From 3ba9652efa22142e718c15e727832c7716e28caf Mon Sep 17 00:00:00 2001 From: fumingwei Date: Thu, 28 Oct 2021 11:26:21 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=E5=B0=86os=20stage1=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E7=94=B1=E5=8E=9F=E6=9D=A5=E7=9A=84=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E9=A1=B9=E4=BD=8D=E7=BD=AE=E5=91=BD=E5=90=8D=E6=96=B9?= =?UTF-8?q?=E5=BC=8F=E6=8A=BD=E8=B1=A1=E4=B8=BAHAL=E5=91=BD=E5=90=8D?= =?UTF-8?q?=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../group_vars/stage_one_7400MCN0P01R01.yml | 121 ++++++--------- .../group_vars/stage_one_7400MCN123P01R01.yml | 67 +++++---- .../group_vars/stage_one_9000NPBP01R01.yml | 139 ++++++------------ ansible/roles/certstore/tasks/main.yml | 8 +- .../certstore/templates/cert_store.ini.j2.j2 | 4 +- ansible/roles/exporter/tasks/main.yml | 14 +- ansible/roles/firewall/tasks/main.yml | 11 +- .../roles/firewall/templates/maat.conf.j2.j2 | 16 +- .../roles/firewall/templates/main.conf.j2.j2 | 9 +- ansible/roles/framework/tasks/main.yml | 11 +- ansible/roles/http_healthcheck/tasks/main.yml | 10 +- ansible/roles/kni/tasks/main.yml | 10 +- ansible/roles/kni/templates/kni.conf.j2 | 41 +++++- ansible/roles/mrzcpd/tasks/main.yml | 18 +-- .../mrglobal.conf.j2.7400MCN123P01R01 | 6 +- .../mrglobal.conf.j2.j2.7400MCN0P01R01 | 21 +-- .../mrglobal.conf.j2.j2.9000NPBP01R01 | 15 +- ansible/roles/mrzcpd/templates/mrzcpd.j2 | 7 +- .../rpm_packages_download/tasks/main.yml | 123 ++++++++++++++++ ansible/roles/sapp/tasks/main.yml | 25 +--- ansible/roles/sapp/templates/gdev.conf.j2.j2 | 6 +- ansible/roles/sapp/templates/sapp.toml.j2.j2 | 34 ++++- .../roles/sapp/templates/send_raw_pkt.conf.j2 | 4 +- ansible/roles/tfe/tasks/main.yml | 8 +- ansible/roles/tfe/templates/future.conf.j2 | 4 +- .../roles/tfe/templates/pangu_pxy.conf.j2.j2 | 4 +- ansible/roles/tfe/templates/tfe-env-config.j2 | 4 +- ansible/roles/tfe/templates/tfe.conf.j2.j2 | 40 +++-- ansible/roles/tsg-diagnose/tasks/main.yml | 8 +- .../templates/docker-compose.yml.j2 | 4 +- .../tsg-exporter-proxy-9140/tasks/main.yml | 2 +- .../tsg-os-provision-condition/tasks/main.yml | 6 +- .../files/tasks/provision.yml.9000NPBP01R01 | 9 +- ansible/roles/tsg-os-provision/tasks/main.yml | 30 ++-- ansible/roles/tsg_app/tasks/main.yml | 10 +- ansible/roles/tsg_master/tasks/main.yml | 11 +- ansible/roles/tsg_sn/tasks/main.yml | 4 +- ansible/roles/wannat_common/tasks/main.yml | 11 +- ansible/roles/wannat_wangw/tasks/main.yml | 11 +- .../wannat_wangw/templates/wangw.conf.j2.j2 | 6 +- ansible/roles/wire_graft/tasks/main.yml | 13 +- .../templates/wire_graft.conf.j2.j2 | 2 +- ansible/stage_one_deploy.yml | 7 + 43 files changed, 462 insertions(+), 452 deletions(-) create mode 100644 ansible/roles/rpm_packages_download/tasks/main.yml diff --git a/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml b/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml index ee7f0b6b..bfc527a5 100644 --- a/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml +++ b/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml @@ -1,85 +1,58 @@ # TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-7400 硬件平台 # variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "." 和 -firewall: - capture_packet_plug_conf: - LOG: - NIC_NAME: eth_ctl - main_conf: - TSG_LOG: - NIC_NAME: eth_ctl - SYSTEM: - NIC_NAME: eth_ctl +control_and_policy: + nic_name: eth_ctl -kni: - kni_conf: - global: - tfe_node_count: 3 - manage_eth: eth_ctl - tfe_node_list: - - node_id: 0 - dev_eth_symbol: eth_mcn1 - ip_addr: 192.168.100.2 - - node_id: 1 - dev_eth_symbol: eth_mcn2 - ip_addr: 192.168.100.3 - - node_id: 2 - dev_eth_symbol: eth_mcn3 - ip_addr: 192.168.100.4 - tfe_cmsg_receiver: - listen_eth: eth_pf.100 - watch_dog: - listen_eth: eth_pf.100 +workload_zcpd: + cpu_affinity: 52,53,54,55 + hugepage_num_1G: 32 -mrzcpd: - mrglobal_conf: - device: - nic_raw: eth_raw - nic_mcn1: eth_mcn1 - nic_mcn2: eth_mcn2 - nic_mcn3: eth_mcn3 - service: - iocore: 52,53,54,55 - prefix_path: /opt/tsg/mrzcpd +workload_firewall: + cpu_affinity: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 + worker_threads: 42 + send_only_threads_max: 1 -sapp: - gdev_conf: - Module: - pcapdevice: eth_raw - sendto_gdev_card: eth_raw - sendto_gdev_ip: '{% raw %}{{ gdev_conf_keep_alive_ip }}{% endraw %}' - sapp_toml: - CPU: - worker_threads: 42 - send_only_threads_max: 1 - bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 - PACKET_IO: - packet_io_internal_interface: - name: eth_raw - overlay_tunnel_definition: - overlay_mode: '{% raw %}{{ sapp_overlay_mode }}{% endraw %}' - send_raw_pkt_conf: - nic_name: eth_raw - prefix_path: /opt/tsg/sapp +dp_steering_proxy: + ###### location: value {local, foreign} + location: foreign + node_count: 3 + node_list: + - id: 0 + nic_name: eth_mcn1 + addr: 192.168.100.2 + - id: 1 + nic_name: eth_mcn2 + addr: 192.168.100.3 + - id: 2 + nic_name: eth_mcn3 + addr: 192.168.100.4 + nic_cmsg_and_watchdog: eth_pf.100 -tsg_diagnose: - docker_compose_yml: - virtual_server_nic: eth_dign_s - virtual_client_nic: eth_dign_c +dp_traffic_mirror: + nic_name: eth_mirr_d -cm_policy_server_ip: '{% raw %}{{ cm_policy_server_ip }}{% endraw %}' -cm_policy_server_port: '{% raw %}{{ cm_policy_server_port }}{% endraw %}' +dp_steering_firewall: + #deloyment value: mirror,inline, transparent. mirror = one arm + mirror, inline = one arm + series, transparent = two arm + series + deployment: inline + #encapsulation value: vlan, vxlan, raw, provision + encapsulation: provision + # capture_packet value: pcap, driver + capture_packet: driver + nic_internal: eth_raw + enable_mirror: 1 -wannat_wangw: - wangw_conf: - main: - NAT_GW_tunnel_device: eth_ctl - +diagnose: + virtual_server_nic: eth_vf_dign_s + virtual_client_nic: eth_vf_dign_c -wire_graft: - wire_graft_conf: - main: - identification_by_which_device: eth_ctl +prefix_path: + mrzcpd: /opt/tsg/mrzcpd + framework: /opt/tsg/framework + sapp: /opt/tsg/sapp -framework: - prefix_path: /opt/tsg/framework +monitor: + enable_redis_exporter: 1 + enable_ipmi_exporter: 1 +### server, 7400mcn0 7400mcn123 9140 +runtime_env: 7400mcn0 \ No newline at end of file diff --git a/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml b/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml index e2fded54..aae063e9 100644 --- a/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml +++ b/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml @@ -1,38 +1,41 @@ # TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-7400 硬件平台 # variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "." 和 -mrzcpd: - mrglobal_conf: - device: - nic_mirr: eth_mirr_d - service: - iocore: 53,54 - prefix_path: /opt/tsg/mrzcpd +control_and_policy: + nic_name: eth_ctl -tfe: - tfe_env_config: - TFE_DEVICE_DATA_INCOMING: eth_pxy - TFE_PEER_MAC_DATA_INCOMING: aa:bb:cc:dd:ee:ff - tfe_conf: - system: - nr_worker_threads: 32 - enable_cpu_affinity: 0 - kni: - ip: 192.168.100.1 - ssl: - mc_cache_eth: eth_ctl - key_keeper: - cert_store_host: 192.168.100.1 - kafka: - NIC_NAME: eth_ctl - traffic_mirror: - enable: 1 - device: eth_mirr_d - type: 1 - default_vlan_id_for_mac: 0 +workload_zcpd: + cpu_affinity: 53,54 + hugepage_num_1G: 32 -cm_policy_server_ip: '{% raw %}{{ cm_policy_server_ip }}{% endraw %}' -cm_policy_server_port: '{% raw %}{{ cm_policy_server_port }}{% endraw %}' +dp_traffic_mirror: + nic_name: eth_mirr_d -framework: - prefix_path: /opt/tsg/framework +prefix_path: + mrzcpd: /opt/tsg/mrzcpd + framework: /opt/tsg/framework + +dp_steering_proxy: + ###### location: value {local, foreign} + location: local + node_list: + - nic_name: eth_vf_kni + +dp_proxy: + nic_name_data_incoming: eth_pxy + mac_addr_data_incoming: aa:bb:cc:dd:ee:ff + enable_cpu_affinity: 0 + cpu_affinity: 1-8 + worker_thread: 32 + enable_traffic_mirror: 1 + traffic_mirror_type: 1 + traffic_mirror_vlan_id: 0 + +dp_certstore: + location: local + +monitor: + enable_redis_exporter: 0 + enable_ipmi_exporter: 1 + +runtime_env: 7400mcn123 \ No newline at end of file diff --git a/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml b/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml index 98cebb45..47e38acc 100644 --- a/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml +++ b/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml @@ -1,100 +1,59 @@ # TOD: TSG-6386 调整 TSG-OS 中的脚本, 适配 TSG-9140 硬件平台 # variable format {role_name}.{configname}.{section}.{var} configname 用 "_" 替代 "." -firewall: - capture_packet_plug_conf: - LOG: - NIC_NAME: eth_vf_ctl - main_conf: - TSG_LOG: - NIC_NAME: eth_vf_ctl - SYSTEM: - NIC_NAME: eth_vf_ctl +control_and_policy: + nic_name: eth_vf_ctl -kni: - kni_conf: - global: - tfe_node_count: 1 - manage_eth: eth_vf_ctl - tfe_node_list: - - node_id: 0 - dev_eth_symbol: eth_vf_kni - ip_addr: 127.0.0.1 - tfe_cmsg_receiver: - listen_eth: lo - watch_dog: - listen_eth: lo +workload_zcpd: + cpu_affinity: 1,2,3,4 + hugepage_num_1G: 16 -mrzcpd: - mrglobal_conf: - device: - nic_raw: eth_vf_raw - nic_to_tfe: eth_vf_kni - nic_mirr: eth_vf_mirr - service: - iocore: 1,2,3,4 - prefix_path: /opt/tsg/mrzcpd +dp_traffic_mirror: + nic_name: eth_vf_mirr -sapp: - gdev_conf: - Module: - pcapdevice: eth_vf_raw - sendto_gdev_card: eth_vf_raw - sendto_gdev_ip: '{% raw %}10.252.{{ keepalive_subnet_ip }}.1{% endraw %}' - sapp_toml: - CPU: - worker_threads: 43 - send_only_threads_max: 0 - bind_mask: 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47 - PACKET_IO: - packet_io_internal_interface: - name: eth_vf_raw - overlay_tunnel_definition: - overlay_mode: vxlan - send_raw_pkt_conf: - nic_name: eth_vf_raw - prefix_path: /opt/tsg/sapp +workload_firewall: + cpu_affinity: 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47 + worker_threads: 43 + send_only_threads_max: 0 +dp_steering_firewall: + deployment: inline + encapsulation: vxlan + capture_packet: driver + nic_internal: eth_vf_raw + enable_mirror: 1 + +diagnose: + virtual_server_nic: eth_vf_dign_s + virtual_client_nic: eth_vf_dign_c + +prefix_path: + mrzcpd: /opt/tsg/mrzcpd + framework: /opt/tsg/framework + sapp: /opt/tsg/sapp + +dp_steering_proxy: + ###### location: value {local, foreign} + location: local + node_list: + - nic_name: eth_vf_kni + +dp_proxy: + nic_name_data_incoming: eth_vf_tfe + mac_addr_data_incoming: 00:0e:c6:d6:72:c1 + enable_cpu_affinity: 1 + cpu_affinity: 48-55 + worker_thread: 7 + enable_traffic_mirror: 1 + traffic_mirror_type: 1 + traffic_mirror_vlan_id: 1025 + +dp_certstore: + location: local # “default_vlan_id_for_mac” needs to be modified according to the vlan plan of the device -tfe: - tfe_env_config: - TFE_DEVICE_DATA_INCOMING: eth_vf_tfe - TFE_PEER_MAC_DATA_INCOMING: 00:0e:c6:d6:72:c1 - tfe_conf: - system: - nr_worker_threads: 7 - enable_cpu_affinity: 1 - kni: - ip: 127.0.0.1 - ssl: - mc_cache_eth: eth_vf_ctl - key_keeper: - cert_store_host: 127.0.0.1 - kafka: - NIC_NAME: eth_vf_ctl - traffic_mirror: - enable: 1 - device: eth_vf_mirr - type: 1 - default_vlan_id_for_mac: 1025 -tsg_diagnose: - docker_compose_yml: - virtual_server_nic: eth_vf_dign_s - virtual_client_nic: eth_vf_dign_c +monitor: + enable_redis_exporter: 0 + enable_ipmi_exporter: 0 -cm_policy_server_ip: '{% raw %}{{ cm.policy_server.address }}{% endraw %}' -cm_policy_server_port: '{% raw %}{{ cm.policy_server.port }}{% endraw %}' - -wannat_wangw: - wangw_conf: - main: - NAT_GW_tunnel_device: eth_vf_ctl - -wire_graft: - wire_graft_conf: - main: - identification_by_which_device: eth_vf_ctl - -framework: - prefix_path: /opt/tsg/framework +runtime_env: 9140 \ No newline at end of file diff --git a/ansible/roles/certstore/tasks/main.yml b/ansible/roles/certstore/tasks/main.yml index c465f0c5..aeab5020 100644 --- a/ansible/roles/certstore/tasks/main.yml +++ b/ansible/roles/certstore/tasks/main.yml @@ -2,12 +2,8 @@ file: path=/opt/tsg state=directory tags: mkdir -- name: install certstore - yum: - name: - - "{{ certstore_rpm_version.certstore }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present +- name: "Install certstore" + shell: rpm -i /tmp/rpm_download/{{ certstore_rpm_version.certstore }}* - name: template certstore configure file template: diff --git a/ansible/roles/certstore/templates/cert_store.ini.j2.j2 b/ansible/roles/certstore/templates/cert_store.ini.j2.j2 index 760e4662..c04fef7d 100644 --- a/ansible/roles/certstore/templates/cert_store.ini.j2.j2 +++ b/ansible/roles/certstore/templates/cert_store.ini.j2.j2 @@ -69,8 +69,8 @@ port = 6379 [MAAT_REDIS] #Maat monitors the Redsi server IP address and port number -ip = {{ cm_policy_server_ip }} -port = {{ cm_policy_server_port }} +ip = {% raw %}{{ cm_policy_server_ip }}{% endraw %} +port = {% raw %}{{ cm_policy_server_port }}{% endraw %} {% raw %}dbindex = {{ cm.policy_server.db_static }} {% endraw %} [stat] diff --git a/ansible/roles/exporter/tasks/main.yml b/ansible/roles/exporter/tasks/main.yml index 5eb1a124..c54b2c93 100644 --- a/ansible/roles/exporter/tasks/main.yml +++ b/ansible/roles/exporter/tasks/main.yml @@ -26,14 +26,14 @@ src: '{{ role_path }}/files/redis_exporter' dest: /opt/tsg/exporter/redis_exporter mode: 0755 - when: PROFILE_ID == '7400-MCN0-P01R01' + when: monitor.enable_redis_exporter == 1 - name: "copy ipmi_exporter" copy: src: '{{ role_path }}/files/ipmi_exporter' dest: /opt/tsg/exporter/ipmi_exporter mode: 0755 - when: PROFILE_ID != '9000-NPB-P01R01' + when: monitor.enable_ipmi_exporter == 1 - name: "templates atca-exporter-node.service" template: @@ -52,7 +52,7 @@ src: "{{role_path}}/templates/exporter-ipmi.service.j2" dest: /usr/lib/systemd/system/exporter-ipmi.service tags: template - when: PROFILE_ID != '9000-NPB-P01R01' + when: monitor.enable_ipmi_exporter == 1 - name: "Create /usr/lib/systemd/system/exporter-node.service.d directory if it does not exist" file: @@ -77,7 +77,7 @@ mode: '0755' with_items: - /usr/lib/systemd/system/exporter-ipmi.service.d - when: PROFILE_ID != '9000-NPB-P01R01' + when: monitor.enable_ipmi_exporter == 1 - name: "copy slice file to exporter-node.service.d" copy: @@ -96,7 +96,7 @@ src: "{{ role_path }}/templates/service_override_slice.conf.j2" dest: /usr/lib/systemd/system/exporter-ipmi.service.d/service_override_slice.conf mode: 0644 - when: PROFILE_ID != '9000-NPB-P01R01' + when: monitor.enable_ipmi_exporter == 1 - name: "replace action: replace service WantedBy from multi-user.target to workload.target" replace: @@ -114,7 +114,7 @@ replace: 'WantedBy=workload.target' with_items: - /usr/lib/systemd/system/exporter-ipmi.service - when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01' + when: monitor.enable_ipmi_exporter == 1 ##################### exporter ##################### - name: 'exporter-node service start' @@ -131,4 +131,4 @@ systemd: name: exporter-ipmi enabled: yes - when: PROFILE_ID != '9000-NPB-P01R01' + when: monitor.enable_ipmi_exporter == 1 diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml index f6ac28a0..49854af8 100644 --- a/ansible/roles/firewall/tasks/main.yml +++ b/ansible/roles/firewall/tasks/main.yml @@ -1,15 +1,6 @@ --- -- name: "install firewall packages" - yum: - name: "{{ item.value }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - with_dict: "{{ firewall_rpm_version }}" - - name: "Install firwall that are sapp plugins" - shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ sapp.prefix_path }} + shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ prefix_path.sapp }} with_dict: "{{ firewall_rpm_version }}" - name: "Template the tsgconf/main.conf" diff --git a/ansible/roles/firewall/templates/maat.conf.j2.j2 b/ansible/roles/firewall/templates/maat.conf.j2.j2 index 9055dba9..6ade5aa5 100644 --- a/ansible/roles/firewall/templates/maat.conf.j2.j2 +++ b/ansible/roles/firewall/templates/maat.conf.j2.j2 @@ -6,8 +6,8 @@ PERF_SWITCH=1 TABLE_INFO=tsgconf/tsg_static_tableinfo.conf STAT_FILE=tsg_static_maat.status EFFECT_INTERVAL_S=1 -REDIS_IP={{ cm_policy_server_ip }} -REDIS_PORT={{ cm_policy_server_port }} +REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %} +REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %} {% raw %}REDIS_INDEX={{ cm.policy_server.db_static }} {% endraw %} JSON_CFG_FILE=tsgconf/tsg_maat.json @@ -23,8 +23,8 @@ PERF_SWITCH=1 TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf STAT_FILE=tsg_dynamic_maat.status EFFECT_INTERVAL_S=1 -REDIS_IP={{ cm_policy_server_ip }} -REDIS_PORT={{ cm_policy_server_port }} +REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %} +REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %} {% raw %}REDIS_INDEX={{ cm.policy_server.db_dynamic }} {% endraw %} JSON_CFG_FILE=tsgconf/tsg_maat.json @@ -39,8 +39,8 @@ PERF_SWITCH=1 TABLE_INFO=tsgconf/app_sketch_tableinfo.conf STAT_FILE=app_sketch_maat.status EFFECT_INTERVAL_S=1 -REDIS_IP={{ cm_policy_server_ip }} -REDIS_PORT={{ cm_policy_server_port }} +REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %} +REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %} {% raw %}REDIS_INDEX={{ cm.policy_server.db_static }} {% endraw %} JSON_CFG_FILE=tsgconf/app_sketch_maat.json @@ -55,8 +55,8 @@ PERF_SWITCH=1 TABLE_INFO=tsgconf/capture_packet_tableinfo.conf STAT_FILE=capture_packet.status EFFECT_INTERVAL_S=1 -REDIS_IP={{ cm_policy_server_ip }} -REDIS_PORT={{ cm_policy_server_port }} +REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %} +REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %} {% raw %}REDIS_INDEX={{ cm.policy_server.db_static }} {% endraw %} JSON_CFG_FILE=tsgconf/capture_packet_maat.json diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2 index 95898f20..88b473c0 100644 --- a/ansible/roles/firewall/templates/main.conf.j2.j2 +++ b/ansible/roles/firewall/templates/main.conf.j2.j2 @@ -39,7 +39,7 @@ IP_ADDR_TABLE="TSG_SECURITY_ADDR" [TSG_LOG] MODE=1 -NIC_NAME="{{ firewall.main_conf.TSG_LOG.NIC_NAME }}" +NIC_NAME="{{ control_and_policy.nic_name }}" MAX_SERVICE=1 LOG_LEVEL=30 LOG_PATH="./tsglog/tsglog" @@ -64,7 +64,7 @@ OUTPUT_PATH="./tsg_stat.log" APP_NAME="tsg_master" [SYSTEM] -NIC_NAME="{{ firewall.main_conf.SYSTEM.NIC_NAME }}" +NIC_NAME="{{ control_and_policy.nic_name }}" {% raw %}{% if data_center.id is defined %} DATACENTER_ID={{ data_center.id }} {% elif session_id_generator.snowflake_worker_id_base is defined %} @@ -144,13 +144,12 @@ icmp_flood_thresh="{{ ddossketch.icmp_flood_report_thresh }}" dns_flood_thresh="{{ ddossketch.dns_flood_report_thresh }}" {% endraw %} -{% if PROFILE_ID == '9000-NPB-P01R01' %} +{% if dp_steering_firewall.enable_mirror == 1 %} [TRAFFIC_MIRROR] TRAFFIC_MIRROR_ENABLE=1 -NIC_NAME=eth_vf_mirr +NIC_NAME={{ dp_traffic_mirror.nic_name }} DEFAULT_VLAN_ID=2 {% endif %} - [RADIUS_PLUG] {% raw %}{% set tags_list = [] %} {% if data_center.name is defined %} diff --git a/ansible/roles/framework/tasks/main.yml b/ansible/roles/framework/tasks/main.yml index dcc575db..60b9c14a 100644 --- a/ansible/roles/framework/tasks/main.yml +++ b/ansible/roles/framework/tasks/main.yml @@ -11,17 +11,8 @@ - rsyslog-kafka - librdkafka -- name: "install framework packages" - yum: - name: "{{ item.value }}" - state: present - conf_file: "{{ rpm_repo_config_path }}" - download_only: yes - download_dir: /tmp/rpm_download/ - with_dict: "{{ framework_rpm_version }}" - - name: "Install frameworks" - shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ framework.prefix_path }} + shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ prefix_path.framework }} with_dict: "{{ framework_rpm_version }}" - name: "mkdir /etc/ld.so.conf.d/" diff --git a/ansible/roles/http_healthcheck/tasks/main.yml b/ansible/roles/http_healthcheck/tasks/main.yml index db9b03ff..2f5994ab 100644 --- a/ansible/roles/http_healthcheck/tasks/main.yml +++ b/ansible/roles/http_healthcheck/tasks/main.yml @@ -1,10 +1,2 @@ -- name: "install http_healthcheck from localhost" - yum: - name: "{{ http_healthcheck_rpm_version.http_healthcheck }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - - name: "Install http_healthcheck that is sapp plugins" - shell: rpm -i /tmp/rpm_download/{{ http_healthcheck_rpm_version.http_healthcheck }}* --prefix {{ sapp.prefix_path }} \ No newline at end of file + shell: rpm -i /tmp/rpm_download/{{ http_healthcheck_rpm_version.http_healthcheck }}* --prefix {{ prefix_path.sapp }} \ No newline at end of file diff --git a/ansible/roles/kni/tasks/main.yml b/ansible/roles/kni/tasks/main.yml index 3e19cfb2..94db85ee 100644 --- a/ansible/roles/kni/tasks/main.yml +++ b/ansible/roles/kni/tasks/main.yml @@ -1,15 +1,7 @@ --- -- name: "install kni rpms from localhost" - yum: - name: - - "{{ kni_rpm_version.kni }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - name: "Install kni that is sapp plugin with prefix option" - shell: rpm -i /tmp/rpm_download/{{ kni_rpm_version.kni }}* --prefix {{ sapp.prefix_path }} + shell: rpm -i /tmp/rpm_download/{{ kni_rpm_version.kni }}* --prefix {{ prefix_path.sapp }} - name: Template the kni.conf template: diff --git a/ansible/roles/kni/templates/kni.conf.j2 b/ansible/roles/kni/templates/kni.conf.j2 index 32a62279..84170412 100644 --- a/ansible/roles/kni/templates/kni.conf.j2 +++ b/ansible/roles/kni/templates/kni.conf.j2 @@ -1,27 +1,52 @@ [global] log_path = ./log/kni/kni.log log_level = 30 -tfe_node_count = {{ kni.kni_conf.global.tfe_node_count }} -manage_eth = {{ kni.kni_conf.global.manage_eth }} +{% if dp_steering_proxy.location == 'local' %} +tfe_node_count = 1 +{% endif %} +{% if dp_steering_proxy.location == 'foreign' %} +tfe_node_count = {{ dp_steering_proxy.node_count }} +{% endif %} +manage_eth = {{ control_and_policy.nic_name }} deploy_mode = normal tun_name = tun_kni src_mac_addr = 00:0e:c6:d6:72:c1 dst_mac_addr = fe:65:b7:03:50:bd -{% for tfe_node_info in kni.kni_conf.tfe_node_list %} -[tfe{{ tfe_node_info.node_id }}] +{% for tfe_node_info in dp_steering_proxy.node_list %} +{% if dp_steering_proxy.location == 'local' %} +[tfe0] +{% endif %} +{% if dp_steering_proxy.location == 'foreign' %} +[tfe{{ tfe_node_info.id }}] +{% endif %} enabled = 1 -dev_eth_symbol = {{ tfe_node_info.dev_eth_symbol }} -ip_addr = {{ tfe_node_info.ip_addr }} +dev_eth_symbol = {{ tfe_node_info.nic_name }} +{% if dp_steering_proxy.location == 'local' %} +ip_addr = 127.0.0.1 +{% endif %} +{% if dp_steering_proxy.location == 'foreign' %} +ip_addr = {{ tfe_node_info.addr }} +{% endif %} {% endfor %} [tfe_cmsg_receiver] -listen_eth = {{ kni.kni_conf.tfe_cmsg_receiver.listen_eth }} +{% if dp_steering_proxy.location == 'local' %} +listen_eth = lo +{% endif %} +{% if dp_steering_proxy.location == 'foreign' %} +listen_eth = {{ dp_steering_proxy.nic_cmsg_and_watchdog }} +{% endif %} listen_port = 2475 [watch_dog] switch = 1 -listen_eth = {{ kni.kni_conf.watch_dog.listen_eth }} +{% if dp_steering_proxy.location == 'local' %} +listen_eth = lo +{% endif %} +{% if dp_steering_proxy.location == 'foreign' %} +listen_eth = {{ dp_steering_proxy.nic_cmsg_and_watchdog }} +{% endif %} listen_port = 2476 keepalive_idle = 2 keepalive_intvl = 1 diff --git a/ansible/roles/mrzcpd/tasks/main.yml b/ansible/roles/mrzcpd/tasks/main.yml index 0a179191..3abc70f8 100644 --- a/ansible/roles/mrzcpd/tasks/main.yml +++ b/ansible/roles/mrzcpd/tasks/main.yml @@ -1,14 +1,6 @@ --- -- name: "download mrzcpd rpm into local /tmp/rpm_download" - yum: - name: "{{ mrzcpd_rpm_version.mrzcpd }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - - name: "Install mrzcpd rpm package" - shell: rpm -i /tmp/rpm_download/{{ mrzcpd_rpm_version.mrzcpd }}* --prefix {{ mrzcpd.prefix_path }} + shell: rpm -i /tmp/rpm_download/{{ mrzcpd_rpm_version.mrzcpd }}* --prefix {{ prefix_path.mrzcpd }} - name: "update /etc/ld.so.conf.d/mrzcpd.conf" template: @@ -24,7 +16,7 @@ replace: path: "{{ item }}" regexp: '/opt/mrzcpd' - replace: '{{ mrzcpd.prefix_path }}' + replace: '{{ prefix_path.mrzcpd }}' with_items: - /etc/profile.d/mrzcpd.sh - /opt/tsg/mrzcpd/lib/pkgconfig/mrzcpd.pc @@ -62,21 +54,21 @@ src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.9000NPBP01R01" dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2 when: - - PROFILE_ID == '9000-NPB-P01R01' + - runtime_env == '9140' - name: "update mrglobal.conf - TSG7400 - mcn0" template: src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.7400MCN0P01R01" dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2 when: - - PROFILE_ID == '7400-MCN0-P01R01' + - runtime_env == '7400mcn0' - name: "update mrglobal.conf - TSG7400 - mcn1 mcn2 mcn3" template: src: "{{ role_path }}/templates/mrglobal.conf.j2.7400MCN123P01R01" dest: /opt/tsg/mrzcpd/etc/mrglobal.conf when: - - PROFILE_ID == '7400-MCN123-P01R01' + - runtime_env == '7400mcn123' - name: "replace action: replace service WantedBy from multi-user.target to workload.target" replace: diff --git a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.7400MCN123P01R01 b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.7400MCN123P01R01 index 4f4ef07b..e5d4ed06 100644 --- a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.7400MCN123P01R01 +++ b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.7400MCN123P01R01 @@ -1,14 +1,14 @@ [device] -device={{ mrzcpd.mrglobal_conf.device.nic_mirr }} +device={{ dp_traffic_mirror.nic_name }} sz_tunnel=8192 sz_buffer=0 -[device:{{ mrzcpd.mrglobal_conf.device.nic_mirr }}] +[device:{{ dp_traffic_mirror.nic_name }}] promisc=0 rssmode=0 [service] -iocore={{ mrzcpd.mrglobal_conf.service.iocore }} +iocore={{ workload_zcpd.cpu_affinity }} [eal] virtaddr=0x7d0000000000 diff --git a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.7400MCN0P01R01 b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.7400MCN0P01R01 index 4a788280..1d55a91e 100644 --- a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.7400MCN0P01R01 +++ b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.7400MCN0P01R01 @@ -1,9 +1,11 @@ [device] -device={{ mrzcpd.mrglobal_conf.device.nic_raw }},{{ mrzcpd.mrglobal_conf.device.nic_mcn1 }},{{ mrzcpd.mrglobal_conf.device.nic_mcn2 }},{{ mrzcpd.mrglobal_conf.device.nic_mcn3 }} +{% set steeering_to_proxy_nic_list = [] %} +{% for node_info in dp_steering_proxy.node_list %}{{ steeering_to_proxy_nic_list.append(node_info.nic_name) }}{% endfor %} +device={{ dp_steering_firewall.nic_internal }},{{ steeering_to_proxy_nic_list | join(",") }} sz_tunnel=8192 sz_buffer=0 -[device:{{ mrzcpd.mrglobal_conf.device.nic_raw }}] +[device:{{ dp_steering_firewall.nic_internal }}] {% raw %}{% if npb_device == 'inline_device' %} in_addr={{inline_device_settings.keepalive.ip}} in_mask={{inline_device_settings.keepalive.mask}} @@ -25,24 +27,17 @@ promisc=1 allmulticast=1 rssmode=0 -[device:{{ mrzcpd.mrglobal_conf.device.nic_mcn1 }}] +{% for node_info in dp_steering_proxy.node_list %} +[device:{{ node_info.nic_name }}] promisc=1 allmulticast=1 rssmode=0 -[device:{{ mrzcpd.mrglobal_conf.device.nic_mcn2 }}] -promisc=1 -allmulticast=1 -rssmode=0 - -[device:{{ mrzcpd.mrglobal_conf.device.nic_mcn3 }}] -promisc=1 -allmulticast=1 -rssmode=0 +{% endfor %} [service] # lcore id for i/o service, use comma to split -iocore={{ mrzcpd.mrglobal_conf.service.iocore }} +iocore={{ workload_zcpd.cpu_affinity }} {% raw %}{% if session_distribution_policy.hash_key == 'outer-most-sip-dip' %} distmode=0 {% endif %} diff --git a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01 b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01 index 67bc0db0..0a5945d1 100644 --- a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01 +++ b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01 @@ -1,9 +1,11 @@ [device] -device={{ mrzcpd.mrglobal_conf.device.nic_raw }},{{ mrzcpd.mrglobal_conf.device.nic_to_tfe }},{{ mrzcpd.mrglobal_conf.device.nic_mirr }} +{% set steeering_to_proxy_nic_list = [] %} +{% for node_info in dp_steering_proxy.node_list %}{{ steeering_to_proxy_nic_list.append(node_info.nic_name) }}{% endfor %} +device={{ dp_steering_firewall.nic_internal }},{{ steeering_to_proxy_nic_list | join(",") }} sz_tunnel=8192 sz_buffer=0 -[device:{{ mrzcpd.mrglobal_conf.device.nic_raw }}] +[device:{{ dp_steering_firewall.nic_internal }}] mtu=4096 clear_tx_flags=1 hw_strip_crc=1 @@ -13,7 +15,8 @@ vlan-strip=1 in_mask=255.255.0.0 rssmode=2 -[device:{{ mrzcpd.mrglobal_conf.device.nic_to_tfe }}] +{% for node_info in dp_steering_proxy.node_list %} +[device:{{ node_info.nic_name }}] mtu=4096 clear_tx_flags=1 vlan-filter=1 @@ -26,7 +29,9 @@ sz_tunnel=8192 sz_buffer=0 rssmode=2 -[device:{{ mrzcpd.mrglobal_conf.device.nic_mirr }}] +{% endfor %} + +[device:{{ dp_traffic_mirror.nic_name }}] mtu=2048 hw_strip_crc=1 rssmode=2 @@ -34,7 +39,7 @@ vlan-strip=1 [service] # lcore id for i/o service, use comma to split -iocore={{ mrzcpd.mrglobal_conf.service.iocore }} +iocore={{ workload_zcpd.cpu_affinity }} {% raw %}{% if session_distribution_policy.hash_key == 'outer-most-sip-dip' %} distmode=0 {% endif %} diff --git a/ansible/roles/mrzcpd/templates/mrzcpd.j2 b/ansible/roles/mrzcpd/templates/mrzcpd.j2 index 713eb3b8..c1dbfad2 100644 --- a/ansible/roles/mrzcpd/templates/mrzcpd.j2 +++ b/ansible/roles/mrzcpd/templates/mrzcpd.j2 @@ -1,8 +1,3 @@ MRZCPD_ROOT=/opt/tsg/mrzcpd -{% if PROFILE_ID == '9000-NPB-P01R01' %} -HUGEPAGE_NUM_1G=16 -{% endif %} -{% if PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01' %} -HUGEPAGE_NUM_1G=32 -{% endif %} +HUGEPAGE_NUM_1G={{ workload_zcpd.hugepage_num_1G }} DEFAULT_UIO_MODULE="vfio_pci" \ No newline at end of file diff --git a/ansible/roles/rpm_packages_download/tasks/main.yml b/ansible/roles/rpm_packages_download/tasks/main.yml new file mode 100644 index 00000000..e3ae557c --- /dev/null +++ b/ansible/roles/rpm_packages_download/tasks/main.yml @@ -0,0 +1,123 @@ +--- +- name: "download rpm packages: certstore" + yum: + name: + - "{{ certstore_rpm_version.certstore }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + +- name: "download rpm packages: firewall" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + with_dict: "{{ firewall_rpm_version }}" + +- name: "uninstall rsyslog-kafka and librdkafka" + yum: + name: "{{ item }}" + state: absent + with_items: + - rsyslog-kafka + - librdkafka + +- name: "download rpm packages: framework" + yum: + name: "{{ item.value }}" + state: present + conf_file: "{{ rpm_repo_config_path }}" + download_only: yes + download_dir: /tmp/rpm_download/ + with_dict: "{{ framework_rpm_version }}" + +- name: "download rpm packages: kni" + yum: + name: + - "{{ kni_rpm_version.kni }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + +- name: "download rpm packages: mrzcpd" + yum: + name: "{{ mrzcpd_rpm_version.mrzcpd }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + +- name: "download rpm packages: sapp and tcpdump_mesa" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + with_dict: "{{ sapp_rpm_version }}" + +- name: "download rpm packages: tfe" + yum: + name: + - "{{ tfe_rpm_version.tfe }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + +- name: "download rpm packages: app_skecth_local" + yum: + name: "{{ tsg_app_rpm_version.app_sketch_local }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + + +- name: "install tsg_master from localhost" + yum: + name: + - "{{ tsg_master_rpm_version.tsg_master }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + +- name: "Install tsg-diagnose rpm package" + yum: + name: + - "{{ tsg_diagnose_rpm_version.tsg_diagnose }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + +- name: "install http_healthcheck from localhost" + yum: + name: "{{ http_healthcheck_rpm_version.http_healthcheck }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + +- name: "install wannat wangw plug packages" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + with_dict: "{{ wannat_wangw_rpm_version }}" + +- name: "install wire_graft plug packages" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: /tmp/rpm_download/ + with_dict: "{{ wire_graft_rpm_version }}" diff --git a/ansible/roles/sapp/tasks/main.yml b/ansible/roles/sapp/tasks/main.yml index 74003372..4f1e2f62 100644 --- a/ansible/roles/sapp/tasks/main.yml +++ b/ansible/roles/sapp/tasks/main.yml @@ -9,20 +9,11 @@ - /opt/tsg/sapp - /opt/tsg/framework -- name: "download sapp and tcpdump_mesa rpms from localhost" - yum: - name: "{{ item.value }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - with_dict: "{{ sapp_rpm_version }}" - - name: "Install sapp and tcpdump_mesa rpm package" shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix_path }} with_items: - - {"rpm_version": "{{ sapp_rpm_version.sapp }}", "prefix_path": "{{ sapp.prefix_path }}" } - - {"rpm_version": "{{ sapp_rpm_version.tcpdump_mesa }}", "prefix_path": "{{ framework.prefix_path }}" } + - {"rpm_version": "{{ sapp_rpm_version.sapp }}", "prefix_path": "{{ prefix_path.sapp }}" } + - {"rpm_version": "{{ sapp_rpm_version.tcpdump_mesa }}", "prefix_path": "{{ prefix_path.framework }}" } - name: replace sapp service replace: @@ -70,7 +61,7 @@ dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2 tags: template when: - - PROFILE_ID == '9000-NPB-P01R01' + - runtime_env == '9140' - name: Template the conflist.inf - tsg_7400 template: @@ -78,7 +69,7 @@ dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2 tags: template when: - - PROFILE_ID == '7400-MCN0-P01R01' + - runtime_env == '7400mcn0' - name: Template the entrylist.conf.j2 template: @@ -97,8 +88,6 @@ src: "{{ role_path }}/templates/necessary_plug_list.conf.j2" dest: /opt/tsg/sapp/etc/necessary_plug_list.conf tags: template - when: - - PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '9000-NPB-P01R01' - name: Template the vlan_flipping_map.conf - tsg-9140 template: @@ -106,7 +95,7 @@ dest: /opt/tsg/sapp/etc/vlan_flipping_map.conf tags: template when: - - PROFILE_ID == '9000-NPB-P01R01' + - runtime_env == '9140' - name: Template the vlan_flipping_map.conf - tsg-7400 template: @@ -114,7 +103,7 @@ dest: /opt/tsg/tsg-os-provision/templates/vlan_flipping_map.conf.j2 tags: template when: - - PROFILE_ID == '7400-MCN0-P01R01' + - runtime_env == '7400mcn0' - name: Template the sapp_log.conf template: @@ -177,7 +166,7 @@ - { src: "{{ role_path }}/files/service_attach_startpre.conf.except_tera", mode: "0644" } - { src: "{{ role_path }}/files/tera_fake_promisc_setup.sh", mode: "0755" } when: - - PROFILE_ID == '7400-MCN0-P01R01' + - runtime_env == '7400mcn0' - name: "replace action: replace service WantedBy from multi-user.target to workload.target" replace: diff --git a/ansible/roles/sapp/templates/gdev.conf.j2.j2 b/ansible/roles/sapp/templates/gdev.conf.j2.j2 index c653d1a8..7a3fe5ec 100644 --- a/ansible/roles/sapp/templates/gdev.conf.j2.j2 +++ b/ansible/roles/sapp/templates/gdev.conf.j2.j2 @@ -1,5 +1,5 @@ [Module] -pcapdevice={{ sapp.gdev_conf.Module.pcapdevice }} -sendto_gdev_card={{ sapp.gdev_conf.Module.sendto_gdev_card }} -sendto_gdev_ip={{ sapp.gdev_conf.Module.sendto_gdev_ip }} +pcapdevice={{ dp_steering_firewall.nic_internal }} +sendto_gdev_card={{ dp_steering_firewall.nic_internal }} +sendto_gdev_ip={% raw %}{{ gdev_conf_keep_alive_ip }}{% endraw %} gdev_status_switch=1 diff --git a/ansible/roles/sapp/templates/sapp.toml.j2.j2 b/ansible/roles/sapp/templates/sapp.toml.j2.j2 index ab0e21cc..4e5d0565 100644 --- a/ansible/roles/sapp/templates/sapp.toml.j2.j2 +++ b/ansible/roles/sapp/templates/sapp.toml.j2.j2 @@ -10,9 +10,9 @@ instance_name = "sapp4" [CPU] ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as [] -worker_threads={{ sapp.sapp_toml.CPU.worker_threads }} -send_only_threads_max={{ sapp.sapp_toml.CPU.send_only_threads_max }} -bind_mask=[{{ sapp.sapp_toml.CPU.bind_mask }}] +worker_threads={{ workload_firewall.worker_threads }} +send_only_threads_max={{ workload_firewall.send_only_threads_max }} +bind_mask=[{{ workload_firewall.cpu_affinity }}] [MEM] dictator_enable=1 @@ -25,8 +25,15 @@ dictator_enable=1 l2_l3_tunnel_support=1 ### note, optional value is [none, vxlan] - overlay_mode={{ sapp.sapp_toml.PACKET_IO.overlay_tunnel_definition.overlay_mode }} - +{% if dp_steering_firewall.encapsulation == 'vlan' or dp_steering_firewall.encapsulation == 'raw' %} + overlay_mode=none +{% endif %} +{% if dp_steering_firewall.encapsulation == 'vxlan' %} + overlay_mode=vxlan +{% endif %} +{% if dp_steering_firewall.encapsulation == 'provision' %} + overlay_mode={% raw %}{{ sapp_overlay_mode }}{% endraw %} +{% endif %} [packet_io.feature] ### note, used to represent inbound or outbound direction value, @@ -61,12 +68,25 @@ dictator_enable=1 ### note, depolyment.mode options: [mirror, inline, transparent] [packet_io.depolyment] +{% if dp_steering_firewall.deployment == 'inline' %} mode=inline +{% endif %} +{% if dp_steering_firewall.deployment == 'mirror' %} + mode=mirror +{% endif %} +{% if dp_steering_firewall.deployment == 'transparent' %} + mode=transparent +{% endif %} ### note, interface.type options: [pag,pcap,marsio] [packet_io.internal.interface] +{% if dp_steering_firewall.deployment == 'driver' %} type=marsio - name={{ sapp.sapp_toml.PACKET_IO.packet_io_internal_interface.name }} +{% endif %} +{% if dp_steering_firewall.deployment == 'pcap' %} + type=pcap +{% endif %} + name={{ dp_steering_firewall.nic_internal }} [packet_io.external.interface] type=pcap name=lo @@ -264,5 +284,5 @@ dictator_enable=1 data_file_inline_keepalive_log="gdev_keeplive_status.log" [LIBRARY_LINK] - marsio_library_path="{{ mrzcpd.prefix_path }}/lib/libmarsio.so" + marsio_library_path="{{ prefix_path.mrzcpd }}/lib/libmarsio.so" \ No newline at end of file diff --git a/ansible/roles/sapp/templates/send_raw_pkt.conf.j2 b/ansible/roles/sapp/templates/send_raw_pkt.conf.j2 index 14b1e0ca..7d314e0c 100644 --- a/ansible/roles/sapp/templates/send_raw_pkt.conf.j2 +++ b/ansible/roles/sapp/templates/send_raw_pkt.conf.j2 @@ -2,8 +2,8 @@ ##(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio #target_id -0 pag p7p2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 {{ sapp.send_raw_pkt_conf.nic_name }} smith dpdk dpdk pag -1 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 {{ sapp.send_raw_pkt_conf.nic_name }} smith dpdk dpdk pag +0 pag p7p2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 {{ dp_steering_firewall.nic_internal }} smith dpdk dpdk pag +1 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 {{ dp_steering_firewall.nic_internal }} smith dpdk dpdk pag #2 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p1 smith dpdk dpdk pag #3 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag #4 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag \ No newline at end of file diff --git a/ansible/roles/tfe/tasks/main.yml b/ansible/roles/tfe/tasks/main.yml index f7e6e44e..8612604d 100644 --- a/ansible/roles/tfe/tasks/main.yml +++ b/ansible/roles/tfe/tasks/main.yml @@ -10,12 +10,8 @@ dest: /usr/lib/systemd/system/ mode: 0644 -- name: "install tfe rpms from localhost" - yum: - name: - - "{{ tfe_rpm_version.tfe }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present +- name: "Install tfe" + shell: rpm -i /tmp/rpm_download/{{ tfe_rpm_version.tfe }}* - name: "tfe:copy cert file to device" copy: diff --git a/ansible/roles/tfe/templates/future.conf.j2 b/ansible/roles/tfe/templates/future.conf.j2 index aa6f10a0..3f3c1c73 100755 --- a/ansible/roles/tfe/templates/future.conf.j2 +++ b/ansible/roles/tfe/templates/future.conf.j2 @@ -1,9 +1,9 @@ [STAT] no_stats=0 -{% if PROFILE_ID == '7400-MCN123-P01R01' %} +{% if dp_steering_proxy.location == 'foreign' %} statsd_server=192.168.100.1 {% endif %} -{% if PROFILE_ID == '9000-NPB-P01R01' %} +{% if dp_steering_proxy.location == 'local' %} statsd_server=127.0.0.1 {% endif %} statsd_port=8100 diff --git a/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 b/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 index 9e999061..559652d1 100644 --- a/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 +++ b/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 @@ -51,8 +51,8 @@ log_fsstat_dst_port=8125 #hijack flow control enable=0 token_name=ratelimit -redis_server={{ cm_policy_server_ip }} -redis_port={{ cm_policy_server_port }} +redis_server={% raw %}{{ cm_policy_server_ip }}{% endraw %} +redis_port={% raw %}{{ cm_policy_server_port }}{% endraw %} redis_db_index=6 [tango_cache] diff --git a/ansible/roles/tfe/templates/tfe-env-config.j2 b/ansible/roles/tfe/templates/tfe-env-config.j2 index 0040c44c..7674480b 100644 --- a/ansible/roles/tfe/templates/tfe-env-config.j2 +++ b/ansible/roles/tfe/templates/tfe-env-config.j2 @@ -1,5 +1,5 @@ -TFE_DEVICE_DATA_INCOMING={{ tfe.tfe_env_config.TFE_DEVICE_DATA_INCOMING }} +TFE_DEVICE_DATA_INCOMING={{ dp_proxy.nic_name_data_incoming }} TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd -TFE_PEER_MAC_DATA_INCOMING={{ tfe.tfe_env_config.TFE_PEER_MAC_DATA_INCOMING}} +TFE_PEER_MAC_DATA_INCOMING={{ dp_proxy.mac_addr_data_incoming }} TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 TFE_PEER_IP_DATA_INCOMING=172.16.241.1 diff --git a/ansible/roles/tfe/templates/tfe.conf.j2.j2 b/ansible/roles/tfe/templates/tfe.conf.j2.j2 index 09827bf1..9083c564 100644 --- a/ansible/roles/tfe/templates/tfe.conf.j2.j2 +++ b/ansible/roles/tfe/templates/tfe.conf.j2.j2 @@ -1,5 +1,5 @@ [system] -nr_worker_threads={{ tfe.tfe_conf.system.nr_worker_threads }} +nr_worker_threads={{ dp_proxy.worker_thread }} enable_kni_v1=0 enable_kni_v2=0 enable_kni_v3=1 @@ -35,8 +35,8 @@ breakpad_upload_tools=/opt/tsg/framework/bin/minidump_upload # ask for at least (1 + nr_worker_threads) masks # the first mask for acceptor thread # the others mask for worker thread -enable_cpu_affinity={{ tfe.tfe_conf.system.enable_cpu_affinity }} -cpu_affinity_mask=48-55 +enable_cpu_affinity={{ dp_proxy.enable_cpu_affinity }} +cpu_affinity_mask={{ dp_proxy.cpu_affinity }} # LEAST_CONN = 0; ROUND_ROBIN = 1 load_balance=1 @@ -56,7 +56,12 @@ queue_no_enobufs=1 # send cmsg send_switch=1 -ip={{ tfe.tfe_conf.kni.ip }} +{% if dp_steering_proxy.location == 'local' %} +ip=127.0.0.1 +{% endif %} +{% if dp_steering_proxy.location == 'foreign'%} +ip=192.168.100.1 +{% endif %} cmsg_port=2475 # watch dog @@ -117,7 +122,7 @@ key_log_file=log/sslkeylog.log # mid cert cache mc_cache_enable=1 -mc_cache_eth={{ tfe.tfe_conf.ssl.mc_cache_eth }} +mc_cache_eth={{ control_and_policy.nic_name }} {% raw %}mc_cache_broker_list={{ olap.kafka_broker.address_list | join(",") }} {% endraw %} mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT @@ -129,7 +134,12 @@ sasl_passwd=galaxy2019 #0 on cache 1 off cache no_cache=0 mode=normal -cert_store_host={{ tfe.tfe_conf.key_keeper.cert_store_host }} +{% if dp_certstore == 'local' %} +cert_store_host=127.0.0.1 +{% endif %} +{% if dp_certstore == 'foreign'%} +cert_store_host= +{% endif %} cert_store_port=9991 ca_path=resource/tfe/tango-ca-v3-trust-ca.pem untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem @@ -169,10 +179,10 @@ tcp_ttl_upstream=75 tcp_ttl_downstream=70 [stat] -{% if PROFILE_ID == '7400-MCN123-P01R01' %} +{% if dp_steering_proxy.location == 'foreign' %} statsd_server=192.168.100.1 {% endif %} -{% if PROFILE_ID == '9000-NPB-P01R01' %} +{% if dp_steering_proxy.location == 'local' %} statsd_server=127.0.0.1 {% endif %} statsd_port=8100 @@ -184,18 +194,18 @@ statsd_set_prometheus_port=9001 statsd_set_prometheus_url_path=/metrics [traffic_mirror] -enable={{ tfe.tfe_conf.traffic_mirror.enable }} -device={{ tfe.tfe_conf.traffic_mirror.device }} +enable={{ dp_proxy.enable_traffic_mirror }} +device={{ dp_traffic_mirror.nic_name }} # 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO -type={{ tfe.tfe_conf.traffic_mirror.type }} -default_vlan_id_for_mac={{ tfe.tfe_conf.traffic_mirror.default_vlan_id_for_mac }} +type={{ dp_proxy.traffic_mirror_type }} +default_vlan_id_for_mac={{ dp_proxy.traffic_mirror_vlan_id }} table_info=resource/pangu/table_info_traffic_mirror.conf stat_file=log/traffic_mirror.status [kafka] enable=1 -NIC_NAME={{ tfe.tfe_conf.kafka.NIC_NAME }} +NIC_NAME={{ control_and_policy.nic_name }} {% raw %}kafka_brokerlist={{ olap.kafka_broker.address_list | join(",") }} {% endraw %} kafka_topic=PROXY-EVENT @@ -218,8 +228,8 @@ deferred_load_on=0 json_cfg_file=resource/pangu/pangu_http.json # redis mode conf iterm -maat_redis_server={{ cm_policy_server_ip }} -maat_redis_port_range={{ cm_policy_server_port }} +maat_redis_server={% raw %}{{ cm_policy_server_ip }}{% endraw %} +maat_redis_port_range={% raw %}{{ cm_policy_server_port }}{% endraw %} {% raw %}maat_redis_db_index={{ cm.policy_server.db_static }} {% endraw %} diff --git a/ansible/roles/tsg-diagnose/tasks/main.yml b/ansible/roles/tsg-diagnose/tasks/main.yml index f1406afb..c9fcf688 100644 --- a/ansible/roles/tsg-diagnose/tasks/main.yml +++ b/ansible/roles/tsg-diagnose/tasks/main.yml @@ -1,9 +1,5 @@ -- name: "Install tsg-diagnose rpm package" - yum: - name: - - "{{ tsg_diagnose_rpm_version.tsg_diagnose }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present +- name: "Install tsg-diagnose" + shell: rpm -i /tmp/rpm_download/{{ tsg_diagnose_rpm_version.tsg_diagnose }}* - name: "Templates docker-compose.yml" template: diff --git a/ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 b/ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 index afdc89f1..82dc336a 100644 --- a/ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 +++ b/ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 @@ -99,7 +99,7 @@ networks: driver: macvlan enable_ipv6: true driver_opts: - parent: {{ tsg_diagnose.docker_compose_yml.virtual_server_nic }} + parent: {{ diagnose.virtual_server_nic }} ipam: config: - subnet: 192.0.2.0/24 @@ -114,7 +114,7 @@ networks: driver: macvlan enable_ipv6: true driver_opts: - parent: {{ tsg_diagnose.docker_compose_yml.virtual_client_nic }} + parent: {{ diagnose.virtual_client_nic }} ipam: config: - subnet: 192.0.2.0/24 diff --git a/ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml b/ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml index 47d63533..e100ee83 100644 --- a/ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml +++ b/ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml @@ -43,7 +43,7 @@ replace: 'WantedBy=workload.target' with_items: - /usr/lib/systemd/system/exporter-proxy.service - when: PROFILE_ID == '9000-NPB-P01R01' + when: runtime_env == '9140' - name: 'exporter-proxy service start' systemd: diff --git a/ansible/roles/tsg-os-provision-condition/tasks/main.yml b/ansible/roles/tsg-os-provision-condition/tasks/main.yml index 7d9bd5ec..9e4a2e2f 100644 --- a/ansible/roles/tsg-os-provision-condition/tasks/main.yml +++ b/ansible/roles/tsg-os-provision-condition/tasks/main.yml @@ -14,7 +14,7 @@ - telegraf_statistic - tfe-env - tfe - when: PROFILE_ID == '9000-NPB-P01R01' + when: runtime_env == '9140' - name: "add condition into service depend provision result TSG7400 MCN0" copy: @@ -30,7 +30,7 @@ - mrzcpd - sapp - telegraf_statistic - when: PROFILE_ID == '7400-MCN0-P01R01' + when: runtime_env == '7400mcn0' - name: "add condition into service depend provision result TSG7400 MCN0" copy: @@ -44,4 +44,4 @@ - mrzcpd - tfe-env - tfe - when: PROFILE_ID == '7400-MCN123-P01R01' + when: runtime_env == '7400mcn123' diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 index fbad8b48..4592597f 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 @@ -58,9 +58,14 @@ fail_msg: "error:{{ result_exec_obtain_keepalive_subnet.stderr }},stdout:{{ result_exec_obtain_keepalive_subnet.stdout_lines }}" success_msg: "{{ result_exec_obtain_keepalive_subnet.stdout_lines[0] }}" - - name: "tsg-os-provision: Set fact for field keepalive_subnet_ip" + - name: "set cm_policy_server_ip and cm_policy_server_port" set_fact: - keepalive_subnet_ip: "{{ result_exec_obtain_keepalive_subnet.stdout_lines[0] }}" + cm_policy_server_ip: "{{cm.policy_server.address}}" + cm_policy_server_port: "{{ cm.policy_server.port }}" + + - name: "tsg-os-provision: Set fact for field gdev_conf_keep_alive_ip" + set_fact: + gdev_conf_keep_alive_ip: "10.252.{{ result_exec_obtain_keepalive_subnet.stdout_lines[0] }}.1" - name: "tsg-os-provision: Template the conflist.inf" template: diff --git a/ansible/roles/tsg-os-provision/tasks/main.yml b/ansible/roles/tsg-os-provision/tasks/main.yml index 708e6c3d..a9ae7af4 100644 --- a/ansible/roles/tsg-os-provision/tasks/main.yml +++ b/ansible/roles/tsg-os-provision/tasks/main.yml @@ -38,63 +38,63 @@ src: "{{ role_path }}/files/tasks/provision.yml.9000NPBP01R01" dest: /opt/tsg/tsg-os-provision/tasks/provision.yml mode: 0644 - when: PROFILE_ID == '9000-NPB-P01R01' + when: runtime_env == '9140' - name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg7400 mcn0" copy: src: "{{ role_path }}/files/tasks/provision.yml.7400MCN0P01R01" dest: /opt/tsg/tsg-os-provision/tasks/provision.yml mode: 0644 - when: PROFILE_ID == '7400-MCN0-P01R01' + when: runtime_env == '7400mcn0' - name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg7400 mcn1 mcn2 mcn3" copy: src: "{{ role_path }}/files/tasks/provision.yml.7400MCN123P01R01" dest: /opt/tsg/tsg-os-provision/tasks/provision.yml mode: 0644 - when: PROFILE_ID == '7400-MCN123-P01R01' + when: runtime_env == '7400mcn123' - name: "tsg-os-provision: copy provision.yml.sample file to dest - tsg9140" copy: src: "{{ role_path }}/files/config_sample/provision.yml.sample.9000NPBP01R01" dest: /opt/tsg/tsg-os-provision/provision.yml.sample mode: 0644 - when: PROFILE_ID == '9000-NPB-P01R01' + when: runtime_env == '9140' - name: "tsg-os-provision: copy provision.default.yml - tsg7400 mcn0" copy: src: "{{ role_path }}/files/config_sample/provision.default.yml.7400MCN0P01R01" dest: /opt/tsg/tsg-os-provision/provision.default.yml mode: 0644 - when: PROFILE_ID == '7400-MCN0-P01R01' + when: runtime_env == '7400mcn0' - name: "tsg-os-provision: copy provision.default.yml - tsg7400 mcn123" copy: src: "{{ role_path }}/files/config_sample/provision.default.yml.7400MCN123P01R01" dest: /opt/tsg/tsg-os-provision/provision.default.yml mode: 0644 - when: PROFILE_ID == '7400-MCN123-P01R01' + when: runtime_env == '7400mcn123' - name: "tsg-os-provision: copy provision.default.yml - tsg9140" copy: src: "{{ role_path }}/files/config_sample/provision.default.yml.9000NPBP01R01" dest: /opt/tsg/tsg-os-provision/provision.default.yml mode: 0644 - when: PROFILE_ID == '9000-NPB-P01R01' + when: runtime_env == '9140' - name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0" copy: src: "{{ role_path }}/files/config_sample/provision.yml.sample.7400MCN0P01R01" dest: /opt/tsg/tsg-os-provision/provision.yml.sample mode: 0644 - when: PROFILE_ID == '7400-MCN0-P01R01' + when: runtime_env == '7400mcn0' - name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn1 mcn2 mcn3" copy: src: "{{ role_path }}/files/config_sample/provision.yml.sample.7400MCN123P01R01" dest: /opt/tsg/tsg-os-provision/provision.yml.sample mode: 0644 - when: PROFILE_ID == '7400-MCN123-P01R01' + when: runtime_env == '7400mcn123' - name: "tsg-os-provision: copy provision.sh file to dest" @@ -113,7 +113,7 @@ mode: 0644 with_items: - { "src": tsg-os-provision.service.TSG7400, "dest": tsg-os-provision.service } - when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01' + when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123' - name: "replace action: replace service WantedBy from multi-user.target to workload.target --TSG7400" replace: @@ -122,7 +122,7 @@ replace: 'RequiredBy=workload.target' with_items: - /usr/lib/systemd/system/tsg-os-provision.service - when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01' + when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123' - name: "tsg-os-provision: enable tsg-os-provison -- TSG7400" systemd: @@ -130,7 +130,7 @@ enabled: yes with_items: - tsg-os-provision - when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01' + when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123' - name: "install tsg-os-provision.service -- TSG9140" copy: @@ -139,13 +139,13 @@ mode: 0644 with_items: - { "src": tsg-os-provision.service.TSG9140, "dest": tsg-os-provision.service } - when: PROFILE_ID == '9000-NPB-P01R01' + when: runtime_env == '9140' - name: "replace action: add service into sysinit.target --TSG9140" shell: ln -vfs --relative /usr/lib/systemd/system/{{item}} /usr/lib/systemd/system/sysinit.target.wants/{{item}} with_items: - tsg-os-provision.service - when: PROFILE_ID == '9000-NPB-P01R01' + when: runtime_env == '9140' - name: "tsg-os-provision: copy tsg-start.sh to dest - tsg9140" @@ -153,7 +153,7 @@ src: "{{ role_path }}/files/script/provision-config-apply" dest: /opt/tsg/tsg-os-provision/ mode: 0755 - when: PROFILE_ID == '9000-NPB-P01R01' + when: runtime_env == '9140' #- name: "tsg-os-provision: install yaml module using pip3" # pip: diff --git a/ansible/roles/tsg_app/tasks/main.yml b/ansible/roles/tsg_app/tasks/main.yml index a3dff211..7de3be61 100644 --- a/ansible/roles/tsg_app/tasks/main.yml +++ b/ansible/roles/tsg_app/tasks/main.yml @@ -1,11 +1,3 @@ --- -- name: "install tsg_app packages" - yum: - name: "{{ tsg_app_rpm_version.app_sketch_local }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - - name: "Install app_sketch_local that is sapp plugins" - shell: rpm -i /tmp/rpm_download/{{ tsg_app_rpm_version.app_sketch_local }}* --prefix {{ sapp.prefix_path }} + shell: rpm -i /tmp/rpm_download/{{ tsg_app_rpm_version.app_sketch_local }}* --prefix {{ prefix_path.sapp }} diff --git a/ansible/roles/tsg_master/tasks/main.yml b/ansible/roles/tsg_master/tasks/main.yml index aa6c1aea..650537ba 100644 --- a/ansible/roles/tsg_master/tasks/main.yml +++ b/ansible/roles/tsg_master/tasks/main.yml @@ -1,11 +1,2 @@ -- name: "install tsg_master from localhost" - yum: - name: - - "{{ tsg_master_rpm_version.tsg_master }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - - name: "Install tsg_master that is sapp plugins" - shell: rpm -i /tmp/rpm_download/{{ tsg_master_rpm_version.tsg_master }}* --prefix {{ sapp.prefix_path }} + shell: rpm -i /tmp/rpm_download/{{ tsg_master_rpm_version.tsg_master }}* --prefix {{ prefix_path.sapp }} diff --git a/ansible/roles/tsg_sn/tasks/main.yml b/ansible/roles/tsg_sn/tasks/main.yml index 66d1cee9..b93ac15b 100644 --- a/ansible/roles/tsg_sn/tasks/main.yml +++ b/ansible/roles/tsg_sn/tasks/main.yml @@ -7,11 +7,11 @@ with_items: - { "src": "obtain_sn.sh.TSG7400", "dest": "obtain_sn.sh" } - { "src": "cmm_api_tst", "dest": "cmm_api_tst" } - when: PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '7400-MCN123-P01R01' + when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123' - name: "deploy obtain sn - tsg-9140" copy: src: "{{ role_path }}/files/obtain_sn.sh.TSG9140" dest: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh mode: 0755 - when: PROFILE_ID == '9000-NPB-P01R01' \ No newline at end of file + when: runtime_env == '9140' \ No newline at end of file diff --git a/ansible/roles/wannat_common/tasks/main.yml b/ansible/roles/wannat_common/tasks/main.yml index 552517be..318d947d 100644 --- a/ansible/roles/wannat_common/tasks/main.yml +++ b/ansible/roles/wannat_common/tasks/main.yml @@ -9,19 +9,10 @@ name: - /tmp/nanomsg-1.1.5-6.el7.x86_64.rpm state: present - -- name: "download wannat wannat_common library" - yum: - name: "{{ item.value }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - with_dict: "{{ wannat_wangw_rpm_version }}" - name: "Install wannat_common library" shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }} with_items: - - { "rpm_version": "{{ wannat_wangw_rpm_version.libwannat_common }}", "prefix": "{{ framework.prefix_path }}" } + - { "rpm_version": "{{ wannat_wangw_rpm_version.libwannat_common }}", "prefix": "{{ prefix_path.framework }}" } diff --git a/ansible/roles/wannat_wangw/tasks/main.yml b/ansible/roles/wannat_wangw/tasks/main.yml index c39a1359..822ba2ae 100644 --- a/ansible/roles/wannat_wangw/tasks/main.yml +++ b/ansible/roles/wannat_wangw/tasks/main.yml @@ -1,17 +1,8 @@ --- -- name: "install wannat wangw plug packages" - yum: - name: "{{ item.value }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - with_dict: "{{ wannat_wangw_rpm_version }}" - - name: "Install wangw plugins" shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }} with_items: - - { "rpm_version": "{{ wannat_wangw_rpm_version.libwangw }}", "prefix": "{{ sapp.prefix_path }}" } + - { "rpm_version": "{{ wannat_wangw_rpm_version.libwangw }}", "prefix": "{{ prefix_path.sapp }}" } - name: "Template the etc/wannat/wangw.conf" template: diff --git a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 index 167d5ed5..8a5e0840 100644 --- a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 +++ b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 @@ -8,7 +8,7 @@ NAT_GW_tunnel_mode=vxlan {% raw %}recvfrom_NATGW_bind_first_port={{ wannat.wan_gateway_listen_port_range_left_edge }} {% endraw %} #NAT GW的内部互联网卡名称 -NAT_GW_tunnel_device={{ wannat_wangw.wangw_conf.main.NAT_GW_tunnel_device }} +NAT_GW_tunnel_device={{ control_and_policy.nic_name }} #DNAT首包发送给NATGW时, 对端的监听端口 {% raw %}NAT_GW_tunnel_port={{ wannat.nat_gateway_listen_port }} @@ -69,8 +69,8 @@ json_cfg_file=./etc/wannat/gtest.json inc_dir=./redis_dump/ full_dir=./redis_dump/ -redis_server_ip={{ cm_policy_server_ip }} -redis_server_port={{ cm_policy_server_port }} +redis_server_ip={% raw %}{{ cm_policy_server_ip }}{% endraw %} +redis_server_port={% raw %}{{ cm_policy_server_port }}{% endraw %} {% raw %}REDIS_PORT_NUM={{ cm.policy_server.port_num }} redis_index={{ cm.policy_server.db_static }} {% endraw %} diff --git a/ansible/roles/wire_graft/tasks/main.yml b/ansible/roles/wire_graft/tasks/main.yml index dcc8d428..8c4aea59 100644 --- a/ansible/roles/wire_graft/tasks/main.yml +++ b/ansible/roles/wire_graft/tasks/main.yml @@ -1,18 +1,9 @@ --- -- name: "install wire_graft plug packages" - yum: - name: "{{ item.value }}" - conf_file: "{{ rpm_repo_config_path }}" - state: present - download_only: yes - download_dir: /tmp/rpm_download/ - with_dict: "{{ wire_graft_rpm_version }}" - - name: "Install wire_graft that is sapp plugins" shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }} with_items: - - { "rpm_version": "{{ wire_graft_rpm_version.wire_graft }}", "prefix": "{{ sapp.prefix_path }}" } - - { "rpm_version": "{{ wire_graft_rpm_version.libwire_graft }}", "prefix": "{{ framework.prefix_path }}" } + - { "rpm_version": "{{ wire_graft_rpm_version.wire_graft }}", "prefix": "{{ prefix_path.sapp }}" } + - { "rpm_version": "{{ wire_graft_rpm_version.libwire_graft }}", "prefix": "{{ prefix_path.framework }}" } - name: "Template the etc/wire_graft/wire_graft.conf" template: diff --git a/ansible/roles/wire_graft/templates/wire_graft.conf.j2.j2 b/ansible/roles/wire_graft/templates/wire_graft.conf.j2.j2 index 720a8fc6..bee8d53a 100644 --- a/ansible/roles/wire_graft/templates/wire_graft.conf.j2.j2 +++ b/ansible/roles/wire_graft/templates/wire_graft.conf.j2.j2 @@ -16,7 +16,7 @@ at_least_total_byte=10 stream_project_tag_enable=1 #用于标识本机ip使用哪块网卡,可能是管理口,可能是其他业务口 -identification_by_which_device={{ wire_graft.wire_graft_conf.main.identification_by_which_device}} +identification_by_which_device={{ control_and_policy.nic_name }} #mirror镜像模式下, 从MAC地址获取链路信息 ### note, for example, dst mac is 01:12:34:56:78:90, src src is 02:AA:BB:CC:DD:EE:FF, diff --git a/ansible/stage_one_deploy.yml b/ansible/stage_one_deploy.yml index 119dacb0..62228818 100644 --- a/ansible/stage_one_deploy.yml +++ b/ansible/stage_one_deploy.yml @@ -1,3 +1,10 @@ +- hosts: all + remote_user: root + vars_files: + - install_config/group_vars/rpm_version.yml + roles: + - {role: rpm_packages_download, tags: rpm_packages_download} + - hosts: 7400-MCN0-P01R01 remote_user: root vars_files: