From 217ec45e57779eb1f1db999391822b34002bb52d Mon Sep 17 00:00:00 2001 From: fumingwei Date: Tue, 28 Sep 2021 16:46:42 +0800 Subject: [PATCH] =?UTF-8?q?feature:TSG-7875,TSG-7976,provision=E6=96=B0?= =?UTF-8?q?=E5=A2=9Esession=5Frecord=5Fid=5Fgenerator=E5=92=8Cdevice.tags?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E9=A1=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../roles/firewall/templates/maat.conf.j2.j2 | 16 +++++++++++++++- .../roles/firewall/templates/main.conf.j2.j2 | 16 ++++++++++++++-- .../provision.yml.sample.7400MCN0P01R01 | 12 +++++++----- .../provision.yml.sample.7400MCN123P01R01 | 7 ++++--- .../provision.yml.sample.9000NPBP01R01 | 13 ++++++++----- .../templates/tsg_device_tag.json.j2.j2 | 18 ++++++++++++++++-- 6 files changed, 64 insertions(+), 18 deletions(-) diff --git a/ansible/roles/firewall/templates/maat.conf.j2.j2 b/ansible/roles/firewall/templates/maat.conf.j2.j2 index ef0a7774..9055dba9 100644 --- a/ansible/roles/firewall/templates/maat.conf.j2.j2 +++ b/ansible/roles/firewall/templates/maat.conf.j2.j2 @@ -65,5 +65,19 @@ FULL_CFG_DIR=tsgrule/full/index/ EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json [MAAT] -{% raw %}ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center.name }}"}]} +{% raw %}{% set tags_list = [] %} +{% if data_center.name is defined %} +{% set tag_json = "{\"tag\":\"" ~ "data_center" ~ "\",\"value\":\"" ~ data_center.name ~ "\"}" %} +{{tags_list.append(tag_json)}}{% endif %} +{% if device.tags is defined %} +{% for device_tag in device.tags %} +{% for key,value in device_tag.items() %} +{% set tag_json = "{\"tag\":\"" ~ key ~ "\",\"value\":\"" ~ value ~ "\"}" %} +{{tags_list.append(tag_json)}}{% endfor %} +{% endfor %} +{% endif %} +{% if data_center.name is not defined and device.tags is not defined %} +{{ device.tags }} +{% endif %} +ACCEPT_TAGS={"tags":[{{ tags_list | join(",") }}]} {% endraw %} diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2 index 9b98b02f..3d051ee3 100644 --- a/ansible/roles/firewall/templates/main.conf.j2.j2 +++ b/ansible/roles/firewall/templates/main.conf.j2.j2 @@ -65,14 +65,26 @@ APP_NAME="tsg_master" [SYSTEM] NIC_NAME="{{ firewall.main_conf.SYSTEM.NIC_NAME }}" -{% raw %}DATACENTER_ID={{ data_center.id }} +{% raw %}{% if session_record_id_generator.snowflake_worker_id_base is defined %} +DATACENTER_ID={{ session_record_id_generator.snowflake_worker_id_base }} +{% elif data_center.id is defined %} +DATACENTER_ID={{ data_center.id }} +{% else %} +DATACENTER_ID={{ session_record_id_generator.snowflake_worker_id_base }} +{% endif %} {% endraw %} LOG_LEVEL=30 LOG_PATH="./tsglog/tsg_master" POLICY_PRIORITY_LABEL="POLICY_PRIORITY" L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf" DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'" -{% raw %}DEVICE_SEQ_IN_DATA_CENTER={{ device.sequence_in_data_center }} +{% raw %}{% if session_record_id_generator.snowflake_worker_id_offset is defined %} +DEVICE_SEQ_IN_DATA_CENTER={{ session_record_id_generator.snowflake_worker_id_offset }} +{% elif device.sequence_in_data_center is defined %} +DEVICE_SEQ_IN_DATA_CENTER={{ device.sequence_in_data_center }} +{% else %} +DEVICE_SEQ_IN_DATA_CENTER={{ session_record_id_generator.snowflake_worker_id_offset }} +{% endif %} {% endraw %} [TSG_CONN_SKETCH] diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 index 831c30cb..599ec754 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 @@ -1,11 +1,13 @@ version: 1 -data_center: - name: City instance - id: 1 - device: - sequence_in_data_center: 1 + tags: + - key1: value1 + - key2: value2 + +session_record_id_generator: + snowflake_worker_id_base: 1 + snowflake_worker_id_offset: 1 feature: enable_policy_local_cache: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01 index 6d7d2191..481a45ad 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01 @@ -1,8 +1,9 @@ version: 1 -data_center: - name: City instance - id: 1 +device: + tags: + - key1: value1 + - key2: value2 feature: enable_policy_local_cache: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 index bf01c428..ef36737a 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 @@ -1,11 +1,14 @@ version: 1 -data_center: - name: City instance - id: 1 - device: - sequence_in_data_center: 1 + tags: + - key1: value1 + - key2: value2 + +session_record_id_generator: + snowflake_worker_id_base: 1 + snowflake_worker_id_offset: 1 + feature: enable_stream_bypass_under_ddos: 0 diff --git a/ansible/roles/tsg_device_tag/templates/tsg_device_tag.json.j2.j2 b/ansible/roles/tsg_device_tag/templates/tsg_device_tag.json.j2.j2 index e76d7168..23f48118 100644 --- a/ansible/roles/tsg_device_tag/templates/tsg_device_tag.json.j2.j2 +++ b/ansible/roles/tsg_device_tag/templates/tsg_device_tag.json.j2.j2 @@ -1,3 +1,17 @@ -[MAAT] -{% raw %}ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center.name }}"}]} +[MAAT] +{% raw %}{% set tags_list = [] %} +{% if data_center.name is defined %} +{% set tag_json = "{\"tag\":\"" ~ "data_center" ~ "\",\"value\":\"" ~ data_center.name ~ "\"}" %} +{{tags_list.append(tag_json)}}{% endif %} +{% if device.tags is defined %} +{% for device_tag in device.tags %} +{% for key,value in device_tag.items() %} +{% set tag_json = "{\"tag\":\"" ~ key ~ "\",\"value\":\"" ~ value ~ "\"}" %} +{{tags_list.append(tag_json)}}{% endfor %} +{% endfor %} +{% endif %} +{% if data_center.name is not defined and device.tags is not defined %} +{{ device.tags }} +{% endif %} +ACCEPT_TAGS={"tags":[{{ tags_list | join(",") }}]} {% endraw %} \ No newline at end of file