From 21ce1b8cb5ca4c48312e4799176fcf2d254fd92b Mon Sep 17 00:00:00 2001 From: fumingwei Date: Tue, 14 Sep 2021 10:45:48 +0800 Subject: [PATCH] =?UTF-8?q?bugfix:TSG-7631:7400=E7=8E=AF=E5=A2=83=E4=B8=8B?= =?UTF-8?q?=E5=BD=93enable=5Fpolicy=5Flocal=5Fcache=E5=BC=80=E5=90=AF?= =?UTF-8?q?=E6=97=B6=EF=BC=8Cmaat=5Fredis=20listen=E5=9B=BA=E5=AE=9A?= =?UTF-8?q?=E7=AB=AF=E5=8F=A37002?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../group_vars/stage_one_7400MCN0P01R01.yml | 1 + .../group_vars/stage_one_7400MCN123P01R01.yml | 1 + .../group_vars/stage_one_9000NPBP01R01.yml | 1 + .../certstore/templates/cert_store.ini.j2.j2 | 4 ++-- ansible/roles/firewall/templates/maat.conf.j2.j2 | 16 ++++++++-------- .../maat-redis/templates/maat-redis.conf.j2.j2 | 6 ++---- ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 | 3 +-- ansible/roles/tfe/templates/tfe.conf.j2.j2 | 4 ++-- .../files/tasks/provision.yml.7400MCN0P01R01 | 5 +++-- .../files/tasks/provision.yml.7400MCN123P01R01 | 5 +++-- .../wannat_wangw/templates/wangw.conf.j2.j2 | 2 +- 11 files changed, 25 insertions(+), 23 deletions(-) diff --git a/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml b/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml index fe42a604..e16da090 100644 --- a/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml +++ b/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml @@ -68,6 +68,7 @@ tsg_diagnose: virtual_client_nic: eth_dign_c cm_policy_server_ip: '{% raw %}{{ cm_policy_server_ip }}{% endraw %}' +cm_policy_server_port: '{% raw %}{{ cm_policy_server_port }}{% endraw %}' wannat_wangw: wangw_conf: diff --git a/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml b/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml index b9a35d42..e2fded54 100644 --- a/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml +++ b/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml @@ -32,6 +32,7 @@ tfe: default_vlan_id_for_mac: 0 cm_policy_server_ip: '{% raw %}{{ cm_policy_server_ip }}{% endraw %}' +cm_policy_server_port: '{% raw %}{{ cm_policy_server_port }}{% endraw %}' framework: prefix_path: /opt/tsg/framework diff --git a/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml b/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml index 873a51ec..522914b8 100644 --- a/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml +++ b/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml @@ -84,6 +84,7 @@ tsg_diagnose: virtual_client_nic: eth_vf_dign_c cm_policy_server_ip: '{% raw %}{{ cm.policy_server.address }}{% endraw %}' +cm_policy_server_port: '{% raw %}{{ cm.policy_server.port }}{% endraw %}' wannat_wangw: wangw_conf: diff --git a/ansible/roles/certstore/templates/cert_store.ini.j2.j2 b/ansible/roles/certstore/templates/cert_store.ini.j2.j2 index d42894a6..760e4662 100644 --- a/ansible/roles/certstore/templates/cert_store.ini.j2.j2 +++ b/ansible/roles/certstore/templates/cert_store.ini.j2.j2 @@ -70,8 +70,8 @@ port = 6379 #Maat monitors the Redsi server IP address and port number ip = {{ cm_policy_server_ip }} -{% raw %}port = {{ cm.policy_server.port }} -dbindex = {{ cm.policy_server.db_static }} +port = {{ cm_policy_server_port }} +{% raw %}dbindex = {{ cm.policy_server.db_static }} {% endraw %} [stat] statsd_server=127.0.0.1 diff --git a/ansible/roles/firewall/templates/maat.conf.j2.j2 b/ansible/roles/firewall/templates/maat.conf.j2.j2 index 608b1acf..ef0a7774 100644 --- a/ansible/roles/firewall/templates/maat.conf.j2.j2 +++ b/ansible/roles/firewall/templates/maat.conf.j2.j2 @@ -7,8 +7,8 @@ TABLE_INFO=tsgconf/tsg_static_tableinfo.conf STAT_FILE=tsg_static_maat.status EFFECT_INTERVAL_S=1 REDIS_IP={{ cm_policy_server_ip }} -{% raw %}REDIS_PORT={{ cm.policy_server.port }} -REDIS_INDEX={{ cm.policy_server.db_static }} +REDIS_PORT={{ cm_policy_server_port }} +{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }} {% endraw %} JSON_CFG_FILE=tsgconf/tsg_maat.json INC_CFG_DIR=tsgrule/inc/index/ @@ -24,8 +24,8 @@ TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf STAT_FILE=tsg_dynamic_maat.status EFFECT_INTERVAL_S=1 REDIS_IP={{ cm_policy_server_ip }} -{% raw %}REDIS_PORT={{ cm.policy_server.port }} -REDIS_INDEX={{ cm.policy_server.db_dynamic }} +REDIS_PORT={{ cm_policy_server_port }} +{% raw %}REDIS_INDEX={{ cm.policy_server.db_dynamic }} {% endraw %} JSON_CFG_FILE=tsgconf/tsg_maat.json INC_CFG_DIR=tsgrule/inc/index/ @@ -40,8 +40,8 @@ TABLE_INFO=tsgconf/app_sketch_tableinfo.conf STAT_FILE=app_sketch_maat.status EFFECT_INTERVAL_S=1 REDIS_IP={{ cm_policy_server_ip }} -{% raw %}REDIS_PORT={{ cm.policy_server.port }} -REDIS_INDEX={{ cm.policy_server.db_static }} +REDIS_PORT={{ cm_policy_server_port }} +{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }} {% endraw %} JSON_CFG_FILE=tsgconf/app_sketch_maat.json INC_CFG_DIR=tsgrule/inc/index/ @@ -56,8 +56,8 @@ TABLE_INFO=tsgconf/capture_packet_tableinfo.conf STAT_FILE=capture_packet.status EFFECT_INTERVAL_S=1 REDIS_IP={{ cm_policy_server_ip }} -{% raw %}REDIS_PORT={{ cm.policy_server.port }} -REDIS_INDEX={{ cm.policy_server.db_static }} +REDIS_PORT={{ cm_policy_server_port }} +{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }} {% endraw %} JSON_CFG_FILE=tsgconf/capture_packet_maat.json INC_CFG_DIR=tsgrule/inc/index/ diff --git a/ansible/roles/maat-redis/templates/maat-redis.conf.j2.j2 b/ansible/roles/maat-redis/templates/maat-redis.conf.j2.j2 index 3764dacf..b75459f3 100644 --- a/ansible/roles/maat-redis/templates/maat-redis.conf.j2.j2 +++ b/ansible/roles/maat-redis/templates/maat-redis.conf.j2.j2 @@ -89,8 +89,7 @@ protected-mode no # Accept connections on the specified port, default is 6379 (IANA #815344). # If port 0 is specified Redis will not listen on a TCP socket. -{% raw %}port {{ cm.policy_server.port }} -{% endraw %} +port 7002 # TCP listen() backlog. # # In high requests-per-second environments you need an high backlog in order @@ -155,8 +154,7 @@ supervised no # # Creating a pid file is best effort: if Redis is not able to create it # nothing bad happens, the server will start and run normally. -{% raw %}pidfile /var/run/redis_{{ cm.policy_server.port }}.pid -{% endraw %} +pidfile /var/run/redis_7002.pid # Specify the server verbosity level. # This can be one of: # debug (a lot of information, useful for development/testing) diff --git a/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 b/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 index 06c9c411..c113554d 100644 --- a/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 +++ b/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 @@ -45,9 +45,8 @@ log_fsstat_dst_port=8125 enable=0 token_name=ratelimit redis_server={{ cm_policy_server_ip }} -{% raw %}redis_port={{ cm.policy_server.port }} +redis_port={{ cm_policy_server_port }} redis_db_index=6 -{% endraw %} [tango_cache] enable_cache=0 diff --git a/ansible/roles/tfe/templates/tfe.conf.j2.j2 b/ansible/roles/tfe/templates/tfe.conf.j2.j2 index 966b7585..600a0ce8 100644 --- a/ansible/roles/tfe/templates/tfe.conf.j2.j2 +++ b/ansible/roles/tfe/templates/tfe.conf.j2.j2 @@ -219,8 +219,8 @@ json_cfg_file=resource/pangu/pangu_http.json # redis mode conf iterm maat_redis_server={{ cm_policy_server_ip }} -{% raw %}maat_redis_port_range={{ cm.policy_server.port }} -maat_redis_db_index={{ cm.policy_server.db_static }} +maat_redis_port_range={{ cm_policy_server_port }} +{% raw %}maat_redis_db_index={{ cm.policy_server.db_static }} {% endraw %} # iris mode conf iterm diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 index acbf89af..80e4adfe 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 @@ -77,10 +77,11 @@ - name: "set cm_policy_server_ip var depend on enable_policy_local_cache" set_fact: cm_policy_server_ip: "{{ item.cm_policy_server_ip }}" + cm_policy_server_port: "{{ item.cm_policy_server_port }}" when: feature.enable_policy_local_cache == item.enable_policy_local_cache with_items: - - { "enable_policy_local_cache": 1, "npb_device": tera, "cm_policy_server_ip": 192.168.100.1 } - - { "enable_policy_local_cache": 0, "npb_device": inline_device, "cm_policy_server_ip": "{{ cm.policy_server.address }}" } + - { "enable_policy_local_cache": 1, "npb_device": tera, "cm_policy_server_ip": 192.168.100.1, "cm_policy_server_port": 7002 } + - { "enable_policy_local_cache": 0, "npb_device": inline_device, "cm_policy_server_ip": "{{ cm.policy_server.address }}", "cm_policy_server_port": "{{ cm.policy_server.port }}"} - name: "Add sapp service service_attach_startpre.conf.tera when NPB_device type is tera" copy: diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01 index da35c503..3f27079f 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN123P01R01 @@ -58,10 +58,11 @@ - name: "set cm_policy_server_ip var depend on enable_policy_local_cache" set_fact: cm_policy_server_ip: "{{ item.cm_policy_server_ip }}" + cm_policy_server_port: "{{ item.cm_policy_server_port }}" when: feature.enable_policy_local_cache == item.enable_policy_local_cache with_items: - - { "enable_policy_local_cache": 1, "cm_policy_server_ip": 192.168.100.1 } - - { "enable_policy_local_cache": 0, "cm_policy_server_ip": "{{cm.policy_server.address}}" } + - { "enable_policy_local_cache": 1, "cm_policy_server_ip": 192.168.100.1, "cm_policy_server_port": 7002 } + - { "enable_policy_local_cache": 0, "cm_policy_server_ip": "{{cm.policy_server.address}}", "cm_policy_server_port": "{{ cm.policy_server.port }}"} - name: "tsg-os-provision: template the tsg_device_tag" template: diff --git a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 index 072fb4d9..8302a525 100644 --- a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 +++ b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 @@ -47,8 +47,8 @@ inc_dir=./redis_dump/ full_dir=./redis_dump/ redis_server_ip={{ cm_policy_server_ip }} +redis_server_port={{ cm_policy_server_port }} {% raw %}REDIS_PORT_NUM={{ cm.policy_server.port_num }} -redis_server_port={{ cm.policy_server.port }} redis_index={{ cm.policy_server.db_static }} {% endraw %}