gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🦄 refactor: delete ansible role of packet-io-engine,trex,nic-uio-binder,log-collector,inject-adapter and dp-trace.

Browse Source
This commit is contained in:
linxin
2024-10-24 11:46:53 +08:00
committed by fumingwei
parent 1bf26bd68d
commit 6e9097ef4b
56 changed files with 1 additions and 3291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
ansible/HAL_deploy.yml
View File

@@ -88,24 +88,6 @@
- {role: framework, tags: framework}
- {role: shaping_engine, tags: shaping_engine}
- hosts: x86_64_COTS-inject
remote_user: root
vars_files:
- install_config/group_vars/HAL_x86_64_COTS.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: framework, tags: framework}
- {role: packet_adapter, tags: packet_adapter}
- hosts: x86_64_COTS-packet-io-engine
remote_user: root
vars_files:
- install_config/group_vars/HAL_x86_64_COTS.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: framework, tags: framework}
- {role: mrzcpd, tags: mrzcpd}
- {role: confd, tags: confd}
- hosts: x86_64_COTS-base
remote_user: root
@@ -113,40 +95,4 @@
- install_config/group_vars/HAL_x86_64_COTS.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: container-tools-install, tags: container-tools-install}
- hosts: x86_64_COTS-nic-uio-binder
remote_user: root
vars_files:
- install_config/group_vars/HAL_x86_64_COTS.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: framework, tags: framework}
- {role: nic-uio-binder, tags: nic-uio-binder}
- hosts: x86_64_COTS-dp-trace-telemetry
remote_user: root
vars_files:
- install_config/group_vars/HAL_x86_64_COTS.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: framework, tags: framework}
- {role: dp-trace-telemetry, tags: dp-trace-telemetry}
- hosts: x86_64_COTS-trex
remote_user: root
vars_files:
- install_config/group_vars/HAL_x86_64_COTS.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: framework, tags: framework}
- {role: trex, tags: trex}
- hosts: x86_64_COTS-log-collector
remote_user: root
vars_files:
- install_config/group_vars/HAL_x86_64_COTS.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: framework, tags: framework}
- {role: log-collector, tags: log-collector}
- {role: container-tools-install, tags: container-tools-install}

BIN
ansible/roles/confd/files/confd
View File

Binary file not shown.

10
ansible/roles/confd/files/packet-io-conf.toml
View File

@@ -1,10 +0,0 @@
[template]
src = "packet-io.conf.tmpl"
dest = "/opt/tsg/config/shared/mrglobal.dynamic.conf"
keys = [
"/obp_devices/",
"/cycle/",
"/ruleset",
"/datapath_trace"
]
reload_cmd = "pkill -1 mrzcpd"

122
ansible/roles/confd/files/packet-io.conf.tmpl
View File

@@ -1,122 +0,0 @@
{{range $key, $dir := lsdir "/obp_devices"}}{{$name_dir := printf "/obp_devices/%s/name" $dir}}{{$type_dir := printf "/obp_devices/%s/type" $dir}}{{$connect_dir := printf "/obp_devices/%s/connect" $dir}}{{$address_dir := printf "/obp_devices/%s/address" $dir}}{{$port_dir := printf "/obp_devices/%s/port" $dir}}{{$segment_dir := printf "/obp_devices/%s/segment" $dir}}[olp_device:{{$key}}]
name = {{getv $name_dir}}
type = {{getv $type_dir}}
connect = {{getv $connect_dir}}
in_addr = {{getv $address_dir}}
port = {{getv $port_dir}}
{{$num := ""}}
{{range $segkey, $segdir := lsdir $segment_dir}}{{$index:=len $num}}{{$id_dir := printf "/obp_devices/%s/segment/%d/id" $dir $index}}{{$workline_dir := printf "/obp_devices/%s/segment/%d/workline" $dir $index}}{{$heartbeat_modeline_dir := printf "/obp_devices/%s/segment/%d/heartbeat_mode" $dir $index}}{{$hb_send_interval_in_ms_dir := printf "/obp_devices/%s/segment/%d/hb_send_interval_in_ms" $dir $index}}{{$hb_timeout_interval_in_ms_dir := printf "/obp_devices/%s/segment/%d/hb_timeout_interval_in_ms" $dir $index}}{{$hb_lost_threshold_dir := printf "/obp_devices/%s/segment/%d/hb_lost_threshold" $dir $index}}{{$nonrevertive_mode_dir := printf "/obp_devices/%s/segment/%d/nonrevertive_mode" $dir $index}}{{$num = printf "%s1" $num}}
[{{getv $name_dir}}:{{getv $id_dir}}]
state = {{getv $workline_dir}}
heartbeat = {{getv $heartbeat_modeline_dir}}
heartbeat_send_interval_in_ms= {{getv $hb_send_interval_in_ms_dir}}
heartbeat_timeout_interval_in_ms= {{getv $hb_timeout_interval_in_ms_dir}}
heartbeat_lost_threshold = {{getv $hb_lost_threshold_dir}}
nonrevertive_mode = {{getv $nonrevertive_mode_dir}}
{{end}}
{{end}}
{{- $sid_step := 4 -}}
{{- $rule_num := 0 }}
{{ range $key, $dir := lsdir "/ruleset"}}
{{- $SrcIpV4_dir := printf "/ruleset/%s/SrcIpV4" $dir}}
{{- $SrcIpMaskV4_dir := printf "/ruleset/%s/SrcIpMask" $dir}}
{{- $DstIpV4_dir := printf "/ruleset/%s/DstIpV4" $dir}}
{{- $DstIpMaskV4_dir := printf "/ruleset/%s/DstIpMask" $dir}}
{{- $SrcIpV6_dir := printf "/ruleset/%s/SrcIpV6" $dir}}
{{- $SrcIpMaskV6_dir := printf "/ruleset/%s/SrcIpMask" $dir}}
{{- $DstIpV6_dir := printf "/ruleset/%s/DstIpV6" $dir}}
{{- $DstIpMaskV6_dir := printf "/ruleset/%s/DstIpMask" $dir}}
{{- $RuleId_dir := printf "/ruleset/%s/RuleId" $dir}}
{{- $SrcPortLow_dir := printf "/ruleset/%s/SrcPortLow" $dir}}
{{- $SrcPortHigh_dir := printf "/ruleset/%s/SrcPortHigh" $dir}}
{{- $DstPortLow_dir := printf "/ruleset/%s/DstPortLow" $dir}}
{{- $DstPortHigh_dir := printf "/ruleset/%s/DstPortHigh" $dir}}
{{- $Proto_dir := printf "/ruleset/%s/Proto" $dir}}
{{- $Priority_dir := printf "/ruleset/%s/Priority" $dir}}
{{- $Sid_dir := printf "/ruleset/%s/Sid" $dir}}
{{- $VwireId_dir := printf "/ruleset/%s/VwireId" $dir}}
{{- $EfId_dir := printf "/ruleset/%s/EfId" $dir}}
{{- $TeraId_dir := printf "/ruleset/%s/TeraId" $dir}}
[classifier_rule:{{ $rule_num }}]
{{- if exists $RuleId_dir }}
rule_id={{getv $RuleId_dir}}
{{- end }}
ruleset_type=0
{{- if exists $SrcIpV4_dir }}
src_ip_addr_v4={{getv $SrcIpV4_dir}}
{{- if exists $SrcIpMaskV4_dir }}
src_ip_mask_v4={{getv $SrcIpMaskV4_dir}}
{{- end -}}
{{- end -}}
{{- if exists $DstIpV4_dir }}
dst_ip_addr_v4={{getv $DstIpV4_dir}}
{{- if exists $DstIpMaskV4_dir }}
dst_ip_mask_v4={{getv $DstIpMaskV4_dir}}
{{- end -}}
{{- end -}}
{{- if exists $SrcIpV6_dir }}
src_ip_addr_v6={{getv $SrcIpV6_dir}}
{{- if exists $SrcIpMaskV6_dir }}
src_ip_mask_v6={{getv $SrcIpMaskV6_dir}}
{{- end -}}
{{- end -}}
{{- if exists $DstIpV6_dir }}
dst_ip_addr_v6={{getv $DstIpV6_dir}}
{{- if exists $DstIpMaskV6_dir }}
dst_ip_mask_v6={{getv $DstIpMaskV6_dir}}
{{- end -}}
{{- end -}}
{{- if exists $SrcPortLow_dir }}
src_port_start={{getv $SrcPortLow_dir}}
{{- end -}}
{{- if exists $SrcPortHigh_dir }}
src_port_end={{getv $SrcPortHigh_dir}}
{{- end -}}
{{- if exists $DstPortLow_dir }}
dst_port_start={{getv $DstPortLow_dir}}
{{- end -}}
{{- if exists $DstPortHigh_dir }}
dst_port_end={{getv $DstPortHigh_dir}}
{{- end -}}
{{- if exists $Proto_dir }}
proto={{getv $Proto_dir}}
{{- end -}}
{{- if exists $Priority_dir }}
priority={{getv $Priority_dir}}
{{- end -}}
{{- if exists $Sid_dir }}
sid={{getv $Sid_dir}}
{{- end -}}
{{- if exists $VwireId_dir }}
vwire_id={{getv $VwireId_dir}}
{{- end -}}
{{- if exists $EfId_dir }}
ef_adapter_id={{getv $EfId_dir}}
{{- end -}}
{{- if exists $TeraId_dir }}
tera_adapter_id={{getv $TeraId_dir}}
{{- end }}
action=2
{{- $rule_num = add $rule_num 1 }}
{{end}}
[dp_trace_rule]

47
ansible/roles/confd/tasks/main.yml
View File

@@ -1,47 +0,0 @@
- name: "Create /opt/confd/bin directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /opt/confd/bin
when: runtime_env == 'TSG-X-P0906'
- name: "Create /etc/confd/conf.d directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /etc/confd/conf.d
when: runtime_env == 'TSG-X-P0906'
- name: "Create /etc/confd/templates directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /etc/confd/templates
when: runtime_env == 'TSG-X-P0906'
- name: "copy confd to dest"
copy:
src: "{{ role_path }}/files/confd"
dest: /opt/confd/bin/confd
mode: 0755
when: runtime_env == 'TSG-X-P0906'
- name: "copy packet-io-conf.toml to dest"
copy:
src: "{{ role_path }}/files/packet-io-conf.toml"
dest: /etc/confd/conf.d/packet-io-conf.toml
mode: 0755
when: runtime_env == 'TSG-X-P0906'
- name: "copy packet-io.conf.tmpl to dest"
copy:
src: "{{ role_path }}/files/packet-io.conf.tmpl"
dest: /etc/confd/templates/packet-io.conf.tmpl
mode: 0755
when: runtime_env == 'TSG-X-P0906'

23
ansible/roles/dp-trace-telemetry/files/helm/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
ansible/roles/dp-trace-telemetry/files/helm/Chart.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v2
appVersion: 1.16.0
description: A Helm chart for Kubernetes
name: datapath-trace
type: application
version: 0.1.0

41
ansible/roles/dp-trace-telemetry/files/helm/templates/_config.tpl
View File

@@ -1,41 +0,0 @@
{{- define "dp_trace_telemetry.start" -}}
{{- if eq .Values.datapath_trace.debug.enable_interactive_startup .Values.define_enable_val_yes -}}
while true; do sleep 10;done
{{- else -}}
exec /opt/tsg/dp_trace_telemetry/bin/dp_trace_telemetry -c /opt/tsg/dp_trace_telemetry/etc/dp_trace.conf -d /opt/tsg/dp_trace_telemetry/etc/dp_trace_dy.conf
{{- end }}
{{- end -}}
{{- define "dp_trace_telemetry.volume.prestart" -}}
{{- if eq .Values.datapath_trace.debug.enable_prestart_script .Values.define_enable_val_yes }}
- name: dp_trace_telemetry-prestart
hostPath:
{{- if .Values.datapath_trace.debug.prestart_script }}
path: {{ .Values.dp_trace_telemetry.debug.prestart_script }}
{{- else }}
path: /etc/tsg-os/{{ .Release.Name }}/dp_trace_telemetry_prestart_script.sh
{{- end }}
type: FileOrCreate
{{- end }}
{{- end -}}
{{- define "dp_trace_telemetry.mount.prestart" -}}
{{- if eq .Values.datapath_trace.debug.enable_prestart_script .Values.define_enable_val_yes }}
- name: prestart-dir
mountPath: /tmp/prestart
- name: dp_trace_telemetry-prestart
mountPath: /opt/tsg/scripts/prestart.sh
{{- end }}
{{- end -}}
{{- define "dp_trace_telemetry.prestart" -}}
{{- if eq .Values.datapath_trace.debug.enable_prestart_script .Values.define_enable_val_yes }}
echo WARNING: PRESTART.sh is enable, the commands in PRESTART.sh is:
cat /opt/tsg/scripts/prestart.sh
chmod 0755 /opt/tsg/scripts/prestart.sh
source /opt/tsg/scripts/prestart.sh
echo PRESTART.sh has been exec......
{{- end }}
{{- end -}}

10
ansible/roles/dp-trace-telemetry/files/helm/templates/clusterrole.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
serviceFunction: {{ .Release.Name }}
name: {{ .Release.Name }}
rules:
- apiGroups: [""]
resources: ["services", "nodes"]
verbs: ["get", "list", "watch"]

14
ansible/roles/dp-trace-telemetry/files/helm/templates/clusterrolebinding.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
serviceFunction: {{ .Release.Name }}
name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}

216
ansible/roles/dp-trace-telemetry/files/helm/templates/deployment.yaml
View File

@@ -1,216 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: dp-trace-telemetry
labels:
app: dp-trace-telemetry
component: dp-trace-telemetry
annotations:
configmap.reloader.stakater.com/reload: dp-trace-conf
spec:
replicas: 1
selector:
matchLabels:
app: dp-trace-telemetry
strategy:
type: Recreate
template:
metadata:
labels:
app: dp-trace-telemetry
serviceFunction: {{.Release.Name}}
component: dp-trace-telemetry
annotations:
kubectl.kubernetes.io/default-container: dp-trace-telemetry
prometheus.io/port: "9005"
prometheus.io/scrape: "true"
spec:
serviceAccountName: {{ .Release.Name }}
shareProcessNamespace: true
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: inotify-dynamic-conf
image: "registry.gdnt-cloud.website/tsg-dp-trace-telemetry:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
WATCH_DIR="/opt/tsg/dp_trace_telemetry/etc/dynamic"
while inotifywait -r -e modify,create "$WATCH_DIR"; do
echo "send HUB signal to dp_trace"
pkill -1 dp_trace_teleme
echo "signal send"
done
volumeMounts:
- name: dp-trace-dy
mountPath: /opt/tsg/dp_trace_telemetry/etc/dynamic/
- name: dp-trace-telemetry
image: "registry.gdnt-cloud.website/tsg-dp-trace-telemetry:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/dp_trace_telemetry/
command:
- "bash"
- "-ec"
- |
ldconfig
cp /opt/tsg/dp_trace_telemetry/etc/dp_trace_configmap.conf /opt/tsg/dp_trace_telemetry/etc/dp_trace.conf
ln -sf /opt/tsg/dp_trace_telemetry/etc/dynamic/config /opt/tsg/dp_trace_telemetry/etc/dp_trace_dy.conf
{{ template "dp_trace_telemetry.prestart" . }}
{{ template "dp_trace_telemetry.start" . }}
volumeMounts:
- name: dp-telemetry-daemon
mountPath: /var/lib/dp_telemetry_daemon
- name: dp-trace-conf
mountPath: /opt/tsg/dp_trace_telemetry/etc/dp_trace_configmap.conf
subPath: config
- name: dp-trace-dy
mountPath: /opt/tsg/dp_trace_telemetry/etc/dynamic/
- name: journal-volume
mountPath: /run/systemd/journal
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: opt-tsg-mrzcpd
mountPath: /opt/tsg/mrzcpd
mountPropagation: HostToContainer
readOnly: false
- name: var-run-mrzcpd
mountPath: /var/run/mrzcpd
readOnly: false
- name: var-run-dpdk
mountPath: /var/run/dpdk
readOnly: false
- name: profile-mrzcpd
mountPath: /etc/profile.d/mrzcpd.sh
readOnly: true
- name: ldconfig-mrzcpd
mountPath: /etc/ld.so.conf.d/mrzcpd.conf
readOnly: true
{{- if eq .Values.datapath_trace.debug.enable_mount_host_filesystem .Values.define_enable_val_yes }}
- name: host-root
mountPath: /host
{{- end }}
{{- if eq .Values.datapath_trace.debug.enable_prestart_script .Values.define_enable_val_yes }}
- name: prestart-dir
mountPath: /tmp/prestart
- name: dp-trace-prestart
mountPath: /opt/tsg/scripts/prestart.sh
{{- end }}
env:
- name: SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: DEPLOYMENT_NAME
value: dp-trace-telemetry
securityContext:
privileged: true
ports:
- containerPort: 9086
{{- if eq .Values.datapath_trace.debug.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
httpGet:
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 30
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 10
startupProbe:
httpGet:
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 30
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 10
{{- end }}
initContainers:
- name: init-packet-io-engine-ready
image: "registry.gdnt-cloud.website/tsg-init:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
until [ $(curl -s -o /dev/null -w "%{http_code}" http://${NODE_IP}:9086/probe) -eq 200 ]; do echo waiting for packet-io-engine ready; sleep 2; done
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: init-default-svc
image: "registry.gdnt-cloud.website/tsg-init:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
until nslookup kubernetes.default.svc; do echo waiting for kubernetes service; sleep 2; done
volumes:
- name: journal-volume
hostPath:
path: /run/systemd/journal
type: Directory
- name: prestart-dir
hostPath:
path: /etc/tsg-os/{{ .Release.Name }}/
type: DirectoryOrCreate
- name: dp-trace-prestart
hostPath:
{{- if .Values.datapath_trace.debug.prestart_script }}
path: {{ .Values.datapath_trace.debug.prestart_script }}
{{- else }}
path: /etc/tsg-os/{{ .Release.Name }}/dp_trace_prestart_script.sh
{{- end }}
type: FileOrCreate
- name: opt-tsg-mrzcpd
hostPath:
path: /opt/tsg/mrzcpd
- name: var-run-mrzcpd
hostPath:
path: /var/run/mrzcpd
- name: var-run-dpdk
hostPath:
path: /var/run/dpdk
- name: profile-mrzcpd
hostPath:
path: /etc/profile.d/mrzcpd.sh
type: File
- name: ldconfig-mrzcpd
hostPath:
path: /etc/ld.so.conf.d/mrzcpd.conf
type: File
- name: localtime-node
hostPath:
path: /etc/localtime
- name: dp-telemetry-daemon
hostPath:
path: /var/lib/dp_telemetry_daemon
type: DirectoryOrCreate
- name: dp-trace-conf
configMap:
name: dp-trace-conf
items:
- key: config
path: config
- name: dp-trace-dy
configMap:
name: dp-trace-dy
- name: host-root
hostPath:
path: /

99
ansible/roles/dp-trace-telemetry/files/helm/templates/dp-trace.yaml
View File

@@ -1,99 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: dp-trace-conf
data:
config: |
[global]
iocore={{- range $index,$core := .Values.datapath_trace.datapath_trace_affinity }}{{- if ne $index 0 }},{{ end -}}{{ $core }}{{- end }}
zlog_config_path=../etc/dp_trace_zlog.conf
dp_trace_dir=/var/lib/dp_telemetry_daemon
{{- if .Values.device }}
device_group={{- range $tag := .Values.device.tags }}{{- if $tag.device_group }}{{ $tag.device_group }}{{ end -}}{{- end }}
data_center={{- range $tag := .Values.device.tags }}{{- if $tag.data_center }}{{ $tag.data_center }}{{ end -}}{{- end }}
{{- else }}
device_group=
data_center=
{{- end }}
monit_file_path=/var/run/mrzcpd/mrmonit.app.dp_trace_telemetry.saving
[http_server]
listen_addr=0.0.0.0
listen_port=9086
keep_alive_path=/probe
[kafka]
{{- if .Values.datapath_trace.olap.kafka_brokers}}
borker_list="{{- range $index,$kafka := .Values.datapath_trace.olap.kafka_brokers.addresses }}{{- if ne $index 0 }},{{ end -}}{{ $kafka.address }}:{{ $kafka.port}}{{- end }}"
topic_name="DATAPATH-TELEMETRY-RECORD"
sasl_username={{.Values.datapath_trace.olap.kafka_brokers.sasl_username }}
sasl_password={{.Values.datapath_trace.olap.kafka_brokers.sasl_password }}
{{- else }}
borker_list=""
topic_name="DATAPATH-TELEMETRY-RECORD"
sasl_username=
sasl_password=
{{- end }}
[maat]
maat_log_level=3
# 0:json 1:redis
maat_input_mode=1
deferred_load_on=0
table_schema=../etc/table_schema.json
json_cfg_file=../etc/dp_telemetry_rules.json
{{- if .Values.datapath_trace.cm}}
{{- if eq .Values.datapath_trace.cm.connectivity "local_cache"}}
maat_redis_server={{ .Values.datapath_trace.cm.local_cache.cache_name }}-redis-master.tsg-os-system.svc
maat_redis_port_range=6379
{{- else if eq .Values.datapath_trace.cm.connectivity "builtin" }}
maat_redis_server=tsg-cm.tsg-os-system.svc
maat_redis_port_range=7002
{{- else }}
maat_redis_server={{ .Values.datapath_trace.cm.direct.address}}
maat_redis_port_range={{ .Values.datapath_trace.cm.direct.port}}
{{- end }}
{{- else }}
maat_redis_server=
maat_redis_port_range=
{{- end }}
maat_redis_db_index=1
[debug]
send_ctrlbuf=0
kafka_dump_to_log=0
arp_pkt_has_ip_test=0
---
apiVersion: v1
kind: ConfigMap
metadata:
name: dp-trace-dy
data:
config: |
[dp_trace_rule]
dp_trace_file_max_size_in_KB={{ .Values.datapath_trace.datapath_trace_file_max_size_in_KB }}
dp_trace_merge_timeout=30
{{- range $rule := .Values.datapath_trace.rule }}
[dp_trace_rule:{{ $rule.id }}]
{{- if eq $rule.enable "yes" }}
enable=1
{{- end}}
{{- if eq $rule.enable "no" }}
enable=0
{{- end}}
{{- if $rule.bpf_expr }}
bpf_expr={{ $rule.bpf_expr }}
{{- end }}
{{- if $rule.packet_max_count }}
pkt_cnt_max={{ $rule.packet_max_count }}
{{- end }}
{{- if $rule.sampling }}
sampling={{ $rule.sampling }}
{{- end }}
{{- if $rule.snaplen }}
snaplen={{ $rule.snaplen }}
{{- end }}
{{ end -}}

6
ansible/roles/dp-trace-telemetry/files/helm/templates/serviceaccount.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
serviceFunction: {{ .Release.Name }}
name: {{ .Release.Name }}

91
ansible/roles/dp-trace-telemetry/files/helm/values.yaml
View File

@@ -1,91 +0,0 @@
# Default values for dp-trace-telemetry.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
enable_interactive_startup: no
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true,
# a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
mergeExporter:
image:
repository: quay.io/rebuy/exporter-merger
pullPolicy: Never
tag: "v0.2.0"
mergePort: "9005"
mergeUrls: "http://127.0.0.1:8901/metrics http://127.0.0.1:8902/metrics http://127.0.0.1:8903/metrics"
define_enable_val_yes: 'yes'
datapath_trace: { debug: { enable_liveness_probe:'no', enable_interactive_startup: 'no', enable_prestart_script: 'no', enable_mount_host_filesystem:'no', prestart_script: ""}}
device: {}

21
ansible/roles/dp-trace-telemetry/tasks/main.yml
View File

@@ -1,21 +0,0 @@
- name: "download rpm packages: dp_trace"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: "{{ path_download }}"
with_dict: "{{ dp_trace_rpm_version }}"
- name: "Install mlnx-ofed-user-space rpm package"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
with_dict: "{{ mlnx_ofed_user_space_only_rpm_version }}"
when: runtime_env == 'TSG-X-P0906'
- name: "Install dp-trace-telemetry rpm package"
shell: rpm -i /tmp/rpm_download/{{ item.value }}*
with_dict: "{{ dp_trace_rpm_version }}"

8
ansible/roles/k3s-install/files/coredns-custom.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-custom
namespace: kube-system
data:
forward.override: |
forward . /etc/resolv.conf

41
ansible/roles/k3s-install/files/log-collector.yaml
View File

@@ -1,41 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: log-collector
labels:
app: log-collector
namespace: tsg-os-system
spec:
selector:
matchLabels:
app: log-collector
template:
metadata:
labels:
app: log-collector
spec:
containers:
- name: log-collector
image: registry.gdnt-cloud.website/tsg-log-collector:%%LOG_COLLECTOR_IMAGE_TAR%%
command:
- "bash"
- "-ec"
- |
sysctl -w fs.inotify.max_user_instances=8192
/opt/tsg/log-collector/bin/log-collector
volumeMounts:
- name: logs
mountPath: /var/log/pods
- name: journal-volume
mountPath: /run/systemd/journal
securityContext:
privileged: true
volumes:
- name: logs
hostPath:
path: /var/log/pods
type: DirectoryOrCreate
- name: journal-volume
hostPath:
path: /run/systemd/journal
type: Directory

145
ansible/roles/k3s-install/files/nic-uio-binder.yaml
View File

@@ -1,145 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: nic-uio-binder-account
namespace: tsg-os-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nic-uio-binder-account-nodes
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nic-uio-binder-account-pods
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","list","patch","watch","update","create","delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nic-uio-binder-account-services
rules:
- apiGroups: [""]
resources: ["endpoints", "services"]
verbs: ["get","list","watch","update","create","delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nic-uio-binder-account-binding-nodes
subjects:
- kind: ServiceAccount
namespace: tsg-os-system
name: nic-uio-binder-account
apiGroup: ""
roleRef:
kind: ClusterRole
name: nic-uio-binder-account-nodes
apiGroup: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nic-uio-binder-account-binding-pods
subjects:
- kind: ServiceAccount
namespace: tsg-os-system
name: nic-uio-binder-account
apiGroup: ""
roleRef:
kind: ClusterRole
name: nic-uio-binder-account-pods
apiGroup: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nic-uio-binder-account-binding-services
subjects:
- kind: ServiceAccount
namespace: tsg-os-system
name: nic-uio-binder-account
apiGroup: ""
roleRef:
kind: ClusterRole
name: nic-uio-binder-account-services
apiGroup: ""
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nic-uio-binder
labels:
app: nic-uio-binder
namespace: tsg-os-system
spec:
selector:
matchLabels:
app: nic-uio-binder
template:
metadata:
labels:
app: nic-uio-binder
spec:
serviceAccountName: nic-uio-binder-account
containers:
- name: nic-uio-binder
image: registry.gdnt-cloud.website/tsg-nic-uio-binder:%%NIC_UIO_BINDER_IMAGE_TAR%%
command:
- "bash"
- "-ec"
- |
/opt/tsg/nic-uio-binder/bin/nic-uio-binder
volumeMounts:
- name: hwfile
mountPath: /var/run/mrzcpd
- name: dev-vfio
mountPath: /dev/vfio
- name: k3s-api
mountPath: /var/lib/kubelet
- name: modules
mountPath: /lib/modules
securityContext:
privileged: true
initContainers:
- name: init-nic-uio-binder
image: registry.gdnt-cloud.website/tsg-nic-uio-binder:%%NIC_UIO_BINDER_IMAGE_TAR%%
command:
- "bash"
- "-ec"
- |
/opt/tsg/nic-uio-binder/bin/generateHwfile
volumeMounts:
- name: hwfile
mountPath: /var/run/mrzcpd
- name: dev-vfio
mountPath: /dev/vfio
- name: k3s-api
mountPath: /var/lib/kubelet
- name: modules
mountPath: /lib/modules
securityContext:
privileged: true
volumes:
- name: hwfile
hostPath:
path: /var/run/mrzcpd
type: DirectoryOrCreate
- name: dev-vfio
hostPath:
path: /dev/vfio
- name: k3s-api
hostPath:
path: /var/lib/kubelet/
- name: modules
hostPath:
path: /lib/modules
hostNetwork: true

15
ansible/roles/k3s-install/tasks/main.yml
View File

@@ -117,16 +117,6 @@
name: k3s-orphaned-pods-dir-clean.timer
enabled: yes
- name: "copy nic-uio-binder file to dest"
copy:
src: "{{ role_path }}/files/nic-uio-binder.yaml"
dest: /var/lib/rancher/k3s/server/manifests/
- name: "copy log-collector file to dest"
copy:
src: "{{ role_path }}/files/log-collector.yaml"
dest: /var/lib/rancher/k3s/server/manifests/
- name: "copy dynamic-hostport yaml file to k3s manifests directory"
copy:
src: "{{ role_path }}/files/dynamic-hostport.yaml"
@@ -139,11 +129,6 @@
url_username: "{{ lookup('env', 'PULP_REPO_USERNAME') }}"
url_password: "{{ lookup('env', 'PULP_REPO_PASSWORD') }}"
- name: "copy coredns-custom yaml file to k3s manifests directory"
copy:
src: "{{ role_path }}/files/coredns-custom.yaml"
dest: /var/lib/rancher/k3s/server/manifests/
- name: "copy k3s-reset.sh to /usr/bin"
copy:
src: "{{ role_path }}/files/k3s-reset.sh"

7
ansible/roles/log-collector/tasks/main.yml
View File

@@ -1,7 +0,0 @@
---
- name: "install log-collector"
yum:
name:
- "{{ log_collector_rpm_version.log_collector }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present

23
ansible/roles/mrzcpd/files/helm/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
ansible/roles/mrzcpd/files/helm/Chart.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v2
name: mrzcpd
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

1
ansible/roles/mrzcpd/files/helm/conf/mrzcpd.conf
View File

@@ -1 +0,0 @@
{{- include "mrzcpd.config" . }}

562
ansible/roles/mrzcpd/files/helm/templates/_config.tpl
View File

@@ -1,562 +0,0 @@
{{- define "mrzcpd.resources" -}}
{{- if .Values.mrzcpd.interfaces }}
{{- range $interface := .Values.mrzcpd.interfaces }}
mrzcpd/{{ $interface.name }}: 1
{{- end }}
{{- end }}
{{- end -}}
{{- define "mrzcpd.start" -}}
{{- if eq .Values.mrzcpd.debug.enable_interactive_startup .Values.define_enable_val_yes -}}
while true; do sleep 10;done
{{- else -}}
exec /opt/tsg/mrzcpd/bin/mrzcpd -c /opt/tsg/mrzcpd/etc/mrglobal.conf -s /opt/tsg/mrzcpd/etc/mrglobal.dynamic.conf
{{- end }}
{{- end -}}
{{- define "mrzcpd.volume.prestart" -}}
{{- if eq .Values.mrzcpd.debug.enable_prestart_script .Values.define_enable_val_yes }}
- name: mrzcpd-prestart
hostPath:
{{- if .Values.mrzcpd.debug.prestart_script }}
path: {{ .Values.mrzcpd.debug.prestart_script }}
{{- else }}
path: /etc/tsg-os/{{ .Release.Name }}/packet_io_engine_prestart_script.sh
{{- end }}
type: FileOrCreate
{{- end }}
{{- end -}}
{{- define "mrzcpd.mount.prestart" -}}
{{- if eq .Values.mrzcpd.debug.enable_prestart_script .Values.define_enable_val_yes }}
- name: prestart-dir
mountPath: /tmp/prestart
- name: mrzcpd-prestart
mountPath: /opt/tsg/scripts/prestart.sh
{{- end }}
{{- end -}}
{{- define "mrzcpd.prestart" -}}
{{- if eq .Values.mrzcpd.debug.enable_prestart_script .Values.define_enable_val_yes }}
echo WARNING: PRESTART.sh is enable, the commands in PRESTART.sh is:
cat /opt/tsg/scripts/prestart.sh
chmod 0755 /opt/tsg/scripts/prestart.sh
source /opt/tsg/scripts/prestart.sh
echo PRESTART.sh has been exec......
{{- end }}
{{- end -}}
{{- define "mrzcpd.config" -}}
{{- $nf_nic_list := "" }}
{{- $ef_adapter_num:= 0}}
{{- $tera_adapter_num:= 0}}
{{- $vwire_num:= 1}}
{{- $mirr_nic_list := "" }}
{{- $ep_nic_l2_list := "" }}
{{- $ep_nic_l3_list := "" }}
{{- $sid_step := 4 }}
{{- $cycle := int .Values.mrzcpd.nf_count }}
{{- $enter := "\n"}}
{{- range $index, $_ := until $cycle }}
{{- if eq $index 0 }}
{{- $nf_nic_list = (printf "nf_%d_fw" $index) }}
{{- $nf_nic_list = (printf "%s,nf_%d_proxy" $nf_nic_list $index) }}
{{- $nf_nic_list = (printf "%s,nf_%d_sce" $nf_nic_list $index) }}
{{- $nf_nic_list = (printf "%s,nf_%d_shaping_engine" $nf_nic_list $index) }}
{{- $ep_nic_l2_list = (printf "ep_%d_sce_l2" $index) }}
{{- $ep_nic_l3_list = (printf "ep_%d_sce_l3" $index) }}
{{- $mirr_nic_list = (printf "mirr_%d_fw" $index) }}
{{- $mirr_nic_list = (printf "%s,mirr_%d_proxy" $mirr_nic_list $index) }}
{{- else }}
{{- $nf_nic_list = (printf "%s,nf_%d_fw" $nf_nic_list $index) }}
{{- $nf_nic_list = (printf "%s,nf_%d_proxy" $nf_nic_list $index) }}
{{- $nf_nic_list = (printf "%s,nf_%d_sce" $nf_nic_list $index) }}
{{- $nf_nic_list = (printf "%s,nf_%d_shaping_engine" $nf_nic_list $index) }}
{{- $ep_nic_l2_list = (printf "%s,ep_%d_sce_l2" $ep_nic_l2_list $index) }}
{{- $ep_nic_l3_list = (printf "%s,ep_%d_sce_l3" $ep_nic_l3_list $index) }}
{{- $mirr_nic_list = (printf "%s,mirr_%d_fw" $mirr_nic_list $index) }}
{{- $mirr_nic_list = (printf "%s,mirr_%d_proxy" $mirr_nic_list $index) }}
{{- end }}
{{- end -}}
[device]
{{- if .Values.mrzcpd.interfaces }}
device= {{- range $interface := .Values.mrzcpd.interfaces }}{{ $interface.name }},{{- end }}{{- range $interface := .Values.mrzcpd.virtual_interfaces }}{{ $interface.name }},{{- end }}{{ $nf_nic_list }},{{ $ep_nic_l2_list }},{{ $ep_nic_l3_list }},{{ $mirr_nic_list }},nf_inject,virtio_dign_c,virtio_dign_s
{{- else }}
device= {{ $nf_nic_list }},{{ $ep_nic_l2_list}},{{ $ep_nic_l3_list }},{{ $mirr_nic_list}},nf_inject,virtio_dign_c,virtio_dign_s
{{- end }}
sz_tunnel={{ .Values.mrzcpd.pktmbuf_queue_size}}
sz_buffer=0
# Configuration settings for the physical device (Phy dev).
{{- range $interface := .Values.mrzcpd.interfaces }}
[device:{{ $interface.name }}]
{{- if $interface.address }}
in_addr={{ $interface.address }}
in_mask={{ $interface.mask }}
{{- if $interface.gateway }}
gateway={{ $interface.gateway }}
{{- end }}
{{- end }}
nr_rxdesc=8192
nr_txdesc=8192
allmulticast=1
rssmode=3
promisc={{ $interface.promisc }}
mtu={{ $interface.mtu }}
{{- if eq $interface.role "5"}}
driver=1
{{- else}}
driver=0
{{- end}}
role={{ $interface.role }}
{{- if $interface.type }}
type={{ $interface.type }}
{{- end }}
{{- if $interface.vlan }}
{{- if ne (len $interface.vlan) 0}}
allow_vlan_ids={{- range $index,$vlan := $interface.vlan }}{{- if ne $index 0 }},{{ end -}}{{ $vlan.vlan_id }}{{- end }}
{{- end }}
{{- end }}
{{- if $interface.en_representor }}
en_representor={{ $interface.en_representor }}
{{- end }}
{{- if $interface.representor_ns }}
representor_ns={{ $interface.representor_ns }}
{{- end }}
{{- if $interface.representor_dev }}
representor_dev={{ $interface.representor_dev }}
{{- end }}
{{- if $interface.rxcore }}
rx_cores={{ $interface.rxcore }}
{{- end }}
{{ end }}
# Configuration settings for network bonding (bond) functionality.
{{- range $interface := .Values.mrzcpd.virtual_interfaces }}
{{- if eq $interface.type "1"}}
[device:{{ $interface.name }}]
{{- if $interface.address }}
in_addr={{ $interface.address }}
in_mask={{ $interface.mask }}
{{- if $interface.gateway }}
gateway={{ $interface.gateway }}
{{- end }}
{{- end }}
rssmode=3
{{- if $interface.promisc }}
promisc={{ $interface.promisc }}
{{- end}}
{{- if $interface.mtu }}
mtu={{ $interface.mtu }}
{{- end}}
{{- if eq $interface.role "5"}}
driver=1
{{- else}}
driver=0
{{- end}}
role={{ $interface.role }}
{{- if $interface.type }}
type={{ $interface.type }}
{{- end }}
{{- if $interface.bond_mode }}
bond_mode={{ $interface.bond_mode }}
{{- end }}
{{- if $interface.bond_xmit_policy }}
bond_xmit_policy={{ $interface.bond_xmit_policy }}
{{- end }}
{{- if $interface.slaves }}
bond_slaves={{- range $index,$slave := $interface.slaves }}{{- if ne $index 0 }},{{ end -}}{{ $slave.interface }}{{- end }}
{{- end }}
{{- if $interface.rxcore }}
rx_cores={{ $interface.rxcore }}
{{- end }}
{{- end }}
{{ end }}
# Configuration settings for the virtual device (virtual dev) management.
[device:virtio_dign_c]
driver=1
role=1
[device:virtio_dign_s]
driver=1
role=1
# Configuration settings for the representational (repsent) device.
{{- range $interface := .Values.mrzcpd.virtual_interfaces }}
{{- if eq $interface.en_representor "1"}}
[device:{{ $interface.name }}]
{{- if $interface.promisc }}
promisc={{ $interface.promisc }}
{{- end}}
{{- if $interface.mtu }}
mtu={{ $interface.mtu }}
{{- end}}
{{- if eq $interface.role "5"}}
driver=1
{{- else}}
driver=0
{{- end}}
role={{ $interface.role }}
{{- if $interface.vlan }}
{{- if ne (len $interface.vlan) 0}}
allow_vlan_ids={{- range $index,$vlan := $interface.vlan }}{{- if ne $index 0 }},{{ end -}}{{ $vlan.vlan_id }}{{- end }}
{{- end }}
{{- end }}
{{- if $interface.en_representor }}
en_representor={{ $interface.en_representor }}
{{- end }}
{{- if $interface.representor_ns }}
representor_ns={{ $interface.representor_ns }}
{{- end }}
{{- if $interface.rxcore }}
rx_cores={{ $interface.rxcore }}
{{- end }}
{{- end }}
{{- end }}
# Configuration settings for the VLAN (Virtual Local Area Network) sub-interface.
{{- range $interface := .Values.mrzcpd.interfaces }}
{{- if $interface.vlan }}
{{- range $vlan := $interface.vlan }}
{{- if or $vlan.ipv4_address $vlan.ipv6_address }}
[device:{{$interface.name}}:vlan:{{$vlan.vlan_id}}]
{{- if $vlan.ipv4_address }}
in_addr_v4={{ $vlan.ipv4_address }}
{{- end }}
{{- if $vlan.ipv4_mask }}
in_mask_v4={{ $vlan.ipv4_mask }}
{{- end }}
{{- if $vlan.ipv6_address }}
in_addr_v6={{ $vlan.ipv6_address }}
{{- end }}
{{- if $vlan.ipv6_mask }}
in_mask_v6={{ $vlan.ipv6_mask }}
{{- end }}
{{ end }}
{{- end -}}
{{- end -}}
{{ end }}
{{- range $interface := .Values.mrzcpd.virtual_interfaces }}
{{- if $interface.vlan }}
{{- range $vlan := $interface.vlan }}
{{- if or $vlan.ipv4_address $vlan.ipv6_address }}
[device:{{$interface.name}}:vlan:{{$vlan.vlan_id}}]
{{- if $vlan.ipv4_address }}
in_addr_v4={{ $vlan.ipv4_address }}
{{- end }}
{{- if $vlan.ipv4_mask }}
in_mask_v4={{ $vlan.ipv4_mask }}
{{- end }}
{{- if $vlan.ipv6_address }}
in_addr_v6={{ $vlan.ipv6_address }}
{{- end }}
{{- if $vlan.ipv6_mask }}
in_mask_v6={{ $vlan.ipv6_mask }}
{{- end }}
{{ end }}
{{- end -}}
{{- end -}}
{{ end }}
# Configuration settings for the shmdey device.
[device:nf_inject]
driver=3
role=4
{{ range $index, $_ := until $cycle }}
[device:nf_{{ $index }}_fw]
driver=3
role=4
[device:nf_{{ $index }}_sce]
driver=3
role=4
[device:ep_{{ $index }}_sce_l2]
driver=3
role=4
[device:ep_{{ $index }}_sce_l3]
en_representor=1
representor_ns=1
driver=3
role=4
[device:nf_{{ $index }}_shaping_engine]
driver=3
role=4
[device:nf_{{ $index }}_proxy]
driver=3
role=4
[device:mirr_{{ $index }}_fw]
driver=3
role=4
[device:mirr_{{ $index }}_proxy]
driver=3
role=4
{{- end }}
# This module handles the global configuration settings.
[service]
iocore={{ range $index,$core := .Values.mrzcpd.cpu_affinity}}{{- if ne $index 0 }},{{ end -}}{{ $core }}{{- end }}
distmode={{ .Values.mrzcpd.distmode }}
hashmode=0
poll_wait_throttle={{ .Values.mrzcpd.enable_poll_wait_throttle }}
poll_wait_enable=1
[eal]
virtaddr=0x500000000000
loglevel=7
huge-dir=/run/mrzcpd/hugepages
legacy_mem=0
[keepalive]
check_spinlock=1
[ctrlzone]
ctrlzone0=tunnat,64
[pool]
create_mode={{ .Values.mrzcpd.pktmbuf_pool_create_mode }}
sz_direct_pktmbuf={{ int .Values.mrzcpd.pktmbuf_pool_max_elements_count}}
sz_indirect_pktmbuf={{ .Values.mrzcpd.indirect_pktmbuf}}
sz_cache=512
sz_data={{ .Values.mrzcpd.pktmbuf_max_size}}
[buffer_leak_detect]
check_buffer_leak={{ .Values.mrzcpd.enable_check_pktmbuf_leak}}
[ctrlmsg]
listen_addr=0.0.0.0
listen_port=46789
[rpc]
addr=127.0.0.1
port=56789
[limits]
nr_max_ef_adapters={{ .Values.mrzcpd.nr_max_ef_adapters }}
nr_max_vwires={{ .Values.mrzcpd.nr_max_vwires }}
nr_max_tera_adapters={{ .Values.mrzcpd.nr_max_tera_adapters }}
nr_max_link_dbs={{ .Values.mrzcpd.nr_max_link_dbs }}
# This module is used to configure the access mode settings.
# The configuration sets the access mode to etherfabric adapter mode.
[ef_adapters]
sid_start=100
sid_end=200
{{ range $service := .Values.mrzcpd.services }}
{{- if eq $service.type "etherfabric_adapter" }}
[ef_adapter:{{ $ef_adapter_num }}]
ef_adapter_id={{ $service.id }}
{{- if eq $service.mode "virtual-wire"}}
mode=1
{{ end -}}
{{- if eq $service.mode "tap"}}
mode=2
{{ end -}}
listen_device={{ $service.listen_on_device }}
{{ $ef_adapter_num = ($ef_adapter_num | add 1) -}}
{{ end -}}
{{ end }}
# The configuration sets the access mode to vwire mode.
[vwires]
sid_start=300
sid_end=400
[vwire:0]
vwire_id=0
interface_int=virtio_dign_c
interface_ext=virtio_dign_s
{{- range $virtual_wire := .Values.mrzcpd.virtual_wires }}
[vwire:{{ $vwire_num }}]
vwire_id={{ $virtual_wire.id }}
interface_int={{ $virtual_wire.internal_interface }}
interface_ext={{ $virtual_wire.external_interface }}
{{- if $virtual_wire.obp_device }}
obp_device={{ $virtual_wire.obp_device }}
{{- end }}
{{- if $virtual_wire.obp_segment }}
obp_segment={{ $virtual_wire.obp_segment }}
{{- end }}
{{- $vwire_num = ($vwire_num | add 1)}}
{{$enter}}
{{- end }}
# The configuration sets the access mode to tera adapter mode.
[tera_adapters]
sid_start=500
sid_end=600
{{ range $service := .Values.mrzcpd.services }}
{{- if eq $service.type "tera_adapter" }}
[tera_adapter:{{ $tera_adapter_num }}]
tera_adapter_id={{ $service.id }}
listen_device={{ $service.listen_on_device }}
vlan_int={{ $service.vlan_int }}
vlan_ext={{ $service.vlan_ext }}
mac_flipping={{ $service.mac_flipping }}
{{ $tera_adapter_num = ($tera_adapter_num | add 1) -}}
{{ end -}}
{{ end }}
# This module is used to configure health check settings.
{{- range $index, $_ := until $cycle }}
[health_check:{{ $index | mul $sid_step }}]
name=nf{{ $index }}_fw_health_check
device=nf_{{ $index }}_fw
method=0
multiplier=20
interval=10
[health_check:{{ $index | mul $sid_step | add 1 }}]
name=nf{{ $index }}_proxy_health_check
device=nf_{{ $index }}_proxy
method=0
multiplier=20
interval=10
[health_check:{{ $index | mul $sid_step | add 2 }}]
name=nf{{ $index }}_sce_health_check
device=nf_{{ $index }}_sce
method=0
multiplier=20
interval=10
[health_check:{{ $index | mul $sid_step | add 3 }}]
name=nf{{ $index }}_shaping_engine_health_check
device=nf_{{ $index }}_shaping_engine
method=0
multiplier=20
interval=10
{{ end }}
[health_check:{{ $cycle | mul $sid_step }}]
name=nf_inject_health_check
device=nf_inject
method=0
multiplier=20
interval=10
# This module is used for configuring the service load balancing settings.
[service_lb]
sid_start={{ .Values.mrzcpd.service_lb.sid_range_start }}
sid_end={{ .Values.mrzcpd.service_lb.sid_range_end }}
{{ range $index, $_ := until $cycle }}
{{- $load_balance_index:= $index | mul $sid_step }}
[load_balance:{{ $load_balance_index }}]
sid={{ $.Values.mrzcpd.service_lb.sid_range_start | add $load_balance_index}}
mode=0
devices=nf_{{ $index }}_fw,0
health_check_sessions=nf{{ $index }}_fw_health_check
[load_balance:{{ $load_balance_index | add 1 }}]
sid={{ $.Values.mrzcpd.service_lb.sid_range_start | add $load_balance_index| add 1 }}
mode=0
devices=nf_{{ $index }}_proxy,0
health_check_sessions=nf{{ $index }}_proxy_health_check
[load_balance:{{ $load_balance_index | add 2 }}]
sid={{ $.Values.mrzcpd.service_lb.sid_range_start | add $load_balance_index| add 2}}
mode=0
devices=nf_{{ $index }}_sce,0
health_check_sessions=nf{{ $index }}_sce_health_check
[load_balance:{{ $load_balance_index | add 3 }}]
sid={{ $.Values.mrzcpd.service_lb.sid_range_start | add $load_balance_index| add 3}}
mode=0
devices=nf_{{ $index }}_shaping_engine,0
health_check_sessions=nf{{ $index }}_shaping_engine_health_check
{{ end }}
[load_balance:{{ $cycle | mul $sid_step }}]
{{- $load_balance_index:= $cycle | mul $sid_step }}
sid={{ $.Values.mrzcpd.service_lb.sid_range_start | add $load_balance_index}}
mode=0
devices=nf_inject,0
health_check_sessions=nf_inject_health_check
# This module is responsible for configuring the link database (linkdb) settings.
{{- range $linkdb := .Values.mrzcpd.linkdb }}
[link_db:{{ $linkdb.id }}]
type={{ $linkdb.type }}
traffic_link_id={{ $linkdb.traffic_link_id}}
{{- if $linkdb.vwire_id }}
vwire_id={{ $linkdb.vwire_id }}
{{- end }}
{{- if and $linkdb.ef_ip_addr $linkdb.ef_link_id }}
ef_ip_addr={{ $linkdb.ef_ip_addr }}
ef_link_id={{ $linkdb.ef_link_id }}
{{- end }}
{{$enter}}
{{- end }}
# This module is used for configuring the network bridge settings.
[bridge:0]
{{- if .Values.mrzcpd.service_chaining.vxlan_interface }}
master_device={{ .Values.mrzcpd.service_chaining.vxlan_interface }}
devices={{ .Values.mrzcpd.service_chaining.vxlan_interface }},{{ $ep_nic_l3_list}}
{{- else }}
devices={{ $ep_nic_l3_list}}
{{- end }}
[bridge:1]
{{- if .Values.mrzcpd.traffic_mirror.interface }}
master_device={{ .Values.mrzcpd.traffic_mirror.interface }}
devices={{ .Values.mrzcpd.traffic_mirror.interface }},{{ $mirr_nic_list}}
{{- else }}
devices={{ $mirr_nic_list}}
{{- end }}
[bridge:2]
{{- if .Values.mrzcpd.service_chaining.vlan_interface }}
master_device={{ .Values.mrzcpd.service_chaining.vlan_interface }}
devices={{ .Values.mrzcpd.service_chaining.vlan_interface }},{{ $ep_nic_l2_list}}
{{- else }}
devices={{ $ep_nic_l2_list}}
{{- end }}
#This module is responsible for configuring the static classifier rules.
{{- range $index, $_ := until $cycle }}
[classifier_rule:{{ $index }}]
rule_id={{ $index | add 1 }}
dst_ip_addr_v4=192.0.2.{{ $index | add 101 }}
dst_ip_mask_v4=32
action=2
priority=0
sid={{ $index | mul $sid_step | add 1000 }}
vwire_id=0
{{ end }}
{{ range $index, $_ := until $cycle }}
[classifier_rule:{{ $index | add $cycle }}]
rule_id={{ $index | add $cycle | add 1 }}
src_ip_addr_v4=192.0.2.{{ $index | add 101 }}
src_ip_mask_v4=32
action=2
priority=0
sid={{ $index | mul $sid_step | add 1000 }}
vwire_id=0
{{$enter}}
{{- end }}
{{- end -}}

373
ansible/roles/mrzcpd/files/helm/templates/deployment-mrzcpd.yaml
View File

@@ -1,373 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: packet-io-engine
labels:
app: packet-io-engine
component: packet-io-engine
annotations:
configmap.reloader.stakater.com/reload: mrzcpd-static-conf
spec:
replicas: 1
selector:
matchLabels:
app: packet-io-engine
strategy:
type: Recreate
template:
metadata:
labels:
app: packet-io-engine
serviceFunction: {{ .Release.Name }}
component: packet-io-engine
annotations:
kubectl.kubernetes.io/default-container: packet-io-engine
prometheus.io/port: "9005"
prometheus.io/scrape: "true"
spec:
shareProcessNamespace: true
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: confd
image: "registry.gdnt-cloud.website/tsg-packet-io-engine:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
/opt/confd/bin/confd -watch -backend file -file /opt/tsg/config/mrzcpd-reload-conf/reload-conf.yaml -log-level debug
volumeMounts:
- name: shared-dir
mountPath: /opt/tsg/config/shared
- name: mrzcpd-reload-conf
mountPath: /opt/tsg/config/mrzcpd-reload-conf/
securityContext:
privileged: true
lifecycle:
postStart:
exec:
command:
- "bash"
- "-ec"
- |
while true; do
if [ -f "/opt/tsg/config/shared/mrglobal.dynamic.conf" ]; then
echo "File /opt/tsg/config/shared/mrglobal.dynamic.conf exists. Exiting."
exit 0
fi
echo "File /opt/tsg/config/shared/mrglobal.dynamic.conf does not exist. Sleeping for 2 seconds."
sleep 2
done
- name: packet-io-engine
image: "registry.gdnt-cloud.website/tsg-packet-io-engine:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/mrzcpd
command:
- "bash"
- "-ec"
- |
/opt/tsg/mrzcpd/bin/mrmarch --auto
mount --rbind /opt/tsg/mrzcpd /mnt/packet-io-engine/mrzcpd
cp -f /etc/ld.so.conf.d/mrzcpd.conf /mnt/packet-io-engine/ld.so.conf.d/mrzcpd.conf
cp -f /etc/profile.d/mrzcpd.sh /mnt/packet-io-engine/profile.d/mrzcpd.sh
ldconfig -C /etc/ld.so.cache -r /host
cp -f /opt/tsg/config/mrzcpd-static-conf/static.conf /opt/tsg/mrzcpd/etc/mrglobal.conf
ln -s /opt/tsg/mrzcpd/shared/mrglobal.dynamic.conf /opt/tsg/mrzcpd/etc/mrglobal.dynamic.conf
{{ template "mrzcpd.prestart" . }}
{{ template "mrzcpd.start" . }}
volumeMounts:
- name: journal-volume
mountPath: /run/systemd/journal
- name: shared-dir
mountPath: /opt/tsg/mrzcpd/shared
- name: mrzcpd
mountPath: /mnt/packet-io-engine/mrzcpd
mountPropagation: Bidirectional
- name: ldconfig-mrzcpd
mountPath: /mnt/packet-io-engine/ld.so.conf.d
- name: etc-profile
mountPath: /mnt/packet-io-engine/profile.d
- name: mrzcpd-static-conf
mountPath: /opt/tsg/config/mrzcpd-static-conf/
- name: run-mrzcpd
mountPath: /var/run/mrzcpd
- name: hugepages
mountPath: /var/run/mrzcpd/hugepages
- name: dpdk
mountPath: /var/run/dpdk
- name: dev-vfio
mountPath: /dev/vfio
- name: host-root
mountPath: /host
mountPropagation: HostToContainer
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
{{ template "mrzcpd.mount.prestart" . }}
resources:
limits:
nic-uio/packet-io-engine: 1
{{- if .Values.mrzcpd.interfaces }}
{{- range $interface := .Values.mrzcpd.interfaces }}
nic-uio/{{ $interface.name }}: 1
{{- end }}
{{- end }}
hugepages-1Gi: {{.Values.mrzcpd.hugepages }}
requests:
memory: 100Mi
env:
- name: MLX5_GLUE_PATH
value: /opt/tsg/mrzcpd/lib
- name: DEPLOYMENT_NAME
value: packet-io-engine
{{- if eq .Values.mrzcpd.debug.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
httpGet:
host: 127.0.0.1
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 20
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
startupProbe:
httpGet:
host: 127.0.0.1
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 20
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
{{- end }}
lifecycle:
preStop:
exec:
command:
- "bash"
- "-ec"
- |
rm -f /run/mrzcpd/mrmonit.daemon
rm -f /run/mrzcpd/huge_pages/rtemap_*
rm -f /run/.rte_config
rm -f /run/.rte_hugepage_info
rm -rf /run/.dpdk
securityContext:
privileged: true
- command:
- "bash"
- "-ec"
- |
until [ $(curl -s -o /dev/null -w "%{http_code}" http://localhost:9086/probe) -eq 200 ]; do echo waiting for packet-io-engine ready; sleep 2; done
/opt/tsg/mrzcpd/bin/monit_device --prometheus-client
image: "registry.gdnt-cloud.website/tsg-packet-io-engine:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
name: mrapm-device
{{- if eq .Values.mrzcpd.debug.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
httpGet:
host: 127.0.0.1
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 20
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
startupProbe:
httpGet:
host: 127.0.0.1
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 20
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
{{- end }}
volumeMounts:
- mountPath: /var/run/mrzcpd
name: run-mrzcpd
readOnly: true
- mountPath: /var/run/dpdk
name: dpdk
readOnly: true
- mountPath: /etc/localtime
name: localtime-node
readOnly: true
- command:
- "bash"
- "-ec"
- |
until [ $(curl -s -o /dev/null -w "%{http_code}" http://localhost:9086/probe) -eq 200 ]; do echo waiting for packet-io-engine ready; sleep 2; done
/opt/tsg/mrzcpd/bin/monit_stream --prometheus-client
image: "registry.gdnt-cloud.website/tsg-packet-io-engine:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
name: monit-stream
{{- if eq .Values.mrzcpd.debug.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
httpGet:
host: 127.0.0.1
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 20
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
startupProbe:
httpGet:
host: 127.0.0.1
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 20
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
{{- end }}
volumeMounts:
- mountPath: /var/run/mrzcpd
name: run-mrzcpd
readOnly: true
- mountPath: /var/run/dpdk
name: dpdk
readOnly: true
- mountPath: /etc/localtime
name: localtime-node
readOnly: true
- command:
- "bash"
- "-ec"
- |
until [ $(curl -s -o /dev/null -w "%{http_code}" http://localhost:9086/probe) -eq 200 ]; do echo waiting for packet-io-engine ready; sleep 2; done
/opt/tsg/mrzcpd/bin/monit_obp --prometheus-client
image: "registry.gdnt-cloud.website/tsg-packet-io-engine:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
name: monit-obp
{{- if eq .Values.mrzcpd.debug.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
httpGet:
host: 127.0.0.1
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 20
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
startupProbe:
httpGet:
host: 127.0.0.1
httpHeaders:
- name: Custom-Header
value: Awesome
path: /probe
port: 9086
initialDelaySeconds: 20
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
{{- end }}
volumeMounts:
- mountPath: /var/run/mrzcpd
name: run-mrzcpd
readOnly: true
- mountPath: /var/run/dpdk
name: dpdk
readOnly: true
- mountPath: /etc/localtime
name: localtime-node
readOnly: true
- env:
- name: MERGER_URLS
value: {{ .Values.mergeExporter.mergeUrls }}
- name: MERGER_PORT
value: "{{ .Values.mergeExporter.mergePort }}"
image: "{{ .Values.mergeExporter.image.repository }}:{{ .Values.mergeExporter.image.tag }}"
imagePullPolicy: {{ .Values.mergeExporter.image.pullPolicy }}
name: exporter-merger
ports:
- name: ex-mrzcpd-port
containerPort: {{ .Values.mergeExporter.mergePort }}
protocol: TCP
volumes:
- name: journal-volume
hostPath:
path: /run/systemd/journal
type: Directory
- name: shared-dir
emptyDir: {}
- name: prestart-dir
hostPath:
path: /etc/tsg-os/{{ .Release.Name }}/
type: DirectoryOrCreate
- name: mrzcpd-static-conf
configMap:
name: mrzcpd-static-conf
- name: mrzcpd-reload-conf
configMap:
name: mrzcpd-reload-conf
- name: mrzcpd
hostPath:
path: /opt/tsg/mrzcpd
type: DirectoryOrCreate
- name: run-mrzcpd
hostPath:
path: /var/run/mrzcpd
type: DirectoryOrCreate
- name: hugepages
hostPath:
path: /var/run/mrzcpd/hugepages
type: DirectoryOrCreate
- name: etc-profile
hostPath:
path: /etc/profile.d
type: Directory
- name: dpdk
hostPath:
path: /var/run/dpdk
type: DirectoryOrCreate
- name: ldconfig-mrzcpd
hostPath:
path: /etc/ld.so.conf.d
type: Directory
- name: dev-vfio
hostPath:
path: /dev/vfio
- name: localtime-node
hostPath:
path: /etc/localtime
- name: host-root
hostPath:
path: /
{{ template "mrzcpd.volume.prestart" . }}
hostNetwork: true

19
ansible/roles/mrzcpd/files/helm/templates/mrzcpd.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: mrzcpd-static-conf
data:
static.conf: {{ tpl (.Files.Get "conf/mrzcpd.conf") . | quote }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mrzcpd-reload-conf
data:
reload-conf.yaml: |
obp_devices: {{ .Values.mrzcpd.obp_devices | toJson }}
ruleset: {{ .Values.mrzcpd.ruleset | toJson }}
{{- $cycle := int .Values.mrzcpd.nf_count }}
cycle: {{(printf "\"")}} {{- range $index, $_ := until $cycle }}{{- if ne $index 0 }},{{ end -}} {{ (printf "%d" $index) }}{{- end -}} {{(printf "\"")}}
datapath_trace: {{ .Values.mrzcpd.datapath_trace | toJson }}

20
ansible/roles/mrzcpd/files/helm/templates/service.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: packet-io-engine
name: packet-io-engine
annotations:
prometheus.io/scrape: "true"
spec:
ports:
- name: mrzcpd-exporter-port
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
port: {{ .Values.service.port }}
targetPort: ex-mrzcpd-port
selector:
app: packet-io-engine
type: {{ .Values.service.type }}

124
ansible/roles/mrzcpd/files/helm/values.yaml
View File

@@ -1,124 +0,0 @@
# Default values for mrzcpd.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
enable_interactive_startup: no
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources:
limits:
hugepages-1Gi: 32Gi
requests:
memory: 100Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
mergeExporter:
image:
repository: quay.io/rebuy/exporter-merger
pullPolicy: Never
tag: "v0.2.0"
mergePort: "9005"
mergeUrls: "http://127.0.0.1:8901/metrics http://127.0.0.1:8902/metrics http://127.0.0.1:8903/metrics"
service:
type: ClusterIP
# nodePort: "30081"
port: "9005"
annotations: {}
define_enable_val_yes: 'yes'
mrzcpd:
interfaces: []
nf_count: 16
services: []
virtual_wires: []
service_lb: {}
service_chaining: {}
traffic_mirror: {}
distmode: 0
datapath_trace: {}
hugepages: 32Gi
linkdb: []
obp_devices: [{'name': 'obp1', 'type': '2', 'connect': '3', 'address': '2.2.2.2', 'port': '6800', 'segment': [{'id': '1', 'workline':'0', 'heartbeat_mode': '1', 'hb_send_interval_in_ms': '100', 'hb_timeout_interval_in_ms': '100', 'hb_lost_threshold': '5', 'nonrevertive_mode': '1'}, {'id': '1', 'workline':'0', 'heartbeat_mode': '1', 'hb_send_interval_in_ms': '100', 'hb_timeout_interval_in_ms': '100', 'hb_lost_threshold': '5', 'nonrevertive_mode': '1'}]}]
pktmbuf_max_size: 4096
pktmbuf_queue_size: 512
pktmbuf_pool_create_mode: 1
pktmbuf_pool_max_elements_count: 2097151
enable_check_pktmbuf_leak: 1
enable_poll_wait_throttle: 512
indirect_pktmbuf: 8192
debug:
enable_liveness_probe: yes
define_enable_val_yes: yes
enable_prestart_script: no
enable_mount_host_filesystem: no
#default: /etc/tsg-os/${service_function_name}/shaping_prestart_script.sh
prestart_script: ""

24
ansible/roles/mrzcpd/files/mrzcpd.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: mrzcpd
namespace: default
spec:
chart: https://%{KUBERNETES_API}%/static/charts/mrzcpd-0.1.0.tgz
targetNamespace: default
valuesContent: |-
mrzcpd:
interfaces: [{'name': 'ens14f3', 'role': '3', 'mtu': '2500', 'promisc': '1'}, {'name': 'ens18f1', 'role': '3', 'mtu': '2500', 'promisc': '1'}, {'name': 'ens6f0np0', 'address': '10.252.100.2', 'mask': '255.255.255.0', 'gateway': '10.252.100.1', 'role': '3', 'mtu': '2500', 'promisc': '1'}]
services: [{'name': 'ser1', 'id': '0', 'mode': 'virtual-wire', 'listen_on_device': 'ens6f0np0'}]
virtual_wires: []
service_lb: {'sid_range_start': '1000', 'sid_range_end': '2000'}
service_chaining_vxlan_g: {'interface': 'ens18f1'}
traffic_mirror: {'interface': 'ens14f3'}
distmode: 2
debug:
enable_liveness_probe: yes
enable_interactive_startup: no
enable_prestart_script: no
enable_mount_host_filesystem: no
#default: /etc/tsg-os/${service_function_name}/shaping_prestart_script.sh
prestart_script: ""

183
ansible/roles/mrzcpd/tasks/main.yml
View File

@@ -1,183 +0,0 @@
---
- name: "download rpm packages: mrzcpd"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: "{{ path_download }}"
with_dict: "{{ mrzcpd_rpm_version }}"
- name: "Install python module"
shell: pip2 install -i https://pypi.tuna.tsinghua.edu.cn/simple PrettyTable==0.7.2
when: runtime_env == 'TSG-X-P0906'
- name: "Install python3 module and dependent package"
shell: yum install -y lshw python3 which pciutils iproute vim kmod libnl3-devel perl-generators iptables-devel numactl-libs
when: runtime_env == 'TSG-X-P0906'
- name: "Install mrzcpd rpm package"
shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ prefix_path.mrzcpd }}
with_dict: "{{ mrzcpd_rpm_version }}"
- name: "Install mlnx-ofed-user-space rpm package"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
with_dict: "{{ mlnx_ofed_user_space_only_rpm_version }}"
when: runtime_env == 'TSG-X-P0906'
- name: "update /etc/ld.so.conf.d/mrzcpd.conf"
template:
src: "{{ role_path }}/templates/mrzcpd.conf.j2"
dest: /etc/ld.so.conf.d/mrzcpd.conf
- name: "update sysconfig/mrzcpd"
template:
src: "{{ role_path }}/templates/mrzcpd.j2"
dest: /etc/sysconfig/mrzcpd
- name: "replace action: replace /opt/mrzcpd to /opt/tsg/mrzcpd"
replace:
path: "{{ item }}"
regexp: '/opt/mrzcpd'
replace: '{{ prefix_path.mrzcpd }}'
with_items:
- /etc/profile.d/mrzcpd.sh
- /opt/tsg/mrzcpd/lib/pkgconfig/mrzcpd.pc
- /usr/lib/systemd/system/mrapm_device.service
- /usr/lib/systemd/system/mrapm_stream.service
- /usr/lib/systemd/system/mrtunnat.service
- /usr/lib/systemd/system/mrzcpd.service
- name: "replace action: replace /opt/mrzcpd to /opt/tsg/mrzcpd"
replace:
path: "{{ item }}"
regexp: '/opt/mrzcpd'
replace: '{{ prefix_path.mrzcpd }}'
with_items:
- /usr/lib/systemd/system/mrenv.service
when: runtime_env != 'TSG-X-P0906'
- name: "replace action: replace /opt/mrzcpd to /opt/tsg/mrzcpd"
replace:
path: "{{ item }}"
regexp: '/opt/mrzcpd'
replace: '{{ prefix_path.mrzcpd }}'
with_items:
- /usr/lib/systemd/system/mrzcpd_hugepages_setup.service
- /usr/lib/systemd/system/mrzcpd_hwdb_setup.service
when: runtime_env == 'TSG-X-P0906'
- name: "replace action: replace Requires to Wants"
replace:
path: "{{ item }}"
regexp: 'Requires'
replace: 'Wants'
with_items:
- /usr/lib/systemd/system/mrapm_device.service
- /usr/lib/systemd/system/mrapm_stream.service
- name: "Create /usr/lib/systemd/system/mrzcpd.service.d directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/mrzcpd.service.d
- name: "copy slice file to mrzcpd.service.d"
copy:
src: "{{ role_path }}/templates/service_override_slice.conf.j2"
dest: /usr/lib/systemd/system/mrzcpd.service.d/service_override_slice.conf
mode: 0644
when: runtime_env != 'TSG-X-P0906'
- name: "update mrglobal.conf - TSG7400 - mcn0"
template:
src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.7400MCN0P01R01"
dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
when:
- runtime_env == 'TSG-7400-mcn0'
- name: "update mrglobal.conf - TSG7400 - mcn1 mcn2 mcn3"
template:
src: "{{ role_path }}/templates/mrglobal.conf.j2.7400MCN123P01R01"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
when:
- runtime_env == 'TSG-7400-mcn123'
- name: "update mrglobal.conf - TSG-X-P0906"
copy:
src: "{{ role_path }}/templates/mrglobal.conf.TSGXNXR620G40R01P0906"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
when:
- runtime_env == 'TSG-X-P0906'
- name: "replace action: replace service WantedBy from multi-user.target to workload.target"
replace:
path: "{{ item }}"
regexp: 'WantedBy=multi-user.target'
replace: 'WantedBy=workload.target'
with_items:
- /usr/lib/systemd/system/mrapm_device.service
- /usr/lib/systemd/system/mrapm_stream.service
- /usr/lib/systemd/system/mrenv.service
- /usr/lib/systemd/system/mrtunnat.service
- /usr/lib/systemd/system/mrzcpd.service
when: runtime_env != 'TSG-X-P0906'
- name: "copy add_dev_to_bridge to mrzcpd.service.d"
copy:
src: "{{ role_path }}/templates/service_add_dev_to_bridge.conf"
dest: /usr/lib/systemd/system/mrzcpd.service.d/
mode: 0644
when: runtime_env == 'TSG-X-P0906'
- name: "copy add_timeout_setting to mrzcpd.service.d"
copy:
src: "{{ role_path }}/templates/service_add_timeout_setting.conf"
dest: /usr/lib/systemd/system/mrzcpd.service.d/
mode: 0644
##################### mrzcpd #####################
- name: "enable mrenv"
systemd:
name: mrenv
enabled: yes
when: runtime_env != 'TSG-X-P0906'
- name: "enable mrzcpd_hugepages_setup"
systemd:
name: mrzcpd_hugepages_setup
enabled: yes
when: runtime_env == 'TSG-X-P0906'
- name: "enable mrzcpd_hwdb_setup"
systemd:
name: mrzcpd_hwdb_setup
enabled: yes
when: runtime_env == 'TSG-X-P0906'
- name: "enable mrzcpd"
systemd:
name: mrzcpd
enabled: yes
when: runtime_env != 'TSG-X-P0906'
- name: "enable prometheus output - monit_device"
systemd:
name: mrapm_device
enabled: yes
when: runtime_env != 'TSG-X-P0906'
- name: "enable prometheus output - monit_stream"
systemd:
name: mrapm_stream
enabled: yes
when: runtime_env != 'TSG-X-P0906'

75
ansible/roles/mrzcpd/templates/mrglobal.conf.TSGXNXR620G40R01P0906
View File

@@ -1,75 +0,0 @@
[device]
device=ens4f0np0,ens6f2,nf_0,nf_1,nf_2,nf_3,nf_4,nf_5,nf_6,nf_7,nf_8,nf_9,nf_10,nf_11,nf_12,nf_13,nf_14,nf_15
virtio_user=virtio_dign_c,virtio_dign_s
sz_tunnel=8192
sz_buffer=0
[device:ens4f0np0]
in_addr=10.254.22.1
in_mask=255.255.255.0
vlan-filter=1
vlan-pvid=0
vlan-pvid-mode=2
promisc=1
allmulticast=1
rssmode=3
mtu=2048
[device:ens6f2]
mtu=2048
hw_strip_crc=1
rssmode=2
vlan-strip=1
[service]
# lcore id for i/o service, use comma to split
iocore=1,2,3,4
distmode=2
hashmode=0
[eal]
virtaddr=0x7f40c4a00000
loglevel=7
[keepalive]
check_spinlock=1
[ctrlzone]
ctrlzone0=tunnat,255
[pool]
create_mode=3
sz_direct_pktmbuf=2097152
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096
[ctrlmsg]
listen_addr=0.0.0.0
listen_port=46789
[rpc]
addr=127.0.0.1
port=56789
[vlan_flipping_adapter]
enable=1
enable_devices=nf_0,nf_1,nf_2,nf_3,nf_4,nf_5,nf_6,nf_7,nf_8,nf_9,nf_10,nf_11,nf_12,nf_13,nf_14,nf_15
etherfabric_vlan_range_start=1000
etherfabric_vlan_range_end=3047
default_si_table_0=nf_0,0
default_si_table_1=nf_1,1
default_si_table_2=nf_2,2
default_si_table_3=nf_3,3
default_si_table_4=nf_4,4
default_si_table_5=nf_5,5
default_si_table_6=nf_6,6
default_si_table_7=nf_7,7
default_si_table_8=nf_8,8
default_si_table_9=nf_9,9
default_si_table_10=nf_10,10
default_si_table_11=nf_11,11
default_si_table_12=nf_12,12
default_si_table_13=nf_13,13
default_si_table_14=nf_14,14
default_si_table_15=nf_15,15

25
ansible/roles/mrzcpd/templates/mrglobal.conf.j2.7400MCN123P01R01
View File

@@ -1,25 +0,0 @@
[device]
device={{ dp_traffic_mirror.nic_name }}
sz_tunnel=8192
sz_buffer=0
[device:{{ dp_traffic_mirror.nic_name }}]
promisc=0
rssmode=0
[service]
iocore={{ workload_zcpd.cpu_affinity }}
[eal]
virtaddr=0x7d0000000000
loglevel=7
[keepalive]
check_spinlock=1
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096

74
ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.7400MCN0P01R01
View File

@@ -1,74 +0,0 @@
[device]
{% set steeering_to_proxy_nic_list = [] %}
{% for node_info in dp_steering_proxy.node_list %}{{ steeering_to_proxy_nic_list.append(node_info.nic_name) }}{% endfor %}
device={{ dp_steering_firewall.nic_internal }},{{ steeering_to_proxy_nic_list | join(",") }}
sz_tunnel=8192
sz_buffer=0
[device:{{ dp_steering_firewall.nic_internal }}]
{% raw %}{% if npb_device == 'inline_device' %}
in_addr={{inline_device_settings.keepalive.ip}}
in_mask={{inline_device_settings.keepalive.mask}}
vlan-id-allow=4000,4001
{% endif %}
{% if npb_device == 'tera' %}
{% set mrzcpd_vlanid_allow_list = [] %}
{% for zone_group in tera_steering_group %}{{ mrzcpd_vlanid_allow_list.append(zone_group.internal.vlan_id) }}{{ mrzcpd_vlanid_allow_list.append(zone_group.external.vlan_id) }}{% endfor %}
vlan-id-allow={{ mrzcpd_vlanid_allow_list | join(",") }},4000,4001
{% endif %}
{% if npb_device == 'direct' %}
vlan-id-allow=1000,1001,2000,2001,4000,4001
{% endif %}
{% endraw %}
vlan-filter=1
vlan-pvid=0
vlan-pvid-mode=2
promisc=1
allmulticast=1
rssmode=0
{% for node_info in dp_steering_proxy.node_list %}
[device:{{ node_info.nic_name }}]
promisc=1
allmulticast=1
rssmode=0
{% endfor %}
[service]
# lcore id for i/o service, use comma to split
iocore={{ workload_zcpd.cpu_affinity }}
{% raw %}{% if session_distribution_policy.hash_key == 'outer-most-sip-dip' %}
distmode=0
{% endif %}
{% if session_distribution_policy.hash_key == 'outer-most-sip-dip-sport-dport' %}
distmode=1
{% endif %}
{% if session_distribution_policy.hash_key == 'inner-most-sip-dip' %}
distmode=2
{% endif %}
{% if session_distribution_policy.hash_key == 'inner-most-sip-dip-sport-dport' %}
distmode=3
{% endif %}
{% if session_distribution_policy.hash_key == 'hardware' %}
distmode=4
{% endif %}
{% endraw %}
hashmode=0
[eal]
virtaddr=0x7f40c4a00000
loglevel=7
[keepalive]
check_spinlock=1
[ctrlzone]
ctrlzone0=tunnat,64
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096

2
ansible/roles/mrzcpd/templates/mrzcpd.conf.j2
View File

@@ -1,2 +0,0 @@
# Marsio ZeroCopy Driver Library Path
/opt/tsg/mrzcpd/lib

3
ansible/roles/mrzcpd/templates/mrzcpd.j2
View File

@@ -1,3 +0,0 @@
MRZCPD_ROOT=/opt/tsg/mrzcpd
HUGEPAGE_NUM_1G={{ workload_zcpd.hugepage_num_1G }}
DEFAULT_UIO_MODULE="vfio_pci"

3
ansible/roles/mrzcpd/templates/service_add_dev_to_bridge.conf
View File

@@ -1,3 +0,0 @@
[Service]
ExecStartPost=/usr/sbin/ip link set dev virtio_dign_c master br_dign_c
ExecStartPost=/usr/sbin/ip link set dev virtio_dign_s master br_dign_s

3
ansible/roles/mrzcpd/templates/service_add_timeout_setting.conf
View File

@@ -1,3 +0,0 @@
[Service]
TimeoutStartSec=300
TimeoutStopSec=300

2
ansible/roles/mrzcpd/templates/service_override_slice.conf.j2
View File

@@ -1,2 +0,0 @@
[Service]
Slice=workload.slice

10
ansible/roles/nic-uio-binder/tasks/main.yml
View File

@@ -1,10 +0,0 @@
---
- name: "install nic-uio-binder"
yum:
name:
- "{{ nic_uio_binder_rpm_version.nic_uio_binder }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
- name: "Install lspci"
shell: yum install -y pciutils

23
ansible/roles/packet_adapter/files/helm/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
ansible/roles/packet_adapter/files/helm/Chart.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v2
name: inject-adapter
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

18
ansible/roles/packet_adapter/files/helm/conf/packet_adapter.conf
View File

@@ -1,18 +0,0 @@
[packet_io]
thread_num={{- include "traffic-engine.inject_adapter.workerthread" . }}
cpu_mask={{- include "traffic-engine.inject_adapter.cpu-affinity" . }}
rx_burst_max=128
bypass_traffic=0
app_symbol=PacketAdapter
app_device={{ .Values.inject_adapter_config.inject_adapter_nic }}
[stat]
output_file=log/packet_adapter.fs2
statsd_server=127.0.0.1
statsd_port=8100
# 1 : FS_OUTPUT_STATSD
# 2 : FS_OUTPUT_INFLUX_LINE
statsd_format=1
statsd_cycle=2
prometheus_listen_port=9009
prometheus_listen_url=/packet_adapter_prometheus

123
ansible/roles/packet_adapter/files/helm/templates/_config.tpl
View File

@@ -1,123 +0,0 @@
{{- define "traffic-engine.mount.mrzcpd" -}}
- name: opt-tsg-mrzcpd
mountPath: /opt/tsg/mrzcpd
readOnly: false
- name: var-run-mrzcpd
mountPath: /var/run/mrzcpd
readOnly: false
- name: var-run-dpdk
mountPath: /var/run/dpdk
readOnly: false
- name: root-sys
mountPath: /root/sys
readOnly: false
- name: profile-mrzcpd
mountPath: /etc/profile.d/mrzcpd.sh
readOnly: true
- name: ldconfig-mrzcpd
mountPath: /etc/ld.so.conf.d/mrzcpd.conf
readOnly: true
{{- end -}}
{{- define "traffic-engine.mount.localtime" -}}
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
{{- end -}}
{{- define "traffic-engine.volume.mrzcpd" -}}
- name: opt-tsg-mrzcpd
hostPath:
path: /opt/tsg/mrzcpd
- name: var-run-mrzcpd
hostPath:
path: /var/run/mrzcpd
- name: var-run-dpdk
hostPath:
path: /var/run/dpdk
- name: root-sys
hostPath:
path: /root/sys
- name: profile-mrzcpd
hostPath:
path: /etc/profile.d/mrzcpd.sh
type: File
- name: ldconfig-mrzcpd
hostPath:
path: /etc/ld.so.conf.d/mrzcpd.conf
type: File
{{- end -}}
{{- define "traffic-engine.volume.hostpath" -}}
- name: host-root
hostPath:
path: /
{{- end -}}
{{- define "traffic-engine.volume.localtime" -}}
- name: localtime-node
hostPath:
path: /etc/localtime
{{- end -}}
{{- define "traffic-engine.inject_adapter.workerthread" -}}
{{- len .Values.inject_adapter_affinity }}
{{- end -}}
{{- define "traffic-engine.inject_adapter.cpu-affinity" -}}
{{- join "," .Values.inject_adapter_affinity }}
{{- end -}}
{{- define "traffic-engine.inject_adapter.copy-config-to-dest" -}}
cp /opt/tsg/config/packet_adapter.conf /opt/tsg/packet_adapter/conf
{{- end -}}
{{- define "traffic-engine.inject_adapter.mount.hostpath" -}}
{{- if eq .Values.debug.inject_adapter.enable_mount_host_filesystem .Values.define_enable_val_yes }}
- name: host-root
mountPath: /host
{{- end }}
{{- end -}}
{{- define "traffic-engine.inject_adapter.start" -}}
{{- if eq .Values.debug.inject_adapter.enable_interactive_startup .Values.define_enable_val_yes -}}
while true; do sleep 10;done
{{- else -}}
exec /opt/tsg/packet_adapter/bin/packet_adapter
{{- end }}
{{- end -}}
{{- define "traffic-engine.inject_adapter.volume.prestart" -}}
{{- if eq .Values.debug.inject_adapter.enable_prestart_script .Values.define_enable_val_yes }}
- name: inject-adapter-prestart
hostPath:
{{- if .Values.debug.inject_adapter.prestart_script }}
path: {{ .Values.debug.inject_adapter.prestart_script }}
{{- else }}
path: /etc/tsg-os/{{ .Release.Name }}/inject_adapter_prestart_script.sh
{{- end }}
type: FileOrCreate
{{- end }}
{{- end -}}
{{- define "traffic-engine.inject_adapter.mount.prestart" -}}
{{- if eq .Values.debug.inject_adapter.enable_prestart_script .Values.define_enable_val_yes }}
- name: prestart-dir
mountPath: /tmp/prestart
- name: inject-adapter-prestart
mountPath: /opt/tsg/scripts/prestart.sh
{{- end }}
{{- end -}}
{{- define "traffic-engine.inject_adapter.prestart" -}}
{{- if eq .Values.debug.inject_adapter.enable_prestart_script .Values.define_enable_val_yes }}
echo WARNING: PRESTART.sh is enable, the commands in PRESTART.sh is:
cat /opt/tsg/scripts/prestart.sh
chmod 0755 /opt/tsg/scripts/prestart.sh
source /opt/tsg/scripts/prestart.sh
echo PRESTART.sh has been exec......
{{- end }}
{{- end -}}

112
ansible/roles/packet_adapter/files/helm/templates/deployment-packet_adapter.yaml
View File

@@ -1,112 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
labels:
app: {{ .Release.Name }}
component: inject-adapter
annotations:
reloader.stakater.com/auto: "true"
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Release.Name }}
strategy:
type: Recreate
template:
metadata:
labels:
app: {{ .Release.Name }}
serviceFunction: {{ .Release.Name }}
component: inject_adapter
annotations:
prometheus.io/port: "9009"
prometheus.io/scrape: "true"
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: inject-adapter
image: "registry.gdnt-cloud.website/tsg-inject:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/packet_adapter
command:
- "bash"
- "-ec"
- |
ldconfig
{{ template "traffic-engine.inject_adapter.copy-config-to-dest" . }}
{{ template "traffic-engine.inject_adapter.prestart" . }}
{{ template "traffic-engine.inject_adapter.start" . }}
ports:
- containerPort: 9009
env:
- name: DEPLOYMENT_NAME
value: inject-adapter
- name: SERVICENAME
value: {{ .Release.Name }}-announce-port
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- if eq .Values.debug.inject_adapter.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9009
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9009
failureThreshold: 30
periodSeconds: 10
{{- end }}
securityContext:
privileged: true
volumeMounts:
- name: journal-volume
mountPath: /run/systemd/journal
- name: inject-adapter
mountPath: "/opt/tsg/config"
- name: inject-log
mountPath: /opt/tsg/packet_adapter/log
{{ template "traffic-engine.mount.mrzcpd" . }}
{{ template "traffic-engine.mount.localtime" . }}
{{ template "traffic-engine.inject_adapter.mount.prestart" . }}
{{ template "traffic-engine.inject_adapter.mount.hostpath" . }}
hostNetwork: true
volumes:
- name: journal-volume
hostPath:
path: /run/systemd/journal
type: Directory
- name: inject-adapter
configMap:
name: inject-adapter
- name: prestart-dir
hostPath:
path: /etc/tsg-os/{{ .Release.Name }}/
type: DirectoryOrCreate
- name: inject-log
hostPath:
path: /var/log/{{ .Release.Name }}/inject/
{{ template "traffic-engine.volume.mrzcpd" . }}
{{ template "traffic-engine.volume.localtime" . }}
{{ template "traffic-engine.inject_adapter.volume.prestart" . }}
{{ template "traffic-engine.volume.hostpath" . }}

8
ansible/roles/packet_adapter/files/helm/templates/packet_adapter.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: inject-adapter
namespace: tsg-os-system
data:
packet_adapter.conf: {{ tpl (.Files.Get "conf/packet_adapter.conf") . | quote }}
tsg_device_tag.json: {{ tpl (.Files.Get "conf/tsg_device_tag.json") . | quote }}

100
ansible/roles/packet_adapter/files/helm/values.yaml
View File

@@ -1,100 +0,0 @@
# Default values for helm.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
inject_adapter_affinity: [95]
define_enable_val_yes: yes
inject_adapter:
enable: yes
inject_adapter_config:
inject_adapter_nic: nf_1_shaping_engine
debug:
inject_adapter:
enable_liveness_probe: yes
enable_interactive_startup: no
enable_prestart_script: no
enable_mount_host_filesystem: no
#default: /etc/tsg-os/${service_function_name}/shaping_prestart_script.sh
prestart_script: ""
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}

25
ansible/roles/packet_adapter/files/inject-adapter-crd.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: inject-adapter
namespace: kube-system
spec:
chart: https://%{KUBERNETES_API}%/static/charts/inject-adapter-1.0.1.tgz
targetNamespace: tsg-os-system
valuesContent: |-
inject_adapter_affinity: [95]
inject_adapter:
enable: yes
inject_adapter_config:
inject_adapter_nic: nf_1_shaping_engine
debug:
inject_adapter:
enable_liveness_probe: yes
enable_interactive_startup: no
enable_prestart_script: no
enable_mount_host_filesystem: no
#default: /etc/tsg-os/${service_function_name}/shaping_prestart_script.sh
prestart_script: ""

21
ansible/roles/packet_adapter/tasks/main.yml
View File

@@ -1,21 +0,0 @@
---
- name: "download rpm packages: packet_adapter"
yum:
name:
- "{{ packet_adapter_rpm_version.packet_adapter }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: "{{ path_download }}"
- name: "Get packet_adapter rpm path"
find:
path: /tmp/rpm_download/
pattern: "{{ packet_adapter_rpm_version.packet_adapter }}*"
register: packet_adapter_rpm_fullname
- name: "Install packet_adapter from local path"
yum:
name: "{{ packet_adapter_rpm_fullname.files[0].path }}"
state: present
disable_gpg_check: yes

58
ansible/roles/trex/files/generate-trex-conf.sh
View File

@@ -1,58 +0,0 @@
#!/bin/bash
CPU_AFFINITY=(${CPU_AFFINITY//,/ })
NIC_PCI=$(env | grep '_NIC_PCI' | cut -d'=' -f2 | sed 's/0000://')
arr=($NIC_PCI)
NIC_PCI=""
for interface in "${arr[@]}"; do
if [ ! -z "$NIC_PCI" ]; then
NIC_PCI+=","
fi
NIC_PCI+="\"$interface\""
done
port_limit=${#arr[@]}
declare -A NUMA
for cpu in ${CPU_AFFINITY[@]}; do
numa_node=$(lscpu -p=CPU,NODE | grep "^$cpu," | cut -d',' -f2)
NUMA[$numa_node]+="$cpu,"
done
cat << EOF > /etc/trex_cfg.yaml
- port_limit: $port_limit
version: 2
stack: legacy
interfaces: [${NIC_PCI}]
port_mtu: 2000
rx_desc: 4096
tx_desc: 4096
new_memory : true
port_info :
- ip : 17.17.0.1
default_gw : 17.18.0.1
dest_mac : "00:11:22:33:44:55"
src_mac : "aa:bb:cc:dd:ee:ff"
- ip : 17.18.0.1
default_gw : 17.17.0.1
dest_mac : "aa:bb:cc:dd:ee:ff"
src_mac : "00:11:22:33:44:55"
- ip : 17.19.0.1
default_gw : 17.20.0.1
dest_mac : "00:11:22:33:44:54"
src_mac : "aa:bb:cc:dd:ee:fe"
- ip : 17.20.0.1
default_gw : 17.19.0.1
dest_mac : "aa:bb:cc:dd:ee:fe"
src_mac : "00:11:22:33:44:54"
platform:
master_thread_id: ${MASTER_IOCORE}
latency_thread_id: ${LATENCY_IOCORE}
dual_if:
EOF
for numa_node in "${!NUMA[@]}"; do
threads=${NUMA[$numa_node]%,}
echo " - socket: $numa_node" >> /etc/trex_cfg.yaml
echo " threads: [${threads// /,}]" >> /etc/trex_cfg.yaml
done

6
ansible/roles/trex/files/helm/Chart.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v2
appVersion: 1.16.0
description: A Helm chart for Kubernetes
name: trex
type: application
version: 0.1.0

80
ansible/roles/trex/files/helm/templates/deployment.yaml
View File

@@ -1,80 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: trex
spec:
replicas: 1
selector:
matchLabels:
app: trex
strategy:
type: Recreate
template:
metadata:
labels:
app: trex
spec:
hostNetwork: true
containers:
- name: trex
image: registry.gdnt-cloud.website/trex:{{ .Chart.AppVersion }}
command:
- "bash"
- "-ec"
- |
chmod +x /opt/tsg/trex/generate-trex-conf.sh
echo 'export PATH=$PATH:/opt/tsg/trex-helper' >> ~/.bashrc
echo 'eval "$(register-python-argcomplete trex-helper)"' >> ~/.bashrc
source ~/.bashrc
/opt/tsg/trex/generate-trex-conf.sh
while true; do sleep 1024;done
securityContext:
privileged: true
resources:
limits:
hugepages-1Gi: {{.Values.trex.hugepages }}Gi
nic-uio/trex: 1
{{- if .Values.trex.interfaces }}
{{- range $interface := .Values.trex.interfaces }}
nic-uio/{{ $interface }}: 1
{{- end }}
{{- end }}
requests:
hugepages-1Gi: {{.Values.trex.hugepages }}Gi
memory: 100Mi
env:
- name: MASTER_IOCORE
value: {{.Values.trex.master |quote}}
- name: LATENCY_IOCORE
value: {{.Values.trex.latency |quote}}
- name: CPU_AFFINITY
value: {{ range $index, $cpu :=.Values.trex.cpu_affinity -}}{{- if eq $index 0 -}}{{$cpu}}{{- else -}},{{$cpu}}{{- end -}}{{- end }}
- name: TREX_PATH
value: /opt/tsg/trex/v3.02
- name: TREX_HELPER_PATH
value: /opt/tsg/trex-helper
- name: PYTHONPATH
value: /opt/tsg/trex/v3.02/automation/trex_control_plane/interactive/
volumeMounts:
- name: dev-vfio
mountPath: /dev/vfio
- name: modules
mountPath: /lib/modules
- name: mem
mountPath: /dev/mem
- name: hugepage-1gi
mountPath: /var/run/trex/hugepages
volumes:
- name: mem
hostPath:
path: /dev/mem
- name: modules
hostPath:
path: /lib/modules
- name: dev-vfio
hostPath:
path: /dev/vfio
- name: hugepage-1gi
emptyDir:
medium: HugePages-1Gi

103
ansible/roles/trex/files/helm/values.yaml
View File

@@ -1,103 +0,0 @@
# Default values for trex.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
nodeSelector: {}
tolerations: []
affinity: {}
trex:
hugepages: 32Gi
cpu_affinity: []
interfaces: []

BIN
ansible/roles/trex/files/trex-helper.tar.gz
View File

Binary file not shown.

BIN
ansible/roles/trex/files/v3.02.tar.gz
View File

Binary file not shown.

56
ansible/roles/trex/tasks/main.yml
View File

@@ -1,56 +0,0 @@
- name: "Install python3 module and dependent package"
shell: yum install -y lshw python3 which pciutils iproute vim kmod libnl3-devel perl-generators iptables-devel numactl-libs
when: runtime_env == 'TSG-X-P0906'
- name: "Install pyyaml module"
shell: pip3 install pyyaml
when: runtime_env == 'TSG-X-P0906'
- name: "Install argcomplete module"
shell: pip3 install argcomplete
when: runtime_env == 'TSG-X-P0906'
- name: "Install mlnx-ofed-user-space rpm package"
yum:
name: "{{ item.value }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
with_dict: "{{ mlnx_ofed_user_space_only_rpm_version }}"
when: runtime_env == 'TSG-X-P0906'
- name: "Create /opt/tsg/trex directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /opt/tsg/trex
- name: "copy trex v3.02 to dest"
copy:
src: "{{ role_path }}/files/v3.02.tar.gz"
dest: /opt/tsg/trex/v3.02.tar.gz
when: runtime_env == 'TSG-X-P0906'
- name: "copy generate-trex-conf.sh to dest"
copy:
src: "{{ role_path }}/files/generate-trex-conf.sh"
dest: /opt/tsg/trex/generate-trex-conf.sh
when: runtime_env == 'TSG-X-P0906'
- name: "unzip trex.tar"
shell: tar -xzvf /opt/tsg/trex/v3.02.tar.gz -C /opt/tsg/trex && rm -f /opt/tsg/trex/v3.02.tar.gz
- name: "copy performance benchmark tool to dest"
copy:
src: "{{ role_path }}/files/trex-helper.tar.gz"
dest: /opt/tsg/trex-helper.tar.gz
when: runtime_env == 'TSG-X-P0906'
- name: "unzip trex-helper.tar.gz"
shell: tar -xzvf /opt/tsg/trex-helper.tar.gz -C /opt/tsg/ && rm -f /opt/tsg/trex-helper.tar.gz
- name: "change opt/tsg/trex-helper/trex-helper permission to 755"
file:
path: /opt/tsg/trex-helper/trex-helper
mode: '0755'

7
make/Makefile.x86_64_COTS
View File

@@ -14,10 +14,6 @@ APP_BUNDLE_BIN := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-APP-BUNDLE.b
TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID)
TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer
NIC_UIO_BINDER_FILE_PATH := /ansible/roles/k3s-install/files/nic-uio-binder.yaml
NIC_UIO_BINDER_IMAGE_TAR := ${OS_RELEASE_VER}
LOG_COLLECTOR_FILE_PATH := /ansible/roles/k3s-install/files/log-collector.yaml
LOG_COLLECTOR_IMAGE_TAR := ${OS_RELEASE_VER}
TARGET_SYSROOT_DIR := $(TARGET_BUILD_DIR)/sysroot
.PHONY: all builddir installer sysroot-base sysroot-cleanup sysroot-archive sysroot-binary add-images-into-installer-dir add-patch-into-installer-dir clean
@@ -44,10 +40,7 @@ installer: builddir
sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%APP_BUNDLE_BIN%%/$(APP_BUNDLE_BIN)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%NIC_UIO_BINDER_IMAGE_TAR%%/$(NIC_UIO_BINDER_IMAGE_TAR)/" $(PROJECTDIR)/$(NIC_UIO_BINDER_FILE_PATH)
sed -i -e "s/%%LOG_COLLECTOR_IMAGE_TAR%%/$(LOG_COLLECTOR_IMAGE_TAR)/" $(PROJECTDIR)/$(LOG_COLLECTOR_FILE_PATH)
sed -i '/sapp-pr:/d;/mrzcpd:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
ifeq ($(ENABLE_ALIYUN_INTERNAL_DOMAIN),1)
sed -i -e "s/mirrors.aliyun.com/mirrors.cloud.aliyuncs.com/" $(CONFDIR)/yum-RockyLinux-8.conf
endif