gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor:将os stage1配置文件由原来的配置项位置命名方式抽象为HAL命名方式

Browse Source
This commit is contained in:
fumingwei
2021-10-28 11:26:21 +08:00
parent ece8ce3add
commit 3ba9652efa
43 changed files with 462 additions and 452 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml
View File

@@ -1,85 +1,58 @@
# TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-7400 硬件平台
# variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "." 和
firewall:
capture_packet_plug_conf:
LOG:
NIC_NAME: eth_ctl
main_conf:
TSG_LOG:
NIC_NAME: eth_ctl
SYSTEM:
NIC_NAME: eth_ctl
control_and_policy:
nic_name: eth_ctl
kni:
kni_conf:
global:
tfe_node_count: 3
manage_eth: eth_ctl
tfe_node_list:
- node_id: 0
dev_eth_symbol: eth_mcn1
ip_addr: 192.168.100.2
- node_id: 1
dev_eth_symbol: eth_mcn2
ip_addr: 192.168.100.3
- node_id: 2
dev_eth_symbol: eth_mcn3
ip_addr: 192.168.100.4
tfe_cmsg_receiver:
listen_eth: eth_pf.100
watch_dog:
listen_eth: eth_pf.100
workload_zcpd:
cpu_affinity: 52,53,54,55
hugepage_num_1G: 32
mrzcpd:
mrglobal_conf:
device:
nic_raw: eth_raw
nic_mcn1: eth_mcn1
nic_mcn2: eth_mcn2
nic_mcn3: eth_mcn3
service:
iocore: 52,53,54,55
prefix_path: /opt/tsg/mrzcpd
workload_firewall:
cpu_affinity: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
worker_threads: 42
send_only_threads_max: 1
sapp:
gdev_conf:
Module:
pcapdevice: eth_raw
sendto_gdev_card: eth_raw
sendto_gdev_ip: '{% raw %}{{ gdev_conf_keep_alive_ip }}{% endraw %}'
sapp_toml:
CPU:
worker_threads: 42
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
PACKET_IO:
packet_io_internal_interface:
name: eth_raw
overlay_tunnel_definition:
overlay_mode: '{% raw %}{{ sapp_overlay_mode }}{% endraw %}'
send_raw_pkt_conf:
nic_name: eth_raw
prefix_path: /opt/tsg/sapp
dp_steering_proxy:
###### location: value {local, foreign}
location: foreign
node_count: 3
node_list:
- id: 0
nic_name: eth_mcn1
addr: 192.168.100.2
- id: 1
nic_name: eth_mcn2
addr: 192.168.100.3
- id: 2
nic_name: eth_mcn3
addr: 192.168.100.4
nic_cmsg_and_watchdog: eth_pf.100
tsg_diagnose:
docker_compose_yml:
virtual_server_nic: eth_dign_s
virtual_client_nic: eth_dign_c
dp_traffic_mirror:
nic_name: eth_mirr_d
cm_policy_server_ip: '{% raw %}{{ cm_policy_server_ip }}{% endraw %}'
cm_policy_server_port: '{% raw %}{{ cm_policy_server_port }}{% endraw %}'
dp_steering_firewall:
#deloyment value: mirror,inline, transparent. mirror = one arm + mirror, inline = one arm + series, transparent = two arm + series
deployment: inline
#encapsulation value: vlan, vxlan, raw, provision
encapsulation: provision
# capture_packet value: pcap, driver
capture_packet: driver
nic_internal: eth_raw
enable_mirror: 1
wannat_wangw:
wangw_conf:
main:
NAT_GW_tunnel_device: eth_ctl
diagnose:
virtual_server_nic: eth_vf_dign_s
virtual_client_nic: eth_vf_dign_c
wire_graft:
wire_graft_conf:
main:
identification_by_which_device: eth_ctl
prefix_path:
mrzcpd: /opt/tsg/mrzcpd
framework: /opt/tsg/framework
sapp: /opt/tsg/sapp
framework:
prefix_path: /opt/tsg/framework
monitor:
enable_redis_exporter: 1
enable_ipmi_exporter: 1
### server, 7400mcn0 7400mcn123 9140
runtime_env: 7400mcn0

67
ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml
View File

@@ -1,38 +1,41 @@
# TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-7400 硬件平台
# variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "." 和
mrzcpd:
mrglobal_conf:
device:
nic_mirr: eth_mirr_d
service:
iocore: 53,54
prefix_path: /opt/tsg/mrzcpd
control_and_policy:
nic_name: eth_ctl
tfe:
tfe_env_config:
TFE_DEVICE_DATA_INCOMING: eth_pxy
TFE_PEER_MAC_DATA_INCOMING: aa:bb:cc:dd:ee:ff
tfe_conf:
system:
nr_worker_threads: 32
enable_cpu_affinity: 0
kni:
ip: 192.168.100.1
ssl:
mc_cache_eth: eth_ctl
key_keeper:
cert_store_host: 192.168.100.1
kafka:
NIC_NAME: eth_ctl
traffic_mirror:
enable: 1
device: eth_mirr_d
type: 1
default_vlan_id_for_mac: 0
workload_zcpd:
cpu_affinity: 53,54
hugepage_num_1G: 32
cm_policy_server_ip: '{% raw %}{{ cm_policy_server_ip }}{% endraw %}'
cm_policy_server_port: '{% raw %}{{ cm_policy_server_port }}{% endraw %}'
dp_traffic_mirror:
nic_name: eth_mirr_d
framework:
prefix_path: /opt/tsg/framework
prefix_path:
mrzcpd: /opt/tsg/mrzcpd
framework: /opt/tsg/framework
dp_steering_proxy:
###### location: value {local, foreign}
location: local
node_list:
- nic_name: eth_vf_kni
dp_proxy:
nic_name_data_incoming: eth_pxy
mac_addr_data_incoming: aa:bb:cc:dd:ee:ff
enable_cpu_affinity: 0
cpu_affinity: 1-8
worker_thread: 32
enable_traffic_mirror: 1
traffic_mirror_type: 1
traffic_mirror_vlan_id: 0
dp_certstore:
location: local
monitor:
enable_redis_exporter: 0
enable_ipmi_exporter: 1
runtime_env: 7400mcn123

139
ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml
View File

@@ -1,100 +1,59 @@
# TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-9140 硬件平台
# variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "."
firewall:
capture_packet_plug_conf:
LOG:
NIC_NAME: eth_vf_ctl
main_conf:
TSG_LOG:
NIC_NAME: eth_vf_ctl
SYSTEM:
NIC_NAME: eth_vf_ctl
control_and_policy:
nic_name: eth_vf_ctl
kni:
kni_conf:
global:
tfe_node_count: 1
manage_eth: eth_vf_ctl
tfe_node_list:
- node_id: 0
dev_eth_symbol: eth_vf_kni
ip_addr: 127.0.0.1
tfe_cmsg_receiver:
listen_eth: lo
watch_dog:
listen_eth: lo
workload_zcpd:
cpu_affinity: 1,2,3,4
hugepage_num_1G: 16
mrzcpd:
mrglobal_conf:
device:
nic_raw: eth_vf_raw
nic_to_tfe: eth_vf_kni
nic_mirr: eth_vf_mirr
service:
iocore: 1,2,3,4
prefix_path: /opt/tsg/mrzcpd
dp_traffic_mirror:
nic_name: eth_vf_mirr
sapp:
gdev_conf:
Module:
pcapdevice: eth_vf_raw
sendto_gdev_card: eth_vf_raw
sendto_gdev_ip: '{% raw %}10.252.{{ keepalive_subnet_ip }}.1{% endraw %}'
sapp_toml:
CPU:
worker_threads: 43
send_only_threads_max: 0
bind_mask: 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47
PACKET_IO:
packet_io_internal_interface:
name: eth_vf_raw
overlay_tunnel_definition:
overlay_mode: vxlan
send_raw_pkt_conf:
nic_name: eth_vf_raw
prefix_path: /opt/tsg/sapp
workload_firewall:
cpu_affinity: 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47
worker_threads: 43
send_only_threads_max: 0
dp_steering_firewall:
deployment: inline
encapsulation: vxlan
capture_packet: driver
nic_internal: eth_vf_raw
enable_mirror: 1
diagnose:
virtual_server_nic: eth_vf_dign_s
virtual_client_nic: eth_vf_dign_c
prefix_path:
mrzcpd: /opt/tsg/mrzcpd
framework: /opt/tsg/framework
sapp: /opt/tsg/sapp
dp_steering_proxy:
###### location: value {local, foreign}
location: local
node_list:
- nic_name: eth_vf_kni
dp_proxy:
nic_name_data_incoming: eth_vf_tfe
mac_addr_data_incoming: 00:0e:c6:d6:72:c1
enable_cpu_affinity: 1
cpu_affinity: 48-55
worker_thread: 7
enable_traffic_mirror: 1
traffic_mirror_type: 1
traffic_mirror_vlan_id: 1025
dp_certstore:
location: local
# “default_vlan_id_for_mac” needs to be modified according to the vlan plan of the device
tfe:
tfe_env_config:
TFE_DEVICE_DATA_INCOMING: eth_vf_tfe
TFE_PEER_MAC_DATA_INCOMING: 00:0e:c6:d6:72:c1
tfe_conf:
system:
nr_worker_threads: 7
enable_cpu_affinity: 1
kni:
ip: 127.0.0.1
ssl:
mc_cache_eth: eth_vf_ctl
key_keeper:
cert_store_host: 127.0.0.1
kafka:
NIC_NAME: eth_vf_ctl
traffic_mirror:
enable: 1
device: eth_vf_mirr
type: 1
default_vlan_id_for_mac: 1025
tsg_diagnose:
docker_compose_yml:
virtual_server_nic: eth_vf_dign_s
virtual_client_nic: eth_vf_dign_c
monitor:
enable_redis_exporter: 0
enable_ipmi_exporter: 0
cm_policy_server_ip: '{% raw %}{{ cm.policy_server.address }}{% endraw %}'
cm_policy_server_port: '{% raw %}{{ cm.policy_server.port }}{% endraw %}'
wannat_wangw:
wangw_conf:
main:
NAT_GW_tunnel_device: eth_vf_ctl
wire_graft:
wire_graft_conf:
main:
identification_by_which_device: eth_vf_ctl
framework:
prefix_path: /opt/tsg/framework
runtime_env: 9140

8
ansible/roles/certstore/tasks/main.yml
View File

@@ -2,12 +2,8 @@
file: path=/opt/tsg state=directory
tags: mkdir
- name: install certstore
yum:
name:
- "{{ certstore_rpm_version.certstore }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
- name: "Install certstore"
shell: rpm -i /tmp/rpm_download/{{ certstore_rpm_version.certstore }}*
- name: template certstore configure file
template:

4
ansible/roles/certstore/templates/cert_store.ini.j2.j2
View File

@@ -69,8 +69,8 @@ port = 6379
[MAAT_REDIS]
#Maat monitors the Redsi server IP address and port number
ip = {{ cm_policy_server_ip }}
port = {{ cm_policy_server_port }}
ip = {% raw %}{{ cm_policy_server_ip }}{% endraw %}
port = {% raw %}{{ cm_policy_server_port }}{% endraw %}
{% raw %}dbindex = {{ cm.policy_server.db_static }}
{% endraw %}
[stat]

14
ansible/roles/exporter/tasks/main.yml
View File

@@ -26,14 +26,14 @@
src: '{{ role_path }}/files/redis_exporter'
dest: /opt/tsg/exporter/redis_exporter
mode: 0755
when: PROFILE_ID == '7400-MCN0-P01R01'
when: monitor.enable_redis_exporter == 1
- name: "copy ipmi_exporter"
copy:
src: '{{ role_path }}/files/ipmi_exporter'
dest: /opt/tsg/exporter/ipmi_exporter
mode: 0755
when: PROFILE_ID != '9000-NPB-P01R01'
when: monitor.enable_ipmi_exporter == 1
- name: "templates atca-exporter-node.service"
template:
@@ -52,7 +52,7 @@
src: "{{role_path}}/templates/exporter-ipmi.service.j2"
dest: /usr/lib/systemd/system/exporter-ipmi.service
tags: template
when: PROFILE_ID != '9000-NPB-P01R01'
when: monitor.enable_ipmi_exporter == 1
- name: "Create /usr/lib/systemd/system/exporter-node.service.d directory if it does not exist"
file:
@@ -77,7 +77,7 @@
mode: '0755'
with_items:
- /usr/lib/systemd/system/exporter-ipmi.service.d
when: PROFILE_ID != '9000-NPB-P01R01'
when: monitor.enable_ipmi_exporter == 1
- name: "copy slice file to exporter-node.service.d"
copy:
@@ -96,7 +96,7 @@
src: "{{ role_path }}/templates/service_override_slice.conf.j2"
dest: /usr/lib/systemd/system/exporter-ipmi.service.d/service_override_slice.conf
mode: 0644
when: PROFILE_ID != '9000-NPB-P01R01'
when: monitor.enable_ipmi_exporter == 1
- name: "replace action: replace service WantedBy from multi-user.target to workload.target"
replace:
@@ -114,7 +114,7 @@
replace: 'WantedBy=workload.target'
with_items:
- /usr/lib/systemd/system/exporter-ipmi.service
when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01'
when: monitor.enable_ipmi_exporter == 1
##################### exporter #####################
- name: 'exporter-node service start'
@@ -131,4 +131,4 @@
systemd:
name: exporter-ipmi
enabled: yes
when: PROFILE_ID != '9000-NPB-P01R01'
when: monitor.enable_ipmi_exporter == 1

11
ansible/roles/firewall/tasks/main.yml
View File

@@ -1,15 +1,6 @@
---
- name: "install firewall packages"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ firewall_rpm_version }}"
- name: "Install firwall that are sapp plugins"
shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ sapp.prefix_path }}
shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ prefix_path.sapp }}
with_dict: "{{ firewall_rpm_version }}"
- name: "Template the tsgconf/main.conf"

16
ansible/roles/firewall/templates/maat.conf.j2.j2
View File

@@ -6,8 +6,8 @@ PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
STAT_FILE=tsg_static_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ cm_policy_server_ip }}
REDIS_PORT={{ cm_policy_server_port }}
REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %}
REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %}
{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
{% endraw %}
JSON_CFG_FILE=tsgconf/tsg_maat.json
@@ -23,8 +23,8 @@ PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
STAT_FILE=tsg_dynamic_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ cm_policy_server_ip }}
REDIS_PORT={{ cm_policy_server_port }}
REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %}
REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %}
{% raw %}REDIS_INDEX={{ cm.policy_server.db_dynamic }}
{% endraw %}
JSON_CFG_FILE=tsgconf/tsg_maat.json
@@ -39,8 +39,8 @@ PERF_SWITCH=1
TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
STAT_FILE=app_sketch_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ cm_policy_server_ip }}
REDIS_PORT={{ cm_policy_server_port }}
REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %}
REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %}
{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
{% endraw %}
JSON_CFG_FILE=tsgconf/app_sketch_maat.json
@@ -55,8 +55,8 @@ PERF_SWITCH=1
TABLE_INFO=tsgconf/capture_packet_tableinfo.conf
STAT_FILE=capture_packet.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ cm_policy_server_ip }}
REDIS_PORT={{ cm_policy_server_port }}
REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %}
REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %}
{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
{% endraw %}
JSON_CFG_FILE=tsgconf/capture_packet_maat.json

9
ansible/roles/firewall/templates/main.conf.j2.j2
View File

@@ -39,7 +39,7 @@ IP_ADDR_TABLE="TSG_SECURITY_ADDR"
[TSG_LOG]
MODE=1
NIC_NAME="{{ firewall.main_conf.TSG_LOG.NIC_NAME }}"
NIC_NAME="{{ control_and_policy.nic_name }}"
MAX_SERVICE=1
LOG_LEVEL=30
LOG_PATH="./tsglog/tsglog"
@@ -64,7 +64,7 @@ OUTPUT_PATH="./tsg_stat.log"
APP_NAME="tsg_master"
[SYSTEM]
NIC_NAME="{{ firewall.main_conf.SYSTEM.NIC_NAME }}"
NIC_NAME="{{ control_and_policy.nic_name }}"
{% raw %}{% if data_center.id is defined %}
DATACENTER_ID={{ data_center.id }}
{% elif session_id_generator.snowflake_worker_id_base is defined %}
@@ -144,13 +144,12 @@ icmp_flood_thresh="{{ ddossketch.icmp_flood_report_thresh }}"
dns_flood_thresh="{{ ddossketch.dns_flood_report_thresh }}"
{% endraw %}
{% if PROFILE_ID == '9000-NPB-P01R01' %}
{% if dp_steering_firewall.enable_mirror == 1 %}
[TRAFFIC_MIRROR]
TRAFFIC_MIRROR_ENABLE=1
NIC_NAME=eth_vf_mirr
NIC_NAME={{ dp_traffic_mirror.nic_name }}
DEFAULT_VLAN_ID=2
{% endif %}
[RADIUS_PLUG]
{% raw %}{% set tags_list = [] %}
{% if data_center.name is defined %}

11
ansible/roles/framework/tasks/main.yml
View File

@@ -11,17 +11,8 @@
- rsyslog-kafka
- librdkafka
- name: "install framework packages"
yum:
name: "{{ item.value }}"
state: present
conf_file: "{{ rpm_repo_config_path }}"
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ framework_rpm_version }}"
- name: "Install frameworks"
shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ framework.prefix_path }}
shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ prefix_path.framework }}
with_dict: "{{ framework_rpm_version }}"
- name: "mkdir /etc/ld.so.conf.d/"

10
ansible/roles/http_healthcheck/tasks/main.yml
View File

@@ -1,10 +1,2 @@
- name: "install http_healthcheck from localhost"
yum:
name: "{{ http_healthcheck_rpm_version.http_healthcheck }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "Install http_healthcheck that is sapp plugins"
shell: rpm -i /tmp/rpm_download/{{ http_healthcheck_rpm_version.http_healthcheck }}* --prefix {{ sapp.prefix_path }}
shell: rpm -i /tmp/rpm_download/{{ http_healthcheck_rpm_version.http_healthcheck }}* --prefix {{ prefix_path.sapp }}

10
ansible/roles/kni/tasks/main.yml
View File

@@ -1,15 +1,7 @@
---
- name: "install kni rpms from localhost"
yum:
name:
- "{{ kni_rpm_version.kni }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "Install kni that is sapp plugin with prefix option"
shell: rpm -i /tmp/rpm_download/{{ kni_rpm_version.kni }}* --prefix {{ sapp.prefix_path }}
shell: rpm -i /tmp/rpm_download/{{ kni_rpm_version.kni }}* --prefix {{ prefix_path.sapp }}
- name: Template the kni.conf
template:

41
ansible/roles/kni/templates/kni.conf.j2
View File

@@ -1,27 +1,52 @@
[global]
log_path = ./log/kni/kni.log
log_level = 30
tfe_node_count = {{ kni.kni_conf.global.tfe_node_count }}
manage_eth = {{ kni.kni_conf.global.manage_eth }}
{% if dp_steering_proxy.location == 'local' %}
tfe_node_count = 1
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
tfe_node_count = {{ dp_steering_proxy.node_count }}
{% endif %}
manage_eth = {{ control_and_policy.nic_name }}
deploy_mode = normal
tun_name = tun_kni
src_mac_addr = 00:0e:c6:d6:72:c1
dst_mac_addr = fe:65:b7:03:50:bd
{% for tfe_node_info in kni.kni_conf.tfe_node_list %}
[tfe{{ tfe_node_info.node_id }}]
{% for tfe_node_info in dp_steering_proxy.node_list %}
{% if dp_steering_proxy.location == 'local' %}
[tfe0]
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
[tfe{{ tfe_node_info.id }}]
{% endif %}
enabled = 1
dev_eth_symbol = {{ tfe_node_info.dev_eth_symbol }}
ip_addr = {{ tfe_node_info.ip_addr }}
dev_eth_symbol = {{ tfe_node_info.nic_name }}
{% if dp_steering_proxy.location == 'local' %}
ip_addr = 127.0.0.1
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
ip_addr = {{ tfe_node_info.addr }}
{% endif %}
{% endfor %}
[tfe_cmsg_receiver]
listen_eth = {{ kni.kni_conf.tfe_cmsg_receiver.listen_eth }}
{% if dp_steering_proxy.location == 'local' %}
listen_eth = lo
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
listen_eth = {{ dp_steering_proxy.nic_cmsg_and_watchdog }}
{% endif %}
listen_port = 2475
[watch_dog]
switch = 1
listen_eth = {{ kni.kni_conf.watch_dog.listen_eth }}
{% if dp_steering_proxy.location == 'local' %}
listen_eth = lo
{% endif %}
{% if dp_steering_proxy.location == 'foreign' %}
listen_eth = {{ dp_steering_proxy.nic_cmsg_and_watchdog }}
{% endif %}
listen_port = 2476
keepalive_idle = 2
keepalive_intvl = 1

18
ansible/roles/mrzcpd/tasks/main.yml
View File

@@ -1,14 +1,6 @@
---
- name: "download mrzcpd rpm into local /tmp/rpm_download"
yum:
name: "{{ mrzcpd_rpm_version.mrzcpd }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "Install mrzcpd rpm package"
shell: rpm -i /tmp/rpm_download/{{ mrzcpd_rpm_version.mrzcpd }}* --prefix {{ mrzcpd.prefix_path }}
shell: rpm -i /tmp/rpm_download/{{ mrzcpd_rpm_version.mrzcpd }}* --prefix {{ prefix_path.mrzcpd }}
- name: "update /etc/ld.so.conf.d/mrzcpd.conf"
template:
@@ -24,7 +16,7 @@
replace:
path: "{{ item }}"
regexp: '/opt/mrzcpd'
replace: '{{ mrzcpd.prefix_path }}'
replace: '{{ prefix_path.mrzcpd }}'
with_items:
- /etc/profile.d/mrzcpd.sh
- /opt/tsg/mrzcpd/lib/pkgconfig/mrzcpd.pc
@@ -62,21 +54,21 @@
src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.9000NPBP01R01"
dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
when:
- PROFILE_ID == '9000-NPB-P01R01'
- runtime_env == '9140'
- name: "update mrglobal.conf - TSG7400 - mcn0"
template:
src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.7400MCN0P01R01"
dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
when:
- PROFILE_ID == '7400-MCN0-P01R01'
- runtime_env == '7400mcn0'
- name: "update mrglobal.conf - TSG7400 - mcn1 mcn2 mcn3"
template:
src: "{{ role_path }}/templates/mrglobal.conf.j2.7400MCN123P01R01"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
when:
- PROFILE_ID == '7400-MCN123-P01R01'
- runtime_env == '7400mcn123'
- name: "replace action: replace service WantedBy from multi-user.target to workload.target"
replace:

6
ansible/roles/mrzcpd/templates/mrglobal.conf.j2.7400MCN123P01R01
View File

@@ -1,14 +1,14 @@
[device]
device={{ mrzcpd.mrglobal_conf.device.nic_mirr }}
device={{ dp_traffic_mirror.nic_name }}
sz_tunnel=8192
sz_buffer=0
[device:{{ mrzcpd.mrglobal_conf.device.nic_mirr }}]
[device:{{ dp_traffic_mirror.nic_name }}]
promisc=0
rssmode=0
[service]
iocore={{ mrzcpd.mrglobal_conf.service.iocore }}
iocore={{ workload_zcpd.cpu_affinity }}
[eal]
virtaddr=0x7d0000000000

21
ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.7400MCN0P01R01
View File

@@ -1,9 +1,11 @@
[device]
device={{ mrzcpd.mrglobal_conf.device.nic_raw }},{{ mrzcpd.mrglobal_conf.device.nic_mcn1 }},{{ mrzcpd.mrglobal_conf.device.nic_mcn2 }},{{ mrzcpd.mrglobal_conf.device.nic_mcn3 }}
{% set steeering_to_proxy_nic_list = [] %}
{% for node_info in dp_steering_proxy.node_list %}{{ steeering_to_proxy_nic_list.append(node_info.nic_name) }}{% endfor %}
device={{ dp_steering_firewall.nic_internal }},{{ steeering_to_proxy_nic_list | join(",") }}
sz_tunnel=8192
sz_buffer=0
[device:{{ mrzcpd.mrglobal_conf.device.nic_raw }}]
[device:{{ dp_steering_firewall.nic_internal }}]
{% raw %}{% if npb_device == 'inline_device' %}
in_addr={{inline_device_settings.keepalive.ip}}
in_mask={{inline_device_settings.keepalive.mask}}
@@ -25,24 +27,17 @@ promisc=1
allmulticast=1
rssmode=0
[device:{{ mrzcpd.mrglobal_conf.device.nic_mcn1 }}]
{% for node_info in dp_steering_proxy.node_list %}
[device:{{ node_info.nic_name }}]
promisc=1
allmulticast=1
rssmode=0
[device:{{ mrzcpd.mrglobal_conf.device.nic_mcn2 }}]
promisc=1
allmulticast=1
rssmode=0
[device:{{ mrzcpd.mrglobal_conf.device.nic_mcn3 }}]
promisc=1
allmulticast=1
rssmode=0
{% endfor %}
[service]
# lcore id for i/o service, use comma to split
iocore={{ mrzcpd.mrglobal_conf.service.iocore }}
iocore={{ workload_zcpd.cpu_affinity }}
{% raw %}{% if session_distribution_policy.hash_key == 'outer-most-sip-dip' %}
distmode=0
{% endif %}

15
ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01
View File

@@ -1,9 +1,11 @@
[device]
device={{ mrzcpd.mrglobal_conf.device.nic_raw }},{{ mrzcpd.mrglobal_conf.device.nic_to_tfe }},{{ mrzcpd.mrglobal_conf.device.nic_mirr }}
{% set steeering_to_proxy_nic_list = [] %}
{% for node_info in dp_steering_proxy.node_list %}{{ steeering_to_proxy_nic_list.append(node_info.nic_name) }}{% endfor %}
device={{ dp_steering_firewall.nic_internal }},{{ steeering_to_proxy_nic_list | join(",") }}
sz_tunnel=8192
sz_buffer=0
[device:{{ mrzcpd.mrglobal_conf.device.nic_raw }}]
[device:{{ dp_steering_firewall.nic_internal }}]
mtu=4096
clear_tx_flags=1
hw_strip_crc=1
@@ -13,7 +15,8 @@ vlan-strip=1
in_mask=255.255.0.0
rssmode=2
[device:{{ mrzcpd.mrglobal_conf.device.nic_to_tfe }}]
{% for node_info in dp_steering_proxy.node_list %}
[device:{{ node_info.nic_name }}]
mtu=4096
clear_tx_flags=1
vlan-filter=1
@@ -26,7 +29,9 @@ sz_tunnel=8192
sz_buffer=0
rssmode=2
[device:{{ mrzcpd.mrglobal_conf.device.nic_mirr }}]
{% endfor %}
[device:{{ dp_traffic_mirror.nic_name }}]
mtu=2048
hw_strip_crc=1
rssmode=2
@@ -34,7 +39,7 @@ vlan-strip=1
[service]
# lcore id for i/o service, use comma to split
iocore={{ mrzcpd.mrglobal_conf.service.iocore }}
iocore={{ workload_zcpd.cpu_affinity }}
{% raw %}{% if session_distribution_policy.hash_key == 'outer-most-sip-dip' %}
distmode=0
{% endif %}

7
ansible/roles/mrzcpd/templates/mrzcpd.j2
View File

@@ -1,8 +1,3 @@
MRZCPD_ROOT=/opt/tsg/mrzcpd
{% if PROFILE_ID == '9000-NPB-P01R01' %}
HUGEPAGE_NUM_1G=16
{% endif %}
{% if PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01' %}
HUGEPAGE_NUM_1G=32
{% endif %}
HUGEPAGE_NUM_1G={{ workload_zcpd.hugepage_num_1G }}
DEFAULT_UIO_MODULE="vfio_pci"

123
ansible/roles/rpm_packages_download/tasks/main.yml Normal file
View File

@@ -0,0 +1,123 @@
---
- name: "download rpm packages: certstore"
yum:
name:
- "{{ certstore_rpm_version.certstore }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "download rpm packages: firewall"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ firewall_rpm_version }}"
- name: "uninstall rsyslog-kafka and librdkafka"
yum:
name: "{{ item }}"
state: absent
with_items:
- rsyslog-kafka
- librdkafka
- name: "download rpm packages: framework"
yum:
name: "{{ item.value }}"
state: present
conf_file: "{{ rpm_repo_config_path }}"
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ framework_rpm_version }}"
- name: "download rpm packages: kni"
yum:
name:
- "{{ kni_rpm_version.kni }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "download rpm packages: mrzcpd"
yum:
name: "{{ mrzcpd_rpm_version.mrzcpd }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "download rpm packages: sapp and tcpdump_mesa"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ sapp_rpm_version }}"
- name: "download rpm packages: tfe"
yum:
name:
- "{{ tfe_rpm_version.tfe }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "download rpm packages: app_skecth_local"
yum:
name: "{{ tsg_app_rpm_version.app_sketch_local }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "install tsg_master from localhost"
yum:
name:
- "{{ tsg_master_rpm_version.tsg_master }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "Install tsg-diagnose rpm package"
yum:
name:
- "{{ tsg_diagnose_rpm_version.tsg_diagnose }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "install http_healthcheck from localhost"
yum:
name: "{{ http_healthcheck_rpm_version.http_healthcheck }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "install wannat wangw plug packages"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ wannat_wangw_rpm_version }}"
- name: "install wire_graft plug packages"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ wire_graft_rpm_version }}"

25
ansible/roles/sapp/tasks/main.yml
View File

@@ -9,20 +9,11 @@
- /opt/tsg/sapp
- /opt/tsg/framework
- name: "download sapp and tcpdump_mesa rpms from localhost"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ sapp_rpm_version }}"
- name: "Install sapp and tcpdump_mesa rpm package"
shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix_path }}
with_items:
- {"rpm_version": "{{ sapp_rpm_version.sapp }}", "prefix_path": "{{ sapp.prefix_path }}" }
- {"rpm_version": "{{ sapp_rpm_version.tcpdump_mesa }}", "prefix_path": "{{ framework.prefix_path }}" }
- {"rpm_version": "{{ sapp_rpm_version.sapp }}", "prefix_path": "{{ prefix_path.sapp }}" }
- {"rpm_version": "{{ sapp_rpm_version.tcpdump_mesa }}", "prefix_path": "{{ prefix_path.framework }}" }
- name: replace sapp service
replace:
@@ -70,7 +61,7 @@
dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2
tags: template
when:
- PROFILE_ID == '9000-NPB-P01R01'
- runtime_env == '9140'
- name: Template the conflist.inf - tsg_7400
template:
@@ -78,7 +69,7 @@
dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2
tags: template
when:
- PROFILE_ID == '7400-MCN0-P01R01'
- runtime_env == '7400mcn0'
- name: Template the entrylist.conf.j2
template:
@@ -97,8 +88,6 @@
src: "{{ role_path }}/templates/necessary_plug_list.conf.j2"
dest: /opt/tsg/sapp/etc/necessary_plug_list.conf
tags: template
when:
- PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '9000-NPB-P01R01'
- name: Template the vlan_flipping_map.conf - tsg-9140
template:
@@ -106,7 +95,7 @@
dest: /opt/tsg/sapp/etc/vlan_flipping_map.conf
tags: template
when:
- PROFILE_ID == '9000-NPB-P01R01'
- runtime_env == '9140'
- name: Template the vlan_flipping_map.conf - tsg-7400
template:
@@ -114,7 +103,7 @@
dest: /opt/tsg/tsg-os-provision/templates/vlan_flipping_map.conf.j2
tags: template
when:
- PROFILE_ID == '7400-MCN0-P01R01'
- runtime_env == '7400mcn0'
- name: Template the sapp_log.conf
template:
@@ -177,7 +166,7 @@
- { src: "{{ role_path }}/files/service_attach_startpre.conf.except_tera", mode: "0644" }
- { src: "{{ role_path }}/files/tera_fake_promisc_setup.sh", mode: "0755" }
when:
- PROFILE_ID == '7400-MCN0-P01R01'
- runtime_env == '7400mcn0'
- name: "replace action: replace service WantedBy from multi-user.target to workload.target"
replace:

6
ansible/roles/sapp/templates/gdev.conf.j2.j2
View File

@@ -1,5 +1,5 @@
[Module]
pcapdevice={{ sapp.gdev_conf.Module.pcapdevice }}
sendto_gdev_card={{ sapp.gdev_conf.Module.sendto_gdev_card }}
sendto_gdev_ip={{ sapp.gdev_conf.Module.sendto_gdev_ip }}
pcapdevice={{ dp_steering_firewall.nic_internal }}
sendto_gdev_card={{ dp_steering_firewall.nic_internal }}
sendto_gdev_ip={% raw %}{{ gdev_conf_keep_alive_ip }}{% endraw %}
gdev_status_switch=1

34
ansible/roles/sapp/templates/sapp.toml.j2.j2
View File

@@ -10,9 +10,9 @@ instance_name = "sapp4"
[CPU]
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
worker_threads={{ sapp.sapp_toml.CPU.worker_threads }}
send_only_threads_max={{ sapp.sapp_toml.CPU.send_only_threads_max }}
bind_mask=[{{ sapp.sapp_toml.CPU.bind_mask }}]
worker_threads={{ workload_firewall.worker_threads }}
send_only_threads_max={{ workload_firewall.send_only_threads_max }}
bind_mask=[{{ workload_firewall.cpu_affinity }}]
[MEM]
dictator_enable=1
@@ -25,8 +25,15 @@ dictator_enable=1
l2_l3_tunnel_support=1
### note, optional value is [none, vxlan]
overlay_mode={{ sapp.sapp_toml.PACKET_IO.overlay_tunnel_definition.overlay_mode }}
{% if dp_steering_firewall.encapsulation == 'vlan' or dp_steering_firewall.encapsulation == 'raw' %}
overlay_mode=none
{% endif %}
{% if dp_steering_firewall.encapsulation == 'vxlan' %}
overlay_mode=vxlan
{% endif %}
{% if dp_steering_firewall.encapsulation == 'provision' %}
overlay_mode={% raw %}{{ sapp_overlay_mode }}{% endraw %}
{% endif %}
[packet_io.feature]
### note, used to represent inbound or outbound direction value,
@@ -61,12 +68,25 @@ dictator_enable=1
### note, depolyment.mode options: [mirror, inline, transparent]
[packet_io.depolyment]
{% if dp_steering_firewall.deployment == 'inline' %}
mode=inline
{% endif %}
{% if dp_steering_firewall.deployment == 'mirror' %}
mode=mirror
{% endif %}
{% if dp_steering_firewall.deployment == 'transparent' %}
mode=transparent
{% endif %}
### note, interface.type options: [pag,pcap,marsio]
[packet_io.internal.interface]
{% if dp_steering_firewall.deployment == 'driver' %}
type=marsio
name={{ sapp.sapp_toml.PACKET_IO.packet_io_internal_interface.name }}
{% endif %}
{% if dp_steering_firewall.deployment == 'pcap' %}
type=pcap
{% endif %}
name={{ dp_steering_firewall.nic_internal }}
[packet_io.external.interface]
type=pcap
name=lo
@@ -264,5 +284,5 @@ dictator_enable=1
data_file_inline_keepalive_log="gdev_keeplive_status.log"
[LIBRARY_LINK]
marsio_library_path="{{ mrzcpd.prefix_path }}/lib/libmarsio.so"
marsio_library_path="{{ prefix_path.mrzcpd }}/lib/libmarsio.so"

4
ansible/roles/sapp/templates/send_raw_pkt.conf.j2
View File

@@ -2,8 +2,8 @@
##(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
#target_id
0 pag p7p2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 {{ sapp.send_raw_pkt_conf.nic_name }} smith dpdk dpdk pag
1 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 {{ sapp.send_raw_pkt_conf.nic_name }} smith dpdk dpdk pag
0 pag p7p2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 {{ dp_steering_firewall.nic_internal }} smith dpdk dpdk pag
1 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 {{ dp_steering_firewall.nic_internal }} smith dpdk dpdk pag
#2 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p1 smith dpdk dpdk pag
#3 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag
#4 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag

8
ansible/roles/tfe/tasks/main.yml
View File

@@ -10,12 +10,8 @@
dest: /usr/lib/systemd/system/
mode: 0644
- name: "install tfe rpms from localhost"
yum:
name:
- "{{ tfe_rpm_version.tfe }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
- name: "Install tfe"
shell: rpm -i /tmp/rpm_download/{{ tfe_rpm_version.tfe }}*
- name: "tfe:copy cert file to device"
copy:

4
ansible/roles/tfe/templates/future.conf.j2
View File

@@ -1,9 +1,9 @@
[STAT]
no_stats=0
{% if PROFILE_ID == '7400-MCN123-P01R01' %}
{% if dp_steering_proxy.location == 'foreign' %}
statsd_server=192.168.100.1
{% endif %}
{% if PROFILE_ID == '9000-NPB-P01R01' %}
{% if dp_steering_proxy.location == 'local' %}
statsd_server=127.0.0.1
{% endif %}
statsd_port=8100

4
ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2
View File

@@ -51,8 +51,8 @@ log_fsstat_dst_port=8125
#hijack flow control
enable=0
token_name=ratelimit
redis_server={{ cm_policy_server_ip }}
redis_port={{ cm_policy_server_port }}
redis_server={% raw %}{{ cm_policy_server_ip }}{% endraw %}
redis_port={% raw %}{{ cm_policy_server_port }}{% endraw %}
redis_db_index=6
[tango_cache]

4
ansible/roles/tfe/templates/tfe-env-config.j2
View File

@@ -1,5 +1,5 @@
TFE_DEVICE_DATA_INCOMING={{ tfe.tfe_env_config.TFE_DEVICE_DATA_INCOMING }}
TFE_DEVICE_DATA_INCOMING={{ dp_proxy.nic_name_data_incoming }}
TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
TFE_PEER_MAC_DATA_INCOMING={{ tfe.tfe_env_config.TFE_PEER_MAC_DATA_INCOMING}}
TFE_PEER_MAC_DATA_INCOMING={{ dp_proxy.mac_addr_data_incoming }}
TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
TFE_PEER_IP_DATA_INCOMING=172.16.241.1

40
ansible/roles/tfe/templates/tfe.conf.j2.j2
View File

@@ -1,5 +1,5 @@
[system]
nr_worker_threads={{ tfe.tfe_conf.system.nr_worker_threads }}
nr_worker_threads={{ dp_proxy.worker_thread }}
enable_kni_v1=0
enable_kni_v2=0
enable_kni_v3=1
@@ -35,8 +35,8 @@ breakpad_upload_tools=/opt/tsg/framework/bin/minidump_upload
# ask for at least (1 + nr_worker_threads) masks
# the first mask for acceptor thread
# the others mask for worker thread
enable_cpu_affinity={{ tfe.tfe_conf.system.enable_cpu_affinity }}
cpu_affinity_mask=48-55
enable_cpu_affinity={{ dp_proxy.enable_cpu_affinity }}
cpu_affinity_mask={{ dp_proxy.cpu_affinity }}
# LEAST_CONN = 0; ROUND_ROBIN = 1
load_balance=1
@@ -56,7 +56,12 @@ queue_no_enobufs=1
# send cmsg
send_switch=1
ip={{ tfe.tfe_conf.kni.ip }}
{% if dp_steering_proxy.location == 'local' %}
ip=127.0.0.1
{% endif %}
{% if dp_steering_proxy.location == 'foreign'%}
ip=192.168.100.1
{% endif %}
cmsg_port=2475
# watch dog
@@ -117,7 +122,7 @@ key_log_file=log/sslkeylog.log
# mid cert cache
mc_cache_enable=1
mc_cache_eth={{ tfe.tfe_conf.ssl.mc_cache_eth }}
mc_cache_eth={{ control_and_policy.nic_name }}
{% raw %}mc_cache_broker_list={{ olap.kafka_broker.address_list | join(",") }}
{% endraw %}
mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
@@ -129,7 +134,12 @@ sasl_passwd=galaxy2019
#0 on cache 1 off cache
no_cache=0
mode=normal
cert_store_host={{ tfe.tfe_conf.key_keeper.cert_store_host }}
{% if dp_certstore == 'local' %}
cert_store_host=127.0.0.1
{% endif %}
{% if dp_certstore == 'foreign'%}
cert_store_host=
{% endif %}
cert_store_port=9991
ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
@@ -169,10 +179,10 @@ tcp_ttl_upstream=75
tcp_ttl_downstream=70
[stat]
{% if PROFILE_ID == '7400-MCN123-P01R01' %}
{% if dp_steering_proxy.location == 'foreign' %}
statsd_server=192.168.100.1
{% endif %}
{% if PROFILE_ID == '9000-NPB-P01R01' %}
{% if dp_steering_proxy.location == 'local' %}
statsd_server=127.0.0.1
{% endif %}
statsd_port=8100
@@ -184,18 +194,18 @@ statsd_set_prometheus_port=9001
statsd_set_prometheus_url_path=/metrics
[traffic_mirror]
enable={{ tfe.tfe_conf.traffic_mirror.enable }}
device={{ tfe.tfe_conf.traffic_mirror.device }}
enable={{ dp_proxy.enable_traffic_mirror }}
device={{ dp_traffic_mirror.nic_name }}
# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO
type={{ tfe.tfe_conf.traffic_mirror.type }}
default_vlan_id_for_mac={{ tfe.tfe_conf.traffic_mirror.default_vlan_id_for_mac }}
type={{ dp_proxy.traffic_mirror_type }}
default_vlan_id_for_mac={{ dp_proxy.traffic_mirror_vlan_id }}
table_info=resource/pangu/table_info_traffic_mirror.conf
stat_file=log/traffic_mirror.status
[kafka]
enable=1
NIC_NAME={{ tfe.tfe_conf.kafka.NIC_NAME }}
NIC_NAME={{ control_and_policy.nic_name }}
{% raw %}kafka_brokerlist={{ olap.kafka_broker.address_list | join(",") }}
{% endraw %}
kafka_topic=PROXY-EVENT
@@ -218,8 +228,8 @@ deferred_load_on=0
json_cfg_file=resource/pangu/pangu_http.json
# redis mode conf iterm
maat_redis_server={{ cm_policy_server_ip }}
maat_redis_port_range={{ cm_policy_server_port }}
maat_redis_server={% raw %}{{ cm_policy_server_ip }}{% endraw %}
maat_redis_port_range={% raw %}{{ cm_policy_server_port }}{% endraw %}
{% raw %}maat_redis_db_index={{ cm.policy_server.db_static }}
{% endraw %}

8
ansible/roles/tsg-diagnose/tasks/main.yml
View File

@@ -1,9 +1,5 @@
- name: "Install tsg-diagnose rpm package"
yum:
name:
- "{{ tsg_diagnose_rpm_version.tsg_diagnose }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
- name: "Install tsg-diagnose"
shell: rpm -i /tmp/rpm_download/{{ tsg_diagnose_rpm_version.tsg_diagnose }}*
- name: "Templates docker-compose.yml"
template:

4
ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2
View File

@@ -99,7 +99,7 @@ networks:
driver: macvlan
enable_ipv6: true
driver_opts:
parent: {{ tsg_diagnose.docker_compose_yml.virtual_server_nic }}
parent: {{ diagnose.virtual_server_nic }}
ipam:
config:
- subnet: 192.0.2.0/24
@@ -114,7 +114,7 @@ networks:
driver: macvlan
enable_ipv6: true
driver_opts:
parent: {{ tsg_diagnose.docker_compose_yml.virtual_client_nic }}
parent: {{ diagnose.virtual_client_nic }}
ipam:
config:
- subnet: 192.0.2.0/24

2
ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml
View File

@@ -43,7 +43,7 @@
replace: 'WantedBy=workload.target'
with_items:
- /usr/lib/systemd/system/exporter-proxy.service
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'
- name: 'exporter-proxy service start'
systemd:

6
ansible/roles/tsg-os-provision-condition/tasks/main.yml
View File

@@ -14,7 +14,7 @@
- telegraf_statistic
- tfe-env
- tfe
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'
- name: "add condition into service depend provision result TSG7400 MCN0"
copy:
@@ -30,7 +30,7 @@
- mrzcpd
- sapp
- telegraf_statistic
when: PROFILE_ID == '7400-MCN0-P01R01'
when: runtime_env == '7400mcn0'
- name: "add condition into service depend provision result TSG7400 MCN0"
copy:
@@ -44,4 +44,4 @@
- mrzcpd
- tfe-env
- tfe
when: PROFILE_ID == '7400-MCN123-P01R01'
when: runtime_env == '7400mcn123'

9
ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01
View File

@@ -58,9 +58,14 @@
fail_msg: "error:{{ result_exec_obtain_keepalive_subnet.stderr }},stdout:{{ result_exec_obtain_keepalive_subnet.stdout_lines }}"
success_msg: "{{ result_exec_obtain_keepalive_subnet.stdout_lines[0] }}"
- name: "tsg-os-provision: Set fact for field keepalive_subnet_ip"
- name: "set cm_policy_server_ip and cm_policy_server_port"
set_fact:
keepalive_subnet_ip: "{{ result_exec_obtain_keepalive_subnet.stdout_lines[0] }}"
cm_policy_server_ip: "{{cm.policy_server.address}}"
cm_policy_server_port: "{{ cm.policy_server.port }}"
- name: "tsg-os-provision: Set fact for field gdev_conf_keep_alive_ip"
set_fact:
gdev_conf_keep_alive_ip: "10.252.{{ result_exec_obtain_keepalive_subnet.stdout_lines[0] }}.1"
- name: "tsg-os-provision: Template the conflist.inf"
template:

30
ansible/roles/tsg-os-provision/tasks/main.yml
View File

@@ -38,63 +38,63 @@
src: "{{ role_path }}/files/tasks/provision.yml.9000NPBP01R01"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'
- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg7400 mcn0"
copy:
src: "{{ role_path }}/files/tasks/provision.yml.7400MCN0P01R01"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: PROFILE_ID == '7400-MCN0-P01R01'
when: runtime_env == '7400mcn0'
- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg7400 mcn1 mcn2 mcn3"
copy:
src: "{{ role_path }}/files/tasks/provision.yml.7400MCN123P01R01"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: PROFILE_ID == '7400-MCN123-P01R01'
when: runtime_env == '7400mcn123'
- name: "tsg-os-provision: copy provision.yml.sample file to dest - tsg9140"
copy:
src: "{{ role_path }}/files/config_sample/provision.yml.sample.9000NPBP01R01"
dest: /opt/tsg/tsg-os-provision/provision.yml.sample
mode: 0644
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'
- name: "tsg-os-provision: copy provision.default.yml - tsg7400 mcn0"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.7400MCN0P01R01"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: PROFILE_ID == '7400-MCN0-P01R01'
when: runtime_env == '7400mcn0'
- name: "tsg-os-provision: copy provision.default.yml - tsg7400 mcn123"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.7400MCN123P01R01"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: PROFILE_ID == '7400-MCN123-P01R01'
when: runtime_env == '7400mcn123'
- name: "tsg-os-provision: copy provision.default.yml - tsg9140"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.9000NPBP01R01"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'
- name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0"
copy:
src: "{{ role_path }}/files/config_sample/provision.yml.sample.7400MCN0P01R01"
dest: /opt/tsg/tsg-os-provision/provision.yml.sample
mode: 0644
when: PROFILE_ID == '7400-MCN0-P01R01'
when: runtime_env == '7400mcn0'
- name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn1 mcn2 mcn3"
copy:
src: "{{ role_path }}/files/config_sample/provision.yml.sample.7400MCN123P01R01"
dest: /opt/tsg/tsg-os-provision/provision.yml.sample
mode: 0644
when: PROFILE_ID == '7400-MCN123-P01R01'
when: runtime_env == '7400mcn123'
- name: "tsg-os-provision: copy provision.sh file to dest"
@@ -113,7 +113,7 @@
mode: 0644
with_items:
- { "src": tsg-os-provision.service.TSG7400, "dest": tsg-os-provision.service }
when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01'
when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123'
- name: "replace action: replace service WantedBy from multi-user.target to workload.target --TSG7400"
replace:
@@ -122,7 +122,7 @@
replace: 'RequiredBy=workload.target'
with_items:
- /usr/lib/systemd/system/tsg-os-provision.service
when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01'
when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123'
- name: "tsg-os-provision: enable tsg-os-provison -- TSG7400"
systemd:
@@ -130,7 +130,7 @@
enabled: yes
with_items:
- tsg-os-provision
when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01'
when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123'
- name: "install tsg-os-provision.service -- TSG9140"
copy:
@@ -139,13 +139,13 @@
mode: 0644
with_items:
- { "src": tsg-os-provision.service.TSG9140, "dest": tsg-os-provision.service }
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'
- name: "replace action: add service into sysinit.target --TSG9140"
shell: ln -vfs --relative /usr/lib/systemd/system/{{item}} /usr/lib/systemd/system/sysinit.target.wants/{{item}}
with_items:
- tsg-os-provision.service
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'
- name: "tsg-os-provision: copy tsg-start.sh to dest - tsg9140"
@@ -153,7 +153,7 @@
src: "{{ role_path }}/files/script/provision-config-apply"
dest: /opt/tsg/tsg-os-provision/
mode: 0755
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'
#- name: "tsg-os-provision: install yaml module using pip3"
# pip:

10
ansible/roles/tsg_app/tasks/main.yml
View File

@@ -1,11 +1,3 @@
---
- name: "install tsg_app packages"
yum:
name: "{{ tsg_app_rpm_version.app_sketch_local }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "Install app_sketch_local that is sapp plugins"
shell: rpm -i /tmp/rpm_download/{{ tsg_app_rpm_version.app_sketch_local }}* --prefix {{ sapp.prefix_path }}
shell: rpm -i /tmp/rpm_download/{{ tsg_app_rpm_version.app_sketch_local }}* --prefix {{ prefix_path.sapp }}

11
ansible/roles/tsg_master/tasks/main.yml
View File

@@ -1,11 +1,2 @@
- name: "install tsg_master from localhost"
yum:
name:
- "{{ tsg_master_rpm_version.tsg_master }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
- name: "Install tsg_master that is sapp plugins"
shell: rpm -i /tmp/rpm_download/{{ tsg_master_rpm_version.tsg_master }}* --prefix {{ sapp.prefix_path }}
shell: rpm -i /tmp/rpm_download/{{ tsg_master_rpm_version.tsg_master }}* --prefix {{ prefix_path.sapp }}

4
ansible/roles/tsg_sn/tasks/main.yml
View File

@@ -7,11 +7,11 @@
with_items:
- { "src": "obtain_sn.sh.TSG7400", "dest": "obtain_sn.sh" }
- { "src": "cmm_api_tst", "dest": "cmm_api_tst" }
when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01'
when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123'
- name: "deploy obtain sn - tsg-9140"
copy:
src: "{{ role_path }}/files/obtain_sn.sh.TSG9140"
dest: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
mode: 0755
when: PROFILE_ID == '9000-NPB-P01R01'
when: runtime_env == '9140'

11
ansible/roles/wannat_common/tasks/main.yml
View File

@@ -9,19 +9,10 @@
name:
- /tmp/nanomsg-1.1.5-6.el7.x86_64.rpm
state: present
- name: "download wannat wannat_common library"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ wannat_wangw_rpm_version }}"
- name: "Install wannat_common library"
shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }}
with_items:
- { "rpm_version": "{{ wannat_wangw_rpm_version.libwannat_common }}", "prefix": "{{ framework.prefix_path }}" }
- { "rpm_version": "{{ wannat_wangw_rpm_version.libwannat_common }}", "prefix": "{{ prefix_path.framework }}" }

11
ansible/roles/wannat_wangw/tasks/main.yml
View File

@@ -1,17 +1,8 @@
---
- name: "install wannat wangw plug packages"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ wannat_wangw_rpm_version }}"
- name: "Install wangw plugins"
shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }}
with_items:
- { "rpm_version": "{{ wannat_wangw_rpm_version.libwangw }}", "prefix": "{{ sapp.prefix_path }}" }
- { "rpm_version": "{{ wannat_wangw_rpm_version.libwangw }}", "prefix": "{{ prefix_path.sapp }}" }
- name: "Template the etc/wannat/wangw.conf"
template:

6
ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
View File

@@ -8,7 +8,7 @@ NAT_GW_tunnel_mode=vxlan
{% raw %}recvfrom_NATGW_bind_first_port={{ wannat.wan_gateway_listen_port_range_left_edge }}
{% endraw %}
#NAT GW的内部互联网卡名称
NAT_GW_tunnel_device={{ wannat_wangw.wangw_conf.main.NAT_GW_tunnel_device }}
NAT_GW_tunnel_device={{ control_and_policy.nic_name }}
#DNAT首包发送给NATGW时, 对端的监听端口
{% raw %}NAT_GW_tunnel_port={{ wannat.nat_gateway_listen_port }}
@@ -69,8 +69,8 @@ json_cfg_file=./etc/wannat/gtest.json
inc_dir=./redis_dump/
full_dir=./redis_dump/
redis_server_ip={{ cm_policy_server_ip }}
redis_server_port={{ cm_policy_server_port }}
redis_server_ip={% raw %}{{ cm_policy_server_ip }}{% endraw %}
redis_server_port={% raw %}{{ cm_policy_server_port }}{% endraw %}
{% raw %}REDIS_PORT_NUM={{ cm.policy_server.port_num }}
redis_index={{ cm.policy_server.db_static }}
{% endraw %}

13
ansible/roles/wire_graft/tasks/main.yml
View File

@@ -1,18 +1,9 @@
---
- name: "install wire_graft plug packages"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: /tmp/rpm_download/
with_dict: "{{ wire_graft_rpm_version }}"
- name: "Install wire_graft that is sapp plugins"
shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }}
with_items:
- { "rpm_version": "{{ wire_graft_rpm_version.wire_graft }}", "prefix": "{{ sapp.prefix_path }}" }
- { "rpm_version": "{{ wire_graft_rpm_version.libwire_graft }}", "prefix": "{{ framework.prefix_path }}" }
- { "rpm_version": "{{ wire_graft_rpm_version.wire_graft }}", "prefix": "{{ prefix_path.sapp }}" }
- { "rpm_version": "{{ wire_graft_rpm_version.libwire_graft }}", "prefix": "{{ prefix_path.framework }}" }
- name: "Template the etc/wire_graft/wire_graft.conf"
template:

2
ansible/roles/wire_graft/templates/wire_graft.conf.j2.j2
View File

@@ -16,7 +16,7 @@ at_least_total_byte=10
stream_project_tag_enable=1
#用于标识本机ip使用哪块网卡,可能是管理口,可能是其他业务口
identification_by_which_device={{ wire_graft.wire_graft_conf.main.identification_by_which_device}}
identification_by_which_device={{ control_and_policy.nic_name }}
#mirror镜像模式下, 从MAC地址获取链路信息
### note, for example, dst mac is 01:12:34:56:78:90, src src is 02:AA:BB:CC:DD:EE:FF,

7
ansible/stage_one_deploy.yml
View File

@@ -1,3 +1,10 @@
- hosts: all
remote_user: root
vars_files:
- install_config/group_vars/rpm_version.yml
roles:
- {role: rpm_packages_download, tags: rpm_packages_download}
- hosts: 7400-MCN0-P01R01
remote_user: root
vars_files: