diff --git a/init_runtime/install_config/group_vars/runtime.yml b/init_runtime/install_config/group_vars/runtime.yml
new file mode 100644
index 00000000..600117fe
--- /dev/null
+++ b/init_runtime/install_config/group_vars/runtime.yml
@@ -0,0 +1,26 @@
+maat_redis_server:
+  address: "192.168.100.1"
+  port: 7002
+  port_num: 1
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.100.1"
+  port: 7002
+  port_num: 1
+  db: 1
+
+breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
+data_center: Kyzylorda
+tsg_master_entrance_id: 9
+
+
+log_kafkabrokers:
+  address: ['1.1.1.1:9092','2.2.2.2:9092']
+
+
+firewall:
+  hos_serverip: "192.168.40.223"
+  hos_serverport: 9098
+  APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
+  APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
diff --git a/init_runtime/install_config/runtime_hosts b/init_runtime/install_config/runtime_hosts
new file mode 100644
index 00000000..7bf73981
--- /dev/null
+++ b/init_runtime/install_config/runtime_hosts
@@ -0,0 +1,2 @@
+[local]
+localhost ansible_connection=local
\ No newline at end of file
diff --git a/init_runtime/roles/certstore/tasks/main.yml b/init_runtime/roles/certstore/tasks/main.yml
new file mode 100644
index 00000000..21802c9c
--- /dev/null
+++ b/init_runtime/roles/certstore/tasks/main.yml
@@ -0,0 +1,32 @@
+- name: "copy certstore rpm to destination"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: "/tmp/ansible_deploy/"
+
+- name: Ensures /opt/tsg exists
+  file: path=/opt/tsg state=directory
+  tags: mkdir
+
+- name: install certstore
+  yum:
+    name:
+      - /tmp/ansible_deploy/certstore-2.1.6.20201215.f2e9ba7-1.el7.x86_64.rpm
+    state: present
+
+- name: template certstore configure file
+  template:
+    src: "{{ role_path }}/templates/cert_store.ini.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/certstore/templates/cert_store.ini.j2
+
+- name: template certstore zlog file
+  template:
+    src: "{{ role_path }}/templates/zlog.conf.j2"
+    dest: /opt/tsg/certstore/conf/zlog.conf
+
+- name: "copy memory limit file to certstore.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/certstore.service.d/
+    mode: 0644
+
+
diff --git a/init_runtime/roles/certstore/templates/.gitkeep b/init_runtime/roles/certstore/templates/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/init_runtime/roles/firewall/tasks/main.yml b/init_runtime/roles/firewall/tasks/main.yml
new file mode 100644
index 00000000..5f77520a
--- /dev/null
+++ b/init_runtime/roles/firewall/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+- name: "copy firewall rpms to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install firewall packages"
+  yum:
+    name: "{{ fw_packages }}"
+    state: present
+    skip_broken: yes
+  vars:
+    fw_packages:
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.11.2265b5c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.1.5.69f6482-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.0.2.7401550-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.4.f333054-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mesa_sip-1.0.9.ede6893-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_voip_plug-1.0.2.090e5da-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_identify-1.0.9.a6581a6-2.el7.x86_64.rpm
+
+- name: "Template the tsgconf/main.conf"
+  template:
+    src: "{{ role_path }}/templates/main.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/firewall/templates/main.conf.j2
+  tags: template
+
+
+- name: "Template the tsgconf/maat.conf"
+  template:
+    src: "{{ role_path }}/templates/maat.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/firewall/templates/maat.conf.j2
+  tags: template
+
+- name: "Template the conf/capture_packet_plug.conf.j2"
+  template:
+    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
+    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
+  tags: template
+
+- name: "Template the tsgconf/app_l7_proto_id.conf"
+  template:
+    src: "{{ role_path }}/templates/app_l7_proto_id.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/app_l7_proto_id.conf
+ 
+- name: "Template the /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
+  template:
+    src: "{{ role_path }}/templates/tsg_conn_sketch.inf.j2"
+    dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+  tags: template
+
diff --git a/init_runtime/roles/firewall/templates/.gitkeep b/init_runtime/roles/firewall/templates/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/init_runtime/roles/sapp/tasks/main.yml b/init_runtime/roles/sapp/tasks/main.yml
new file mode 100644
index 00000000..c2f4b696
--- /dev/null
+++ b/init_runtime/roles/sapp/tasks/main.yml
@@ -0,0 +1,72 @@
+---
+- name: "copy sapp to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "copy maat_redis_tool to destination server"
+  copy:
+    src: "{{ role_path }}/files/maat_redis_tool"
+    dest: /usr/local/bin
+    mode: 0755
+
+- name: "install sapp rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/sapp-4.2.26.fc1a6aa-2.el7.x86_64.rpm
+    state: present
+
+- name: "install tcpdump_mesa rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/tcpdump_mesa-1.0.2.0c5a950-2.el7.x86_64.rpm
+    state: present
+    skip_broken: yes
+
+- name: "mkdir tsgconf"
+  file:
+    path: /home/mesasoft/sapp_run/tsgconf
+    state: directory
+
+- name: Template the sapp.toml
+  template:
+    src: "{{ role_path }}/templates/sapp.toml.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/sapp/templates/sapp.toml.j2
+  tags: template
+
+- name: Template the project_list.conf
+  template:
+    src: "{{ role_path }}/templates/project_list.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/project_list.conf
+  tags: template
+
+- name: Template the conflist.inf
+  template:
+    src: "{{ role_path }}/templates/conflist.inf.j2"
+    dest: /home/mesasoft/sapp_run/plug/conflist.inf
+  tags: template
+
+- name: Template the sapp_log.conf
+  template:
+    src: "{{ role_path }}/templates/sapp_log.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/sapp_log.conf
+  tags: template
+
+- name: Template the sapp_tmpfile.conf
+  template:
+    src: "{{ role_path }}/templates/sapp_tmpfile.conf.j2"
+    dest: /etc/tmpfiles.d/sapp_tmpfile.conf
+  tags: template
+
+- name: "Template sapp.service destination server"
+  template:
+    src: "{{ role_path }}/templates/sapp.service.j2"
+    dest: /usr/lib/systemd/system/sapp.service
+    mode: 0755
+
+- name: "copy memory limit file to sapp.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/sapp.service.d/
+    mode: 0644
+
diff --git a/init_runtime/roles/sapp/templates/.gitkeep b/init_runtime/roles/sapp/templates/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/init_runtime/roles/telegraf_statistic/tasks/main.yml b/init_runtime/roles/telegraf_statistic/tasks/main.yml
new file mode 100644
index 00000000..05df5fee
--- /dev/null
+++ b/init_runtime/roles/telegraf_statistic/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: "copy telegraf.rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/telegraf-1.13.0-1.x86_64.rpm"
+    dest: /tmp
+
+- name: "install telegraf"
+  yum:
+    name:
+      - /tmp/telegraf-1.13.0-1.x86_64.rpm
+    state: present
+
+- name: "Templates telegraf.conf"
+  template:
+    src: "{{role_path}}/templates/telegraf_statistic.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
+  tags: template
+
+- name: "copy telegraf_statistic.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/telegraf_statistic.service"
+    dest: /usr/lib/systemd/system
+    mode: 0644
diff --git a/init_runtime/roles/telegraf_statistic/templates/.gitkeep b/init_runtime/roles/telegraf_statistic/templates/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/init_runtime/roles/tfe/tasks/main.yml b/init_runtime/roles/tfe/tasks/main.yml
new file mode 100644
index 00000000..bf727c76
--- /dev/null
+++ b/init_runtime/roles/tfe/tasks/main.yml
@@ -0,0 +1,77 @@
+---
+- name: "copy tfe program to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "copy tfe.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/tfe.service"
+    dest: /usr/lib/systemd/system/
+    mode: 0644
+
+- name: "install tfe rpms from localhost"
+  yum:
+    name:
+      #- /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
+      - /tmp/ansible_deploy/tfe-4.3.30.62dde9e-1.el7.x86_64.rpm
+    state: present
+
+- name: "tfe:copy cert file to device"
+  copy:
+    src: '{{ role_path }}/files/tsg_diagnose_ca.pem'
+    dest: /opt/tsg/tfe/resource/tfe/
+
+- name: "template tfe-env config"
+  template:
+    src: "{{ role_path }}/templates/tfe-env-config.j2"
+    dest: /etc/sysconfig/tfe-env-config
+
+- name: "template the tfe.conf"
+  template:
+    src: "{{ role_path }}/templates/tfe.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/tfe/templates/tfe.conf.j2
+
+- name: "template the zlog.conf"
+  template:
+    src: "{{ role_path }}/templates/zlog.conf.j2"
+    dest: /opt/tsg/tfe/conf/tfe/zlog.conf
+
+- name: "template the future.conf"
+  template:
+    src: "{{ role_path }}/templates/future.conf.j2"
+    dest: /opt/tsg/tfe/conf/tfe/future.conf
+
+- name: "template the pangu_pxy.conf"
+  template:
+    src: "{{ role_path }}/templates/pangu_pxy.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/tfe/templates/pangu_pxy.conf.j2
+
+- name: "create conf/doh/"
+  file:
+    path: /opt/tsg/tfe/conf/doh/
+    state: directory
+
+- name: "template the doh.conf"
+  template:
+    src: "{{ role_path }}/templates/doh.conf.j2"
+    dest: /opt/tsg/tfe/conf/doh/doh.conf
+
+- name: "create a override conf - first step, create dir"
+  file:
+    path: /etc/systemd/system/tfe.service.d/
+    state: directory
+    mode: '0755'
+
+- name: "create a override conf - second step, copy a override service file"
+  template:
+    src: "{{ role_path }}/templates/require-mrzcpd.conf.j2"
+    dest: /etc/systemd/system/tfe.service.d/require-mrzcpd.conf
+
+- name: "copy memory limit file to tfe.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/tfe.service.d/
+    mode: 0644
+
+
diff --git a/init_runtime/roles/tfe/templates/.gitkeep b/init_runtime/roles/tfe/templates/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/init_runtime/runtime.yml b/init_runtime/runtime.yml
new file mode 100644
index 00000000..f79be2b9
--- /dev/null
+++ b/init_runtime/runtime.yml
@@ -0,0 +1,26 @@
+- hosts: tsg_9140_chroot
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/tsg_9140_docker.yml
+  roles:
+    #- {role: init-env, tags: init-env}
+    - {role: framework, tags: framework}
+    - {role: kernel-ml, tags: kernel-ml}
+    - {role: mrzcpd, tags: mrzcpd}
+    - {role: tsg-9140-env, tags: tsg-9140-env}
+    - {role: sapp, tags: sapp}
+    - {role: tsg_master, tags: tsg_master}
+    - {role: kni, tags: kni}
+    - {role: firewall, tags: firewall}
+    - {role: tsg_app, tags: tsg_app}
+    #- {role: http_healthcheck,tags: http_healthcheck}
+    - {role: x710-drive, tags: x710-drive}
+    - {role: certstore, tags: certstore}
+    - {role: redis, tags: redis}
+    - {role: cert-redis, tags: cert-redis}
+    #83上没有- {role: maat-redis, tags: maat-redis, when: deploy_mode == "cluster"}
+    - {role: tfe, tags: tfe}
+    - {role: telegraf_statistic, tags: telegraf_statistic}
+    - {role: exporter, tags: exporter}
+    - {role: tsg-diagnose, tags: tsg-diagnose}
+    - {role: system-init, tags: system-init}
\ No newline at end of file
diff --git a/tsg-9140-scripts/roles/certstore/tasks/main.yml b/tsg-9140-scripts/roles/certstore/tasks/main.yml
index fa91fb50..21802c9c 100644
--- a/tsg-9140-scripts/roles/certstore/tasks/main.yml
+++ b/tsg-9140-scripts/roles/certstore/tasks/main.yml
@@ -15,8 +15,8 @@
 
 - name: template certstore configure file
   template:
-    src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /opt/tsg/certstore/conf/cert_store.ini
+    src: "{{ role_path }}/templates/cert_store.ini.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/certstore/templates/cert_store.ini.j2
 
 - name: template certstore zlog file
   template:
diff --git a/tsg-9140-scripts/roles/certstore/templates/cert_store.ini.j2 b/tsg-9140-scripts/roles/certstore/templates/cert_store.ini.j2.j2
similarity index 100%
rename from tsg-9140-scripts/roles/certstore/templates/cert_store.ini.j2
rename to tsg-9140-scripts/roles/certstore/templates/cert_store.ini.j2.j2
diff --git a/tsg-9140-scripts/roles/firewall/tasks/main.yml b/tsg-9140-scripts/roles/firewall/tasks/main.yml
index 528ae2a0..5f77520a 100644
--- a/tsg-9140-scripts/roles/firewall/tasks/main.yml
+++ b/tsg-9140-scripts/roles/firewall/tasks/main.yml
@@ -33,15 +33,15 @@
 
 - name: "Template the tsgconf/main.conf"
   template:
-    src: "{{ role_path }}/templates/main.conf.j2"
-    dest: /home/mesasoft/sapp_run/tsgconf/main.conf
+    src: "{{ role_path }}/templates/main.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/firewall/templates/main.conf.j2
   tags: template
 
 
 - name: "Template the tsgconf/maat.conf"
   template:
-    src: "{{ role_path }}/templates/maat.conf.j2"
-    dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
+    src: "{{ role_path }}/templates/maat.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/firewall/templates/maat.conf.j2
   tags: template
 
 - name: "Template the conf/capture_packet_plug.conf.j2"
diff --git a/tsg-9140-scripts/roles/firewall/templates/maat.conf.j2 b/tsg-9140-scripts/roles/firewall/templates/maat.conf.j2.j2
similarity index 100%
rename from tsg-9140-scripts/roles/firewall/templates/maat.conf.j2
rename to tsg-9140-scripts/roles/firewall/templates/maat.conf.j2.j2
diff --git a/tsg-9140-scripts/roles/firewall/templates/main.conf.j2 b/tsg-9140-scripts/roles/firewall/templates/main.conf.j2.j2
similarity index 100%
rename from tsg-9140-scripts/roles/firewall/templates/main.conf.j2
rename to tsg-9140-scripts/roles/firewall/templates/main.conf.j2.j2
diff --git a/tsg-9140-scripts/roles/sapp/tasks/main.yml b/tsg-9140-scripts/roles/sapp/tasks/main.yml
index 474d10dc..c2f4b696 100644
--- a/tsg-9140-scripts/roles/sapp/tasks/main.yml
+++ b/tsg-9140-scripts/roles/sapp/tasks/main.yml
@@ -30,8 +30,8 @@
 
 - name: Template the sapp.toml
   template:
-    src: "{{ role_path }}/templates/sapp.toml.j2"
-    dest: /home/mesasoft/sapp_run/etc/sapp.toml
+    src: "{{ role_path }}/templates/sapp.toml.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/sapp/templates/sapp.toml.j2
   tags: template
 
 - name: Template the project_list.conf
diff --git a/tsg-9140-scripts/roles/sapp/templates/sapp.toml.j2 b/tsg-9140-scripts/roles/sapp/templates/sapp.toml.j2.j2
similarity index 100%
rename from tsg-9140-scripts/roles/sapp/templates/sapp.toml.j2
rename to tsg-9140-scripts/roles/sapp/templates/sapp.toml.j2.j2
diff --git a/tsg-9140-scripts/roles/telegraf_statistic/tasks/main.yml b/tsg-9140-scripts/roles/telegraf_statistic/tasks/main.yml
index 7a2dc2d0..05df5fee 100644
--- a/tsg-9140-scripts/roles/telegraf_statistic/tasks/main.yml
+++ b/tsg-9140-scripts/roles/telegraf_statistic/tasks/main.yml
@@ -11,8 +11,8 @@
 
 - name: "Templates telegraf.conf"
   template:
-    src: "{{role_path}}/templates/telegraf_statistic.conf.j2"
-    dest: /etc/telegraf/telegraf_statistic.conf
+    src: "{{role_path}}/templates/telegraf_statistic.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
   tags: template
 
 - name: "copy telegraf_statistic.service to destination server"
@@ -20,5 +20,3 @@
     src: "{{ role_path }}/files/telegraf_statistic.service"
     dest: /usr/lib/systemd/system
     mode: 0644
-
-
diff --git a/tsg-9140-scripts/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 b/tsg-9140-scripts/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2.j2
old mode 100755
new mode 100644
similarity index 100%
rename from tsg-9140-scripts/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
rename to tsg-9140-scripts/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2.j2
diff --git a/tsg-9140-scripts/roles/tfe/tasks/main.yml b/tsg-9140-scripts/roles/tfe/tasks/main.yml
index d1c9e0af..bf727c76 100644
--- a/tsg-9140-scripts/roles/tfe/tasks/main.yml
+++ b/tsg-9140-scripts/roles/tfe/tasks/main.yml
@@ -29,8 +29,8 @@
 
 - name: "template the tfe.conf"
   template:
-    src: "{{ role_path }}/templates/tfe.conf.j2"
-    dest: /opt/tsg/tfe/conf/tfe/tfe.conf
+    src: "{{ role_path }}/templates/tfe.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/tfe/templates/tfe.conf.j2
 
 - name: "template the zlog.conf"
   template:
@@ -44,8 +44,8 @@
 
 - name: "template the pangu_pxy.conf"
   template:
-    src: "{{ role_path }}/templates/pangu_pxy.conf.j2"
-    dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
+    src: "{{ role_path }}/templates/pangu_pxy.conf.j2.j2"
+    dest: /opt/tsg/init_runtime/roles/tfe/templates/pangu_pxy.conf.j2
 
 - name: "create conf/doh/"
   file:
diff --git a/tsg-9140-scripts/roles/tfe/templates/pangu_pxy.conf.j2 b/tsg-9140-scripts/roles/tfe/templates/pangu_pxy.conf.j2.j2
similarity index 100%
rename from tsg-9140-scripts/roles/tfe/templates/pangu_pxy.conf.j2
rename to tsg-9140-scripts/roles/tfe/templates/pangu_pxy.conf.j2.j2
diff --git a/tsg-9140-scripts/roles/tfe/templates/tfe.conf.j2 b/tsg-9140-scripts/roles/tfe/templates/tfe.conf.j2.j2
similarity index 100%
rename from tsg-9140-scripts/roles/tfe/templates/tfe.conf.j2
rename to tsg-9140-scripts/roles/tfe/templates/tfe.conf.j2.j2