_ConditionPathExists.conf" - dest: "/usr/lib/systemd/system/{{ item }}.service.d/" - mode: 0644 - with_items: - - cert-redis - - certstore - - mrapm_device - - mrapm_stream - - mrenv - - mrzcpd - - sapp - - telegraf_statistic - - tfe-env - - tfe - when: runtime_env == 'TSG-X-P0804' - - name: "add condition into service depend provision result TSG-X-P0906" copy: src: "{{ role_path }}/files/service_add_ConditionPathExists.conf" diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403 index a2e2c6d9..9b738837 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403 @@ -72,12 +72,6 @@ dest: /opt/tsg/sapp/tsgconf/maat.conf tags: firewall - - name: "tsg-os-provision: Template the session_record.inf" - template: - src: "../templates/session_record.inf.j2" - dest: /opt/tsg/sapp/plug/business/session_record/session_record.inf - tags: firewall - - name: "tsg-os-provision: Template the firewall.inf" template: src: "../templates/firewall.inf.j2" diff --git a/ansible/roles/tsg-os-provision/tasks/main.yml b/ansible/roles/tsg-os-provision/tasks/main.yml index 067671b3..1e9b28bd 100644 --- a/ansible/roles/tsg-os-provision/tasks/main.yml +++ b/ansible/roles/tsg-os-provision/tasks/main.yml @@ -64,19 +64,12 @@ mode: 0644 when: runtime_env == 'TSG-7400-mcn123' -- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p1403" - copy: - src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P1403" - dest: /opt/tsg/tsg-os-provision/tasks/provision.yml - mode: 0644 - when: runtime_env == 'TSG-X-P1403' - - name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p0804" copy: src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P0804" dest: /opt/tsg/tsg-os-provision/tasks/provision.yml mode: 0644 - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p0906" copy: @@ -134,12 +127,12 @@ mode: 0644 when: runtime_env == 'TSG-X-P1403' -- name: "tsg-os-provision: copy provision.default.yml - TSG-X-P0804" +- name: "tsg-os-provision: copy provision.default.yml - TSG-X-P0906" copy: src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804" dest: /opt/tsg/tsg-os-provision/provision.default.yml mode: 0644 - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0" copy: @@ -162,19 +155,13 @@ mode: 0644 when: runtime_env == 'TSG-server' -- name: "tsg-os-provision: copy provision.yml.sample to dest - TSG-X-P1304" - copy: - src: "{{ role_path }}/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403" - dest: /opt/tsg/tsg-os-provision/provision.yml.sample - mode: 0644 - when: runtime_env == 'TSG-X-P1403' -- name: "tsg-os-provision: copy provision.yml.sample to dest - TSG-X-P0804" +- name: "tsg-os-provision: copy provision.yml.sample to dest - TSG-X-P0906" copy: src: "{{ role_path }}/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804" dest: /opt/tsg/tsg-os-provision/provision.yml.sample mode: 0644 - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "tsg-os-provision: copy provision.sh file to dest" copy: @@ -234,16 +221,6 @@ mode: 0755 when: runtime_env == 'TSG-9140' or runtime_env == 'TSG-server' -######TSG-X-P1403 start###### -- name: "install tsg-os-provision.service -- TSG-X-P1403" - copy: - src: "{{ role_path }}/files/service/{{ item.src }}" - dest: /usr/lib/systemd/system/{{ item.dest }} - mode: 0644 - with_items: - - { "src": tsg-os-provision.service.TSGXP1403, "dest": tsg-os-provision.service } - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' - - name: "install tsg-os-provision.service -- TSG-X-P0906" copy: src: "{{ role_path }}/files/service/{{ item.src }}" @@ -253,20 +230,20 @@ - { "src": tsg-os-provision.service.TSGXP0906, "dest": tsg-os-provision.service } when: runtime_env == 'TSG-X-P0906' -- name: "replace action: add service into sysinit.target --TSG-X-P1403" +- name: "replace action: add service into sysinit.target --TSG-X-P0906" shell: ln -vfs --relative /usr/lib/systemd/system/{{item}} /usr/lib/systemd/system/sysinit.target.wants/{{item}} with_items: - tsg-os-provision.service - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' -- name: "tsg-os-provision: copy provision-config-apply to dest - TSG-X-P1403" +- name: "tsg-os-provision: copy provision-config-apply to dest - TSG-X-P0906" copy: src: "{{ role_path }}/files/script/provision-config-apply" dest: /opt/tsg/tsg-os-provision/ mode: 0755 - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' -- name: "tsg-os-provision: obtain_rps_mask and obtain_cpu_core_range to dest - TSG-X-P0804" +- name: "tsg-os-provision: obtain_rps_mask and obtain_cpu_core_range to dest - TSG-X-P0906" copy: src: "{{ role_path }}/files/script/{{ item }}" dest: /opt/tsg/tsg-os-provision/scripts/ @@ -274,14 +251,7 @@ with_items: - obtain_rps_mask.py - obtain_isolate_cpu_range.py - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - -######TSG-X-P1403 end###### - -#- name: "tsg-os-provision: install yaml module using pip3" -# pip: -# name: PyYAML -# executable: pip3 + when: runtime_env == 'TSG-X-P0906' - name: "copy tsg-os-provision.sh to destination" copy: diff --git a/ansible/roles/tsg_sn/tasks/main.yml b/ansible/roles/tsg_sn/tasks/main.yml index 3992ce70..33e59774 100644 --- a/ansible/roles/tsg_sn/tasks/main.yml +++ b/ansible/roles/tsg_sn/tasks/main.yml @@ -28,12 +28,12 @@ mode: 0755 when: runtime_env == 'TSG-server' -- name: "deploy obtain sn - tsg-x-p1403" +- name: "deploy obtain sn - tsg-x-P0906" copy: src: "{{ role_path }}/files/obtain_sn.sh.TSGXP1403" dest: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh mode: 0755 - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "deploy obtain sn - tsg-x-p0906" diff --git a/ansible/roles/wannat_common/tasks/main.yml b/ansible/roles/wannat_common/tasks/main.yml index 405183a4..efdf5e2d 100644 --- a/ansible/roles/wannat_common/tasks/main.yml +++ b/ansible/roles/wannat_common/tasks/main.yml @@ -10,7 +10,7 @@ - /tmp/nanomsg-1.1.5-6.el7.x86_64.rpm state: present disable_gpg_check: yes - when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123' or runtime_env == 'TSG-9140' or runtime_env == 'TSG-X-P1403' + when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123' or runtime_env == 'TSG-9140' - name: "install nanomsg library rockylinux8" yum: @@ -18,7 +18,7 @@ - /tmp/nanomsg-1.1.5-6.el8.x86_64.rpm state: present disable_gpg_check: yes - when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + when: runtime_env == 'TSG-X-P0906' - name: "Install wannat_common library" shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }} diff --git a/make/Makefile.SERVER b/make/Makefile.SERVER deleted file mode 100644 index efe17ce7..00000000 --- a/make/Makefile.SERVER +++ /dev/null @@ -1,55 +0,0 @@ -PROFILE_ID := server -SUPPORTED_MACHINE_ID := server -KERNEL_ARGS := console=ttyS0,115200n8 crashkernel=512M default_hugepagesz=1G hugepagesz=1G hugepages=16 intel_iommu=on iommu=pt mitigations=off pci=realloc,assign-busses psi=1 isolcpus=1,9-55 -GRUB_SERIAL_COMMAND := -SIZE_PART_SYSROOT := 16384M -SIZE_PART_UPDATE := 16384M - -PROFILE_ID_IN_SHORT := $(subst -,$e,$(PROFILE_ID)) -INSTALL_PKG_UNLOCKED := tsg-installer-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}.tar -INSTALL_PKG_LOCKED := tsg-installer-pr-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}.tar - -TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID) -TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer -TARGET_COMPRESS_DIR := $(TARGET_BUILD_DIR)/compress - -.PHONY: all packages_compress packages_download builddir packages_directory_assemble - -all: packages_compress - -builddir: - mkdir -p $(TARGET_BUILD_DIR) - mkdir -p $(TARGET_COMPRESS_DIR) - mkdir -p $(TARGET_COMPRESS_DIR)/rpm_download - -packages_compress: packages_download packages_directory_assemble -ifeq ($(LOCK_STATE),UNLOCKED) - tar -zcvf $(IMAGEDIR_BASE)/$(INSTALL_PKG_UNLOCKED) -C $(TARGET_COMPRESS_DIR) . - sha256sum $(IMAGEDIR_BASE)/$(INSTALL_PKG_UNLOCKED) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(INSTALL_PKG_UNLOCKED).sha256sum.txt -endif -ifeq ($(LOCK_STATE),LOCKED) - tar -zcvf $(IMAGEDIR_BASE)/$(INSTALL_PKG_LOCKED) -C $(TARGET_COMPRESS_DIR) . - sha256sum $(IMAGEDIR_BASE)/$(INSTALL_PKG_LOCKED) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(INSTALL_PKG_LOCKED).sha256sum.txt -endif - -packages_download: builddir -ifeq ($(LOCK_STATE),UNLOCKED) - sed -i '/sapp-pr:/d;/tfe-pr:/d;/mrzcpd-0906:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml - sed -i '/role: hasp/d' $(PROJECTDIR)/ansible/HAL_server_deploy.yml -endif -ifeq ($(LOCK_STATE),LOCKED) - sed -i '/sapp:/d;/tfe:/d;/mrzcpd-0906:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml -endif - $(TOOLSDIR)/ansible-HAL-server $(PROFILE_ID) $(PROJECTDIR) $(TARGET_COMPRESS_DIR)/rpm_download $(PROJECTDIR)/conf/yum-CentOS-7.conf - -packages_directory_assemble: - mkdir -p $(TARGET_COMPRESS_DIR) - mkdir -p $(TARGET_COMPRESS_DIR)/group_vars - cp -r $(PROJECTDIR)/ansible/roles $(TARGET_COMPRESS_DIR) - cp -r $(PROJECTDIR)/ansible/install_config/group_vars/HAL_SERVER.yml $(TARGET_COMPRESS_DIR)/group_vars - cp -r $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml $(TARGET_COMPRESS_DIR)/group_vars - cp -r $(PROJECTDIR)/ansible/HAL_server_deploy.yml $(TARGET_COMPRESS_DIR) - echo "[server]" > $(TARGET_COMPRESS_DIR)/hosts - echo "###target device address###" >> $(TARGET_COMPRESS_DIR)/hosts - rm -rf $(TARGET_COMPRESS_DIR)/roles/rpm_to_dest/files - mv $(TARGET_COMPRESS_DIR)/rpm_download $(TARGET_COMPRESS_DIR)/roles/rpm_to_dest/files diff --git a/make/Makefile.TSGXNXR620G40R01P0804 b/make/Makefile.TSGXNXR620G40R01P0804 deleted file mode 100644 index 10e310d5..00000000 --- a/make/Makefile.TSGXNXR620G40R01P0804 +++ /dev/null @@ -1,74 +0,0 @@ - -PROFILE_ID := TSG-X-NXR620G40-R01-P0804 -SUPPORTED_MACHINE_ID := TSG-X-NXR620G40-R01-P0804 -KERNEL_ARGS := crashkernel=512M default_hugepagesz=1G hugepagesz=1G hugepages=16 intel_iommu=on iommu=pt mitigations=off psi=1 isolcpus=1-76 selinux=0 transparent_hugepage=never -GRUB_SERIAL_COMMAND := -SIZE_PART_SYSROOT := 16384M -SIZE_PART_UPDATE := 16384M - -PROFILE_ID_IN_SHORT := $(subst -,$e,$(PROFILE_ID)) -CHROOT_PKG := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-chroot.tar.bz2 -CHROOT_BIN := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-ONIE.bin - -TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID) -TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer -TARGET_SYSROOT_DIR := $(TARGET_BUILD_DIR)/sysroot - -.PHONY: all builddir installer sysroot-base sysroot-ansible sysroot-cleanup sysroot-archive sysroot-binary clean - -all: sysroot-binary - -builddir: - mkdir -p $(TARGET_BUILD_DIR) - -installer: builddir - rm -rf $(TARGET_INSTALLER_DIR) - mkdir -p $(TARGET_INSTALLER_DIR) - cp $(INSTALLERDIR)/install.sh $(TARGET_INSTALLER_DIR)/install.sh - cp $(INSTALLERDIR)/distro-setup.sh $(TARGET_INSTALLER_DIR)/distro-setup.sh - chmod +x $(TARGET_INSTALLER_DIR)/install.sh - chmod +x $(TARGET_INSTALLER_DIR)/distro-setup.sh - - sed -i -e "s/%%DISTR0_VER%%/$(OS_RELEASE_VER)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%MACHINE_ID%%/$(SUPPORTED_MACHINE_ID)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%CHROOT_PKG%%/$(CHROOT_PKG)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%KERNAL_ARGS%%/$(KERNEL_ARGS)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%GRUB_SERIAL_COMMAND%%/$(GRUB_SERIAL_COMMAND)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh - - sed -i '/sapp:/d;/tfe:/d;/mrzcpd-icelake-server:/d;/mrzcpd-znver1:/d;/mrzcpd-corei7:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml - -sysroot-base: builddir - $(TOOLSDIR)/mk-base-image $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR) $(PROFILE_ID) - -sysroot-verfile: sysroot-base - sed -i -e "s/^NAME=.*/NAME=\"TSG-OS\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release - sed -i -e "s/^VERSION=.*/VERSION=\"$(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release - sed -i -e "s/^PRETTY_NAME=.*/PRETTY_NAME=\"TSG-OS $(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release - -sysroot-ansible: sysroot-verfile sysroot-base - mount --bind /proc $(TARGET_SYSROOT_DIR)/proc - cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_SYSROOT_DIR)/tmp/ -r - cp /etc/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r - cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r - cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER) - cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - rm -rf $(TARGET_SYSROOT_DIR)/etc/resolv.conf - umount $(TARGET_SYSROOT_DIR)/proc - -sysroot-cleanup: - rm -rf $(TARGET_SYSROOT_DIR)/tmp/* - rm -rf $(TARGET_SYSROOT_DIR)/dev/* - -sysroot-archive: installer sysroot-ansible sysroot-cleanup - tar --exclude=*~ --exclude-backups --owner=root --group=root -c -C $(TARGET_SYSROOT_DIR) . | pbzip2 -p9 > $(TARGET_INSTALLER_DIR)/$(CHROOT_PKG) - -sysroot-binary: sysroot-archive - mkdir -p $(TARGET_BUILD_DIR)/cook-bits - $(TOOLSDIR)/cook-bits $(TARGET_BUILD_DIR) $(TARGET_BUILD_DIR)/cook-bits $(IMAGEDIR_BASE)/$(CHROOT_BIN) - sha256sum $(IMAGEDIR_BASE)/$(CHROOT_BIN) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(CHROOT_BIN).sha256sum.txt - -clean: - rm -rf $(TARGET_BUILD_DIR) \ No newline at end of file diff --git a/make/Makefile.TSGXNXR620G40R01P1403 b/make/Makefile.TSGXNXR620G40R01P1403 deleted file mode 100644 index 731a8800..00000000 --- a/make/Makefile.TSGXNXR620G40R01P1403 +++ /dev/null @@ -1,74 +0,0 @@ - -PROFILE_ID := TSG-X-NXR620G40-R01-P1403 -SUPPORTED_MACHINE_ID := TSG-X-NXR620G40-R01-P1403 -KERNEL_ARGS := console=ttyS0,115200n8 crashkernel=512M default_hugepagesz=1G hugepagesz=1G hugepages=16 intel_iommu=on iommu=pt mitigations=off pci=realloc,assign-busses psi=1 isolcpus=1-92 selinux=0 transparent_hugepage=never -GRUB_SERIAL_COMMAND := -SIZE_PART_SYSROOT := 16384M -SIZE_PART_UPDATE := 16384M - -PROFILE_ID_IN_SHORT := $(subst -,$e,$(PROFILE_ID)) -CHROOT_PKG := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-chroot.tar.bz2 -CHROOT_BIN := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-ONIE.bin - -TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID) -TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer -TARGET_SYSROOT_DIR := $(TARGET_BUILD_DIR)/sysroot - -.PHONY: all builddir installer sysroot-base sysroot-ansible sysroot-cleanup sysroot-archive sysroot-binary clean - -all: sysroot-binary - -builddir: - mkdir -p $(TARGET_BUILD_DIR) - -installer: builddir - rm -rf $(TARGET_INSTALLER_DIR) - mkdir -p $(TARGET_INSTALLER_DIR) - cp $(INSTALLERDIR)/install.sh $(TARGET_INSTALLER_DIR)/install.sh - cp $(INSTALLERDIR)/distro-setup.sh $(TARGET_INSTALLER_DIR)/distro-setup.sh - chmod +x $(TARGET_INSTALLER_DIR)/install.sh - chmod +x $(TARGET_INSTALLER_DIR)/distro-setup.sh - - sed -i -e "s/%%DISTR0_VER%%/$(OS_RELEASE_VER)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%MACHINE_ID%%/$(SUPPORTED_MACHINE_ID)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%CHROOT_PKG%%/$(CHROOT_PKG)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%KERNAL_ARGS%%/$(KERNEL_ARGS)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%GRUB_SERIAL_COMMAND%%/$(GRUB_SERIAL_COMMAND)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh - sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh - - sed -i '/sapp:/d;/tfe:/d;/mrzcpd-icelake-server:/d;/mrzcpd-znver1:/d;/mrzcpd-corei7:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml - -sysroot-base: builddir - $(TOOLSDIR)/mk-base-image $(CONFDIR)/yum-CentOS-7.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR) $(PROFILE_ID) - -sysroot-verfile: sysroot-base - sed -i -e "s/^NAME=.*/NAME=\"TSG-OS\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release - sed -i -e "s/^VERSION=.*/VERSION=\"$(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release - sed -i -e "s/^PRETTY_NAME=.*/PRETTY_NAME=\"TSG-OS $(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release - -sysroot-ansible: sysroot-verfile sysroot-base - mount --bind /proc $(TARGET_SYSROOT_DIR)/proc - cp $(CONFDIR)/yum-CentOS-7.conf $(TARGET_SYSROOT_DIR)/tmp/ -r - cp /etc/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r - cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r - cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf $(OS_RELEASE_VER) - cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - rm -rf $(TARGET_SYSROOT_DIR)/etc/resolv.conf - umount $(TARGET_SYSROOT_DIR)/proc - -sysroot-cleanup: - rm -rf $(TARGET_SYSROOT_DIR)/tmp/* - rm -rf $(TARGET_SYSROOT_DIR)/dev/* - -sysroot-archive: installer sysroot-ansible sysroot-cleanup - tar --exclude=*~ --exclude-backups --owner=root --group=root -c -C $(TARGET_SYSROOT_DIR) . | pbzip2 -p9 > $(TARGET_INSTALLER_DIR)/$(CHROOT_PKG) - -sysroot-binary: sysroot-archive - mkdir -p $(TARGET_BUILD_DIR)/cook-bits - $(TOOLSDIR)/cook-bits $(TARGET_BUILD_DIR) $(TARGET_BUILD_DIR)/cook-bits $(IMAGEDIR_BASE)/$(CHROOT_BIN) - sha256sum $(IMAGEDIR_BASE)/$(CHROOT_BIN) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(CHROOT_BIN).sha256sum.txt - -clean: - rm -rf $(TARGET_BUILD_DIR) \ No newline at end of file diff --git a/tools/mk-base-image b/tools/mk-base-image index d437d296..2fc2b3d7 100755 --- a/tools/mk-base-image +++ b/tools/mk-base-image @@ -14,18 +14,13 @@ profile_id=$4 setopt="group_package_types=mandatory,default,optional" case $profile_id in - "TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P0906" ) + "TSG-X-NXR620G40-R01-P0906" ) kernel_version="5.17.15-1.el8.x86_64" append_package_to_install="$projectdir/package/kernel-ml-core-$kernel_version.rpm $projectdir/package/kernel-ml-modules-$kernel_version.rpm $projectdir/package/kernel-ml-$kernel_version.rpm $projectdir/package/kernel-ml-devel-$kernel_version.rpm" ;; - "TSG-X-NXR620G40-R01-P1403") - kernel_version="3.10.0-1160.59.1.el7.x86_64" - append_package_to_install="kernel-3.10.0-1160.59.1.el7.x86_64 - kernel-devel-3.10.0-1160.59.1.el7.x86_64" - ;; "7400-MCN0-P01R01" | "7400-MCN123-P01R01" |"9000-NPB-P01R01") kernel_version="5.4.159-1.el7.elrepo.x86_64" append_package_to_install="$projectdir/package/kernel-lt-$kernel_version.rpm @@ -39,7 +34,7 @@ case $profile_id in esac case $profile_id in - "TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P0906" ) + "TSG-X-NXR620G40-R01-P0906" ) base_package_to_install="@base @core @debugging @anaconda-tools @additional-devel @guest-agents @system-tools @hardware-monitoring @network-file-system-client @performance @remote-system-management adcli certmonger ipa-client clevis-dracut clevis-udisks2 krb5-pkinit krb5-workstation sssd-polkit-rules krb5-pkinit luksmeta @@ -50,7 +45,7 @@ case $profile_id in python3-docutils libnsl liburing hwloc-gui perl-open perl python2 js-d3-flame-graph" ;; - "TSG-X-NXR620G40-R01-P1403" | "7400-MCN0-P01R01" | "7400-MCN123-P01R01" |"9000-NPB-P01R01") + "7400-MCN0-P01R01" | "7400-MCN123-P01R01" |"9000-NPB-P01R01") base_package_to_install="@base @core @debugging @directory-client @guest-agents @hardware-monitoring @network-file-system-client @performance @remote-system-management grub2 epel-release efibootmgr ansible yum-utils ipmitool docker-ce docker-ce-cli @@ -70,9 +65,6 @@ yum -c "$yum_config" --installroot="$target" -y makecache yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $base_package_to_install --disablerepo='ofed' yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $append_package_to_install -#if [ $profile_id == "TSG-X-NXR620G40-R01-P0804" ];then -# kernel_version=$(ls $target/boot/vmlinuz-*.x86_64 | grep -oP "^$target/boot/vmlinuz-\K.*") -#fi #git clone --depth 1 https://github.com/brendangregg/FlameGraph.git /opt/tools/FlameGraph/ #git clone --depth 1 https://github.com/brendangregg/perf-tools.git /opt/tools/perf-tools/ test -d "$target"/opt/tsg/tools/ || mkdir -p "$target"/opt/tsg/tools/ @@ -138,7 +130,7 @@ if [ ! -f "$target/etc/pam.d/password-auth-local" ]; then fi case $profile_id in - "TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P1403" | "7400-MCN0-P01R01" | "7400-MCN123-P01R01" |"9000-NPB-P01R01") + "7400-MCN0-P01R01" | "7400-MCN123-P01R01" |"9000-NPB-P01R01") cp -rf $projectdir/rootconf/sysroot-usr/target/* $target/usr/lib/systemd/system mkdir -p $target/usr/lib/systemd/system/workload.target.wants ;;