feature:1.TSG-14343:支持渲染shaping_engine配置2.TSG-14471:新增渲染shaping SID配置项

2023-03-28 15:19:00 +08:00
parent 404f581999
commit 605b62e5ea
19 changed files with 258 additions and 63 deletions
--- a/ansible/HAL_deploy.yml
+++ b/ansible/HAL_deploy.yml
@@ -190,7 +190,6 @@
    - {role: mrzcpd, tags: mrzcpd}
    - {role: sapp, tags: sapp}
    - {role: tsg_master, tags: tsg_master}
-    - {role: shaping_master, tags: shaping_master}
    - {role: kni, tags: kni}
    - {role: firewall, tags: firewall}
    - {role: tsg_app, tags: tsg_app}
@@ -253,6 +252,16 @@
    - {role: framework, tags: framework}
    - {role: bfdd, tags: bfdd}

+- hosts: TSG-X-NXR620G40-R01-P0906-shaping-engine
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
+    - install_config/group_vars/rpm_version.yml
+  roles:
+    - {role: container-tools-install, tags: container-tools-install}
+    - {role: framework, tags: framework}
+    - {role: shaping_engine, tags: shaping_engine}
+
 - hosts: server
  remote_user: root
  vars_files:
--- a/ansible/install_config/group_vars/rpm_version.yml
+++ b/ansible/install_config/group_vars/rpm_version.yml
@@ -105,3 +105,7 @@ sce_rpm_version:

 bfdd_rpm_version:
  bfdd: bfdd-1.0.2-release
+
+
+shaping_engine_rpm_version:
+  shaping_engine: #TODO
--- a/ansible/roles/firewall/templates/main.conf.j2.j2
+++ b/ansible/roles/firewall/templates/main.conf.j2.j2
@@ -60,6 +60,8 @@ DEVICE_SEQ_IN_DATA_CENTER={{ session_id_generator.snowflake_worker_id_offset }}
 {% endif %}
 {% endraw %}
 FEATURE_TAMPER=1
+{% raw %}SHAPING_SID={{ sid.shaping }}
+{% endraw %}

 [TSG_CONN_SKETCH]
 tcp_min_pkts=3
--- a/ansible/roles/shaping_engine/tasks/main.yml
+++ b/ansible/roles/shaping_engine/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: "download rpm packages: shaping_engine"
+  yum:
+    name:
+      - "{{ shaping_engine_rpm_version.shaping_engine }}"
+    conf_file: "{{ rpm_repo_config_path }}"
+    state: present
+    download_only: yes
+    download_dir: "{{ path_download }}"
+
+- name: "Get shaping_engine rpm path"
+  find:
+    path: /tmp/rpm_download/
+    pattern: "{{ shaping_engine_rpm_version.shaping_engine }}*"
+  register: shaping_engine_rpm_fullname
+
+- name: "Install shaping_engine from local path" 
+  yum:
+    name: "{{ shaping_engine_rpm_fullname.files[0].path }}" 
+    state: present
+    disable_gpg_check: yes
--- a/ansible/roles/traffic-engine/files/helm/conf/main.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf
@@ -45,6 +45,7 @@ FEATURE_TAMPER=1
 #IDENTIFY_PROTO_NAME="DNS;QUIC;HTTP;MAIL;FTP;SSL;RTP;SIP;SSH;RADIUS;SOCKS;STRATUM;RDP;BGP;DTLS;GTPC;"
 IDENTIFY_PROTO_NAME="{{- include "traffic-engine.config.identify-proto-name" . }}"
 SERVICE_CHAINING_SID={{ .Values.sid.sce }}
+SHAPING_SID={{ .Values.sid.shaping }}

 [TSG_CONN_SKETCH]
 tcp_min_pkts=3
@@ -146,25 +147,3 @@ SIGNALING_ORIGIN="REDIS"

 HOS_IP="{{- include "traffic-engine.config.hos-address" . }}"
 HOS_PORT={{- include "traffic-engine.config.hos-port" . }}
-
-{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }}
-[SHAPING]
-SWARMKV_CLUSTER_NAME="tsg-shaping-vsys{{ .Values.vsys_id }}"
-SWARMKV_NODE_IP="0.0.0.0"
-SWARMKV_NODE_PORT=8551
-SWARMKV_CONSUL_IP="NODE_IP_LOCATION"
-SWARMKV_CONSUL_PORT=8500
-
-SWARMKV_CLUSTER_ANNOUNCE_IP="NODE_IP_LOCATION"
-SWARMKV_CLUSTER_ANNOUNCE_PORT=CLUSTER_ANNOUNCE_PORT_LOCATION
-
-SWARMKV_HEALTH_CHECK_PORT=8552
-SWARMKV_HEALTH_CHECK_ANNOUNCE_PORT=HEALTH_CHECK_ANNOUNCE_PORT_LOCATION
-
-TELEGRAF_IP="127.0.0.1"
-TELEGRAF_PORT=8200
-SESSION_QUEUE_LEN_MAX=128
-PRIORITY_QUEUE_LEN_MAX=1024
-#POLLING_NODE_NUM_MAX=[ 3, 2, 2, 1, 1, 1, 1, 1, 1, 1 ]
-POLLING_NODE_NUM_MAX={"polling_node_num_max":[ 3, 2, 2, 1, 1, 1, 1, 1, 1, 1 ]}
-{{- end }}
--- a/ansible/roles/traffic-engine/files/helm/conf/shaping.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/shaping.conf
@@ -0,0 +1,42 @@
+[SYSTEM]
+WORK_THREAD_NUM={{- include "traffic-engine.shaping.workerthread" . }}
+ENABLE_CPU_AFFINITY=1
+CPU_AFFINITY_MASK={{- include "traffic-engine.shaping.cpu-affinity" . }}
+firewall_sids={{ .Values.sid.firewall }}
+
+[MARSIO]
+DEV_INTERFACE="{{ .Values.shaping_config.shaping_nic }}"
+RX_BRUST_MAX=1
+APP_SYMBOL="shaping_{{ .Release.Name }}"
+
+[MAAT]
+INPUT_MODE=1
+TABLE_INFO="conf/table_info.conf"
+JSON_FILE="conf/shaping_maat.json"
+REDIS_DB_IDX={{ .Values.vsys_id }}
+REDIS_IP="{{ .Values.external_resources.cm.address }}"
+REDIS_PORT="{{ .Values.external_resources.cm.port }}"
+
+
+[SWARMKV]
+SWARMKV_CLUSTER_NAME="tsg-shaping-vsys{{ .Values.vsys_id }}"
+SWARMKV_NODE_IP="0.0.0.0"
+SWARMKV_NODE_PORT=8551
+SWARMKV_CONSUL_IP="NODE_IP_LOCATION"
+SWARMKV_CONSUL_PORT=8500
+SWARMKV_CLUSTER_ANNOUNCE_IP="NODE_IP_LOCATION"
+SWARMKV_CLUSTER_ANNOUNCE_PORT=CLUSTER_ANNOUNCE_PORT_LOCATION
+SWARMKV_HEALTH_CHECK_PORT=8552
+SWARMKV_HEALTH_CHECK_ANNOUNCE_PORT=HEALTH_CHECK_ANNOUNCE_PORT_LOCATION
+
+[METRIC]
+FIELDSTAT_OUTPUT_INTERVAL_MS=500
+LINE_PROTOCOL_SERVER_IP="127.0.0.1"
+LINE_PROTOCOL_SERVER_PORT=8200
+
+[CONFIG]
+#PROFILE_QUEUE_LEN_PER_PRIORITY_MAX=128
+SESSION_QUEUE_LEN_MAX=128
+QUEUEING_SESSIONS_PER_PRIORITY_PER_THREAD_MAX=1024
+POLLING_NODE_NUM_MAX={"polling_node_num_max":[ 3, 2, 2, 1, 1, 1, 1, 1, 1, 1 ]}
+
--- a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
+++ b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
@@ -43,13 +43,12 @@ enable_breakpad_upload=0
 {{- end -}}

 {{- define "traffic-engine.sce.workerthread" -}}
-{{- if eq (len .Values.sce_config.affinity) 1 }}
-{{- 1 }}
-{{- else }}
-{{- sub (len .Values.sce_config.affinity) 1 }}
-{{- end }}
+{{- len .Values.sce_affinity }}
 {{- end -}}

+{{- define "traffic-engine.shaping.workerthread" -}}
+{{- len .Values.shaping_affinity }}
+{{- end -}}

 {{- define "traffic-engine.tfe.cpu-affinity" -}}
 {{- if eq (len .Values.tfe_affinity) 1 }}
@@ -60,13 +59,12 @@ enable_breakpad_upload=0
 {{- end -}}

 {{- define "traffic-engine.sce.cpu-affinity" -}}
-{{- if eq (len .Values.sce_config.affinity) 1 }}
-{{- print (index .Values.sce_config.affinity 0) }}
-{{- else }}
-{{- join "," .Values.sce_config.affinity }}
-{{- end }}
+{{- join "," .Values.sce_affinity }}
 {{- end -}}

+{{- define "traffic-engine.shaping.cpu-affinity" -}}
+{{- join "," .Values.shaping_affinity }}
+{{- end -}}

 {{- define "traffic-engine.device-tag-list" -}}
 {{- $tags_list := list -}}
@@ -153,28 +151,6 @@ enable_breakpad_upload=0
            cp /opt/tsg/config/necessary_plug_list.conf  /opt/tsg/sapp/etc/necessary_plug_list.conf
 {{- end -}}

-{{- define "traffic-engine.firewall.get-service-node-port" -}}
-            export APISERVER=https://kubernetes.default.svc
-            export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
-            export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
-            export TOKEN=$(cat ${SERVICEACCOUNT}/token)
-            export CACERT=${SERVICEACCOUNT}/ca.crt
-            curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${SERVICENAME} -o /tmp/service.txt
-            export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="shaping-cluster-announce-port") | .nodePort')
-            export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="shaping-healthcheck-announce-port") | .nodePort')
-            echo "export CLUSTER_ANNOUNCE_PORT=${CLUSTER_ANNOUNCE_PORT}" > /etc/profile.d/announceinfo.sh
-            echo "export HEALTH_CHECK_ANNOUNCE_PORT=${HEALTH_CHECK_ANNOUNCE_PORT}" >> /etc/profile.d/announceinfo.sh
-            chmod 0755 /etc/profile.d/announceinfo.sh
-{{- end -}}
-
-
-{{- define "traffic-engine.firewall.set-shaping-config" -}}
-            sed -Ei "s|NODE_IP_LOCATION|${NODE_IP?}|g" /opt/tsg/sapp/tsgconf/main.conf
-            sed -Ei "s|CLUSTER_ANNOUNCE_PORT_LOCATION|${CLUSTER_ANNOUNCE_PORT?}|g" /opt/tsg/sapp/tsgconf/main.conf
-            sed -Ei "s|HEALTH_CHECK_ANNOUNCE_PORT_LOCATION|${HEALTH_CHECK_ANNOUNCE_PORT?}|g" /opt/tsg/sapp/tsgconf/main.conf
-{{- end -}}
-
-
 {{- define "traffic-engine.firewall.prestart" -}}
            if [ -f "/etc/traffic-engine/hotfix/firewall/scripts/prestart.sh" ]; then chmod 0755 /etc/traffic-engine/hotfix/firewall/scripts/prestart.sh; /etc/traffic-engine/hotfix/firewall/scripts/prestart.sh;fi
 {{- end -}}
@@ -256,3 +232,33 @@ enable_breakpad_upload=0
 /usr/sbin/ip addr del fd00::02/64 dev tap0
 /usr/sbin/ip link set tap0 down
 */}}
+
+
+{{- define "traffic-engine.shaping.copy-config-to-dest" -}}
+            cp /opt/tsg/config/shaping.conf  /opt/tsg/shaping_engine/conf
+            cp /opt/tsg/config/tsg_device_tag.json  /opt/tsg/etc/tsg_device_tag.json
+{{- end -}}
+
+{{- define "traffic-engine.shaping.prestart" -}}
+            if [ -f "/etc/traffic-engine/hotfix/shaping/scripts/prestart.sh" ]; then chmod 0755 /etc/traffic-engine/hotfix/shaping/scripts/prestart.sh; /etc/traffic-engine/hotfix/shaping/scripts/prestart.sh;fi
+{{- end -}}
+
+{{- define "traffic-engine.shaping.get-service-node-port" -}}
+            export APISERVER=https://kubernetes.default.svc
+            export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
+            export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
+            export TOKEN=$(cat ${SERVICEACCOUNT}/token)
+            export CACERT=${SERVICEACCOUNT}/ca.crt
+            curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${SERVICENAME} -o /tmp/service.txt
+            export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="shaping-cluster-announce-port") | .nodePort')
+            export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="shaping-healthcheck-announce-port") | .nodePort')
+            echo "export CLUSTER_ANNOUNCE_PORT=${CLUSTER_ANNOUNCE_PORT}" > /etc/profile.d/announceinfo.sh
+            echo "export HEALTH_CHECK_ANNOUNCE_PORT=${HEALTH_CHECK_ANNOUNCE_PORT}" >> /etc/profile.d/announceinfo.sh
+            chmod 0755 /etc/profile.d/announceinfo.sh
+{{- end -}}
+
+{{- define "traffic-engine.shaping.set-shaping-config" -}}
+            sed -Ei "s|NODE_IP_LOCATION|${NODE_IP?}|g" /opt/tsg/shaping_engine/conf/shaping.conf 
+            sed -Ei "s|CLUSTER_ANNOUNCE_PORT_LOCATION|${CLUSTER_ANNOUNCE_PORT?}|g" /opt/tsg/shaping_engine/conf/shaping.conf
+            sed -Ei "s|HEALTH_CHECK_ANNOUNCE_PORT_LOCATION|${HEALTH_CHECK_ANNOUNCE_PORT?}|g" /opt/tsg/shaping_engine/conf/shaping.conf
+{{- end -}}
--- a/ansible/roles/traffic-engine/files/helm/templates/shaping.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/shaping.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: shaping-{{ .Release.Name }}
+  namespace: default
+data:
+  shaping.conf: {{ tpl (.Files.Get "conf/shaping.conf") . | quote }}
--- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
@@ -41,14 +41,10 @@ spec:
          - "-ec"
          - |
            {{ template "traffic-engine.firewall.copy-config-to-dest" }}
-            {{ template "traffic-engine.firewall.get-service-node-port" }}
-            {{ template "traffic-engine.firewall.set-shaping-config" }}
            {{ template "traffic-engine.firewall.prestart" }}
            exec /opt/tsg/sapp/sapp
        ports:
          - containerPort: 9273
-          - containerPort: 8551
-          - containerPort: 8552
        env:
        - name: MRZCPD_CTRLMSG_LISTEN_ADDR
          valueFrom:
@@ -58,8 +54,6 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
-        - name: SERVICENAME
-          value: shaping-announce-port-{{ .Release.Name }}
        - name: NODE_IP
          valueFrom:
            fieldRef:
@@ -219,6 +213,69 @@ spec:
          readOnly: true

 {{- if eq .Values.shaping.enable .Values.define_enable_val_yes }}
+      - name: shaping
+        image: "docker.io/library/tsg-shaping:{{ .Chart.AppVersion }}"
+        imagePullPolicy: Never
+        workingDir: /opt/tsg/shaping_engine
+        command:
+          - "bash"
+          - "-ec"
+          - |
+            {{ template "traffic-engine.shaping.copy-config-to-dest" }}
+            {{ template "traffic-engine.shaping.get-service-node-port" }}
+            {{ template "traffic-engine.shaping.set-shaping-config" }}
+            {{ template "traffic-engine.shaping.prestart" }}
+            exec /opt/tsg/shaping_engine/bin/shaping_engine
+        ports:
+          - containerPort: 8551
+          - containerPort: 8552
+        env:
+        - name: SERVICENAME
+          value: shaping-announce-port-{{ .Release.Name }}
+        - name: NODE_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.hostIP
+        livenessProbe:
+          tcpSocket:
+            port: 8551
+          failureThreshold: 1
+          timeoutSeconds: 10
+        startupProbe:
+          tcpSocket:
+            port: 8551
+          failureThreshold: 30
+          periodSeconds: 10
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: opt-tsg-mrzcpd
+          mountPath: /opt/tsg/mrzcpd
+          readOnly: false
+        - name: var-run-mrzcpd
+          mountPath: /var/run/mrzcpd
+          readOnly: false
+        - name: var-run-dpdk
+          mountPath: /var/run/dpdk
+          readOnly: false
+        - name: root-sys
+          mountPath: /root/sys
+          readOnly: false
+        - name: shaping
+          mountPath: "/opt/tsg/config"
+        - name: config-volume
+          mountPath: "/opt/tsg/etc/tsg_sn.json"
+          subPath: "opt/tsg/etc/tsg_sn.json"
+        - name: shaping-minidump
+          mountPath: /run/shaping/crashreport
+        - name: shaping-log
+          mountPath: /opt/tsg/shaping/log
+        - name: localtime-node
+          mountPath: /etc/localtime
+          readOnly: true
+        - name: hotfix-shaping
+          mountPath: /etc/traffic-engine/hotfix/shaping
+
      - name: telegraf-shaping
        image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
        imagePullPolicy: Never
@@ -264,7 +321,7 @@ spec:
        - name: certstore-minidump
          mountPath: /run/certstore/crashreport

-{{- if and (eq .Values.sce.enable .Values.define_enable_val_yes) (.Values.sce_config.endpoint_nic) }}
+{{- if and (eq .Values.service_chaining.enable .Values.define_enable_val_yes) (.Values.sce_config.endpoint_nic) }}
      - name: telegraf-sce
        image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
        imagePullPolicy: Never
@@ -439,6 +496,9 @@ spec:
      - name: sce
        configMap:
          name: sce-{{ .Release.Name }}
+      - name: shaping
+        configMap:
+          name: shaping-{{ .Release.Name }}
      - name: config-volume
        emptyDir: {}
      - name: firewall-minidump
@@ -456,6 +516,9 @@ spec:
      - name: certstore-minidump
        hostPath:
          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-certstore:{{ .Chart.AppVersion }}/
+      - name: shaping-minidump
+        hostPath:
+          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-shaping:{{ .Chart.AppVersion }}/
      - name: firewall-log
        hostPath: 
          path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sapp/
@@ -471,6 +534,9 @@ spec:
      - name: certstore-log
        hostPath:
          path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/certstore/
+      - name: shaping-log
+        hostPath:
+          path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/shaping/
      - name: localtime-node
        hostPath:
          path: /etc/localtime
@@ -489,5 +555,8 @@ spec:
      - name: hotfix-bfdd
        hostPath:
          path: /etc/traffic-engine/hotfix/bfdd
+      - name: hotfix-shaping
+        hostPath:
+          path: /etc/traffic-engine/hotfix/shaping
      - name: bfdd-unix-socket
        emptyDir: {}
--- a/ansible/roles/traffic-engine/files/helm/values.yaml
+++ b/ansible/roles/traffic-engine/files/helm/values.yaml
@@ -119,6 +119,8 @@ etherfabric_settings:

 sapp_affinity: [5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76]
 tfe_affinity: [77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92]
+sce_affinity: [92]
+shaping_affinity: [93]

 tfe_rps_mask: "00000000"

@@ -176,3 +178,7 @@ sce_config:
 sid:
  firewall: 1
  sce: 2
+  shaping: 1005
+
+shaping_config:
+  shaping_nic: nf_1_shaping_engine
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
@@ -91,3 +91,6 @@ consul_agent:

 shaping:
  enable: 1
+
+sid:
+  shaping: 1000
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01
@@ -89,4 +89,7 @@ consul_agent:
  node_name: ""

 shaping:
-  enable: 1
+  enable: 1
+
+sid:
+  shaping: 1000
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
@@ -99,3 +99,6 @@ consul_agent:

 shaping:
  enable: 1
+
+sid:
+  shaping: 1000
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403
@@ -98,3 +98,6 @@ consul_agent:

 shaping:
  enable: 1
+
+sid:
+  shaping: 1000
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
@@ -118,3 +118,6 @@ consul_agent:

 shaping:
  enable: 1
+
+sid:
+  shaping: 1000
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
@@ -82,3 +82,6 @@ consul_agent:

 shaping:
  enable: 1
+
+sid:
+  shaping: 1000
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804
@@ -97,3 +97,6 @@ consul_agent:

 shaping:
  enable: 1
+
+sid:
+  shaping: 1000
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403
@@ -88,3 +88,6 @@ consul_agent:

 shaping:
  enable: 1
+
+sid:
+  shaping: 1000
--- a/make/Makefile.TSGXNXR620G40R01P0906
+++ b/make/Makefile.TSGXNXR620G40R01P0906
@@ -54,6 +54,11 @@ TARGET_CONTAINER_BFDD_SYSROOT_DIR		:= $(TARGET_BUILD_DIR)/$(CONTAINER_BFDD_NAME)
 CONTAINER_BFDD_PKG						:= tsg-$(CONTAINER_BFDD_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-docker.tar.xz
 CONTAINER_BFDD_TAR						:= tsg-$(CONTAINER_BFDD_NAME)-${OS_RELEASE_VER}-docker.tar

+CONTAINER_SHAPING_NAME					:= shaping
+TARGET_CONTAINER_SHAPING_SYSROOT_DIR	:= $(TARGET_BUILD_DIR)/$(CONTAINER_SHAPING_NAME)-container_sysroot
+CONTAINER_SHAPING_PKG					:= tsg-$(CONTAINER_SHAPING_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-docker.tar.xz
+CONTAINER_SHAPING_TAR					:= tsg-$(CONTAINER_SHAPING_NAME)-${OS_RELEASE_VER}-docker.tar
+
 .PHONY: all builddir installer sysroot-base sysroot-cleanup sysroot-archive sysroot-binary  container-sysroot-base container-sysroot-ansible container-images-generate add-images-into-sysroot container-sysroot-cleanup clean

 all: sysroot-binary
@@ -91,6 +96,7 @@ container-sysroot-base: builddir sysroot-verfile sysroot-ansible
 	rm -rf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)
 	rm -rf $(TARGET_CONTAINER_SCE_SYSROOT_DIR)
 	rm -rf $(TARGET_CONTAINER_BFDD_SYSROOT_DIR)
+	rm -rf $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)

 	mkdir -p $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)
 	mkdir -p $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)
@@ -99,6 +105,7 @@ container-sysroot-base: builddir sysroot-verfile sysroot-ansible
 	mkdir -p $(TARGET_CONTAINER_INIT_SYSROOT_DIR)
 	mkdir -p $(TARGET_CONTAINER_SCE_SYSROOT_DIR)
 	mkdir -p $(TARGET_CONTAINER_BFDD_SYSROOT_DIR)
+	mkdir -p $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)

 	mkdir -p $(TARGET_CONTAINER_IMAGE_DIR)
 	mkdir -p $(TARGET_CONTAINER_IMAGE_TAR_DIR)
@@ -110,6 +117,7 @@ container-sysroot-base: builddir sysroot-verfile sysroot-ansible
 	tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_INIT_SYSROOT_DIR)
 	tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_SCE_SYSROOT_DIR)
 	tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_BFDD_SYSROOT_DIR)
+	tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)
 	#curl -SL https://raw.githubusercontent.com/rocky-linux/sig-cloud-instance-images/Rocky-8.5-x86_64/rocky-8.5-docker-x86_64.tar.xz | tar -Jx  -C $(TARGET_CONTAINER_SYSROOT_DIR)

 sysroot-verfile: sysroot-base
@@ -175,6 +183,13 @@ container-sysroot-ansible: container-sysroot-base
 	$(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_BFDD_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_BFDD_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER)
 	cp $(TARGET_CONTAINER_BFDD_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_BFDD_SYSROOT_DIR)/etc/ -r

+	cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/tmp/ -r
+	cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/etc/ -r
+	cp $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/tmp/ -r
+	cp /etc/hosts $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/etc/ -r
+	$(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_SHAPING_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER)
+	cp $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/etc/ -r
+
 container-sysroot-cleanup:
 	cp $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)
 	rm -rf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/*
@@ -211,6 +226,11 @@ container-sysroot-cleanup:
 	rm -rf $(TARGET_CONTAINER_BFDD_SYSROOT_DIR)/dev/*
 	mv $(TARGET_CONTAINER_BFDD_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_BFDD_SYSROOT_DIR)/tmp

+	cp $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)
+	rm -rf $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/tmp/*
+	rm -rf $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/dev/*
+	mv $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR)/tmp
+
 container-images-generate: container-sysroot-ansible container-sysroot-cleanup
 	tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_PKG) -C $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) .
 	echo -e "FROM scratch\nADD $(CONTAINER_FIREWALL_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE)
@@ -254,6 +274,12 @@ container-images-generate: container-sysroot-ansible container-sysroot-cleanup
 	docker save tsg-$(CONTAINER_BFDD_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_TAR_DIR)/$(CONTAINER_BFDD_TAR)
 	docker rmi tsg-$(CONTAINER_BFDD_NAME):$(OS_RELEASE_VER)

+	tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_SHAPING_PKG) -C $(TARGET_CONTAINER_SHAPING_SYSROOT_DIR) .
+	echo -e "FROM scratch\nADD $(CONTAINER_SHAPING_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE)
+	docker build -t tsg-$(CONTAINER_SHAPING_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR)
+	docker save tsg-$(CONTAINER_SHAPING_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_TAR_DIR)/$(CONTAINER_SHAPING_TAR)
+	docker rmi tsg-$(CONTAINER_SHAPING_NAME):$(OS_RELEASE_VER)
+
 sysroot-cleanup:
 	rm -rf $(TARGET_SYSROOT_DIR)/tmp/*
 	rm -rf $(TARGET_SYSROOT_DIR)/dev/*