From 7b7412e6ebcbf2fb599be8500690b01c53b8791e Mon Sep 17 00:00:00 2001
From: fumingwei <fumingwei@geedgenetworks.com>
Date: Fri, 23 Sep 2022 18:04:12 +0800
Subject: [PATCH] =?UTF-8?q?feature:TSG-11949:=E6=96=B0=E5=A2=9Evsys=5Fid?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../certstore/templates/cert_store.ini.j2.j2  |  2 +-
 .../roles/firewall/templates/maat.conf.j2.j2  | 25 +++----------------
 .../roles/firewall/templates/main.conf.j2.j2  |  3 ++-
 .../roles/tfe/templates/pangu_pxy.conf.j2.j2  |  9 -------
 ansible/roles/tfe/templates/tfe.conf.j2.j2    |  6 ++++-
 .../files/helm/conf/cert_store.ini            |  2 +-
 .../traffic-engine/files/helm/conf/maat.conf  | 22 +++-------------
 .../traffic-engine/files/helm/conf/main.conf  |  2 +-
 .../files/helm/conf/pangu_pxy.conf            |  7 ------
 .../traffic-engine/files/helm/conf/tfe.conf   |  4 ++-
 .../traffic-engine/files/helm/conf/wangw.conf |  2 +-
 .../traffic-engine/files/helm/values.yaml     |  4 +--
 .../wannat_wangw/templates/wangw.conf.j2.j2   |  2 +-
 13 files changed, 22 insertions(+), 68 deletions(-)

diff --git a/ansible/roles/certstore/templates/cert_store.ini.j2.j2 b/ansible/roles/certstore/templates/cert_store.ini.j2.j2
index 8971c07e..34a5dc33 100644
--- a/ansible/roles/certstore/templates/cert_store.ini.j2.j2
+++ b/ansible/roles/certstore/templates/cert_store.ini.j2.j2
@@ -73,7 +73,7 @@ ip = {% raw %}{{ cm_policy_server_ip }}
 {% endraw %}
 port = {% raw %}{{ cm_policy_server_port }}
 {% endraw %}
-{% raw %}dbindex =  {{ cm.policy_server.db_static }}
+{% raw %}dbindex =  {{ vsys_id }}
 {% endraw %}
 [stat]
 statsd_server=127.0.0.1
diff --git a/ansible/roles/firewall/templates/maat.conf.j2.j2 b/ansible/roles/firewall/templates/maat.conf.j2.j2
index 715c2c76..0f21bdc5 100644
--- a/ansible/roles/firewall/templates/maat.conf.j2.j2
+++ b/ansible/roles/firewall/templates/maat.conf.j2.j2
@@ -10,26 +10,7 @@ REDIS_IP={% raw %}{{ cm_policy_server_ip }}
 {% endraw %}
 REDIS_PORT={% raw %}{{ cm_policy_server_port }}
 {% endraw %}
-{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
-{% endraw %}
-JSON_CFG_FILE=tsgconf/tsg_maat.json
-INC_CFG_DIR=tsgrule/inc/index/
-FULL_CFG_DIR=tsgrule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
-[DYNAMIC]
-###0:location 1:json 2:redis
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
-STAT_FILE=tsg_dynamic_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={% raw %}{{ cm_policy_server_ip }}
-{% endraw %}
-REDIS_PORT={% raw %}{{ cm_policy_server_port }}
-{% endraw %}
-{% raw %}REDIS_INDEX={{ cm.policy_server.db_dynamic }}
+{% raw %}REDIS_INDEX={{ vsys_id }}
 {% endraw %}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
@@ -47,7 +28,7 @@ REDIS_IP={% raw %}{{ cm_policy_server_ip }}
 {% endraw %}
 REDIS_PORT={% raw %}{{ cm_policy_server_port }}
 {% endraw %}
-{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
+{% raw %}REDIS_INDEX={{ cm.policy_server. }}
 {% endraw %}
 JSON_CFG_FILE=tsgconf/app_sketch_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
@@ -65,7 +46,7 @@ REDIS_IP={% raw %}{{ cm_policy_server_ip }}
 {% endraw %}
 REDIS_PORT={% raw %}{{ cm_policy_server_port }}
 {% endraw %}
-{% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
+{% raw %}REDIS_INDEX={{ vsys_id }}
 {% endraw %}
 JSON_CFG_FILE=tsgconf/capture_packet_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2
index 1af241e3..0f49a626 100644
--- a/ansible/roles/firewall/templates/main.conf.j2.j2
+++ b/ansible/roles/firewall/templates/main.conf.j2.j2
@@ -40,7 +40,8 @@ LOCATION_TABLE_TYPE=19
 
 [TSG_LOG]
 MODE=1
-VSYSTEM_ID=1
+VSYSTEM_ID={% raw %}{{ vsys_id }}
+{% endraw %}
 NAMESPACE_ID=1
 NIC_NAME="{{ control_and_policy.nic_name }}"
 MAX_SERVICE=1
diff --git a/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 b/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2
index 90f5cdb8..206a5ca3 100644
--- a/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2
+++ b/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2
@@ -47,15 +47,6 @@ log_fsstat_trig=1
 log_fsstat_dst_ip=10.4.20.202
 log_fsstat_dst_port=8125
 
-[ratelimit]
-#hijack flow control
-enable=0
-token_name=ratelimit
-redis_server={% raw %}{{ cm_policy_server_ip }}
-{% endraw %}
-redis_port={% raw %}{{ cm_policy_server_port }}
-{% endraw %}
-redis_db_index=6
 
 [tango_cache]
 enable_cache=0
diff --git a/ansible/roles/tfe/templates/tfe.conf.j2.j2 b/ansible/roles/tfe/templates/tfe.conf.j2.j2
index 1b270514..1cc72fe6 100644
--- a/ansible/roles/tfe/templates/tfe.conf.j2.j2
+++ b/ansible/roles/tfe/templates/tfe.conf.j2.j2
@@ -122,6 +122,8 @@ key_log_file=log/sslkeylog.log
 
 # mid cert cache
 mc_cache_enable=1
+mc_vsystem_id={% raw %}{{ vsys_id }}
+{% endraw %}
 mc_cache_eth={{ control_and_policy.nic_name }}
 {% raw %}mc_cache_broker_list={{ olap.kafka_broker.address_list | join(",") }}
 {% endraw %}
@@ -212,6 +214,8 @@ kafka_topic=PROXY-EVENT
 sasl_username=admin
 sasl_passwd=galaxy2019
 device_id_filepath=/opt/tsg/etc/tsg_sn.json
+vsystem_id={% raw %}{{ vsys_id }}
+{% endraw %}
 
 [maat]
 # 0:json 1:redis 2:iris
@@ -232,7 +236,7 @@ maat_redis_server={% raw %}{{ cm_policy_server_ip }}
 {% endraw %}
 maat_redis_port_range={% raw %}{{ cm_policy_server_port }}
 {% endraw %}
-{% raw %}maat_redis_db_index={{ cm.policy_server.db_static }}
+{% raw %}maat_redis_db_index={{ vsys_id }}
 {% endraw %}
 
 # iris mode conf iterm
diff --git a/ansible/roles/traffic-engine/files/helm/conf/cert_store.ini b/ansible/roles/traffic-engine/files/helm/conf/cert_store.ini
index ff83adf7..8d4e1af5 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/cert_store.ini
+++ b/ansible/roles/traffic-engine/files/helm/conf/cert_store.ini
@@ -50,7 +50,7 @@ port = 6379
 
 ip = {{ .Values.external_resources.cm.address }}
 port = {{ .Values.external_resources.cm.port }}
-dbindex =  {{ .Values.external_resources.cm.db_static }}
+dbindex =  {{ .Values.vsys_id }}
 [stat]
 statsd_server=127.0.0.1
 statsd_port=8100
diff --git a/ansible/roles/traffic-engine/files/helm/conf/maat.conf b/ansible/roles/traffic-engine/files/helm/conf/maat.conf
index 1ae43278..61c02c07 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/maat.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/maat.conf
@@ -8,23 +8,7 @@ STAT_FILE=tsg_static_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ .Values.external_resources.cm.address }}
 REDIS_PORT={{ .Values.external_resources.cm.port }}
-REDIS_INDEX={{ .Values.external_resources.cm.db_static }}
-JSON_CFG_FILE=tsgconf/tsg_maat.json
-INC_CFG_DIR=tsgrule/inc/index/
-FULL_CFG_DIR=tsgrule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
-[DYNAMIC]
-###0:location 1:json 2:redis
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
-STAT_FILE=tsg_dynamic_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ .Values.external_resources.cm.address }}
-REDIS_PORT={{ .Values.external_resources.cm.port }}
-REDIS_INDEX={{ .Values.external_resources.cm.db_dynamic }}
+REDIS_INDEX={{ .Values. }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
@@ -39,7 +23,7 @@ STAT_FILE=app_sketch_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ .Values.external_resources.cm.address }}
 REDIS_PORT={{ .Values.external_resources.cm.port }}
-REDIS_INDEX={{ .Values.external_resources.cm.db_static }}
+REDIS_INDEX={{ .Values.vsys_id }}
 JSON_CFG_FILE=tsgconf/app_sketch_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
@@ -54,7 +38,7 @@ STAT_FILE=capture_packet.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ .Values.external_resources.cm.address }}
 REDIS_PORT={{ .Values.external_resources.cm.port }}
-REDIS_INDEX={{ .Values.external_resources.cm.db_static }}
+REDIS_INDEX={{ .Values.vsys_id }}
 JSON_CFG_FILE=tsgconf/capture_packet_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
diff --git a/ansible/roles/traffic-engine/files/helm/conf/main.conf b/ansible/roles/traffic-engine/files/helm/conf/main.conf
index 3663b595..a230ae52 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/main.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf
@@ -40,7 +40,7 @@ LOCATION_TABLE_TYPE=19
 
 [TSG_LOG]
 MODE=1
-VSYSTEM_ID=1
+VSYSTEM_ID={{ .Values.vsys_id }}
 NAMESPACE_ID=1
 MAX_SERVICE=1
 LOG_LEVEL=30
diff --git a/ansible/roles/traffic-engine/files/helm/conf/pangu_pxy.conf b/ansible/roles/traffic-engine/files/helm/conf/pangu_pxy.conf
index ba93b95a..b9c9d5ec 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/pangu_pxy.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/pangu_pxy.conf
@@ -44,13 +44,6 @@ log_fsstat_trig=1
 log_fsstat_dst_ip=10.4.20.202
 log_fsstat_dst_port=8125
 
-[ratelimit]
-#hijack flow control
-enable=0
-token_name=ratelimit
-redis_server={{ .Values.external_resources.cm.address }}
-redis_port={{ .Values.external_resources.cm.port }}
-redis_db_index=6
 
 [tango_cache]
 enable_cache=0
diff --git a/ansible/roles/traffic-engine/files/helm/conf/tfe.conf b/ansible/roles/traffic-engine/files/helm/conf/tfe.conf
index 677b5f28..2f634a10 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/tfe.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/tfe.conf
@@ -96,6 +96,7 @@ key_log_file=log/sslkeylog.log
 
 # mid cert cache
 mc_cache_enable=1
+mc_vsystem_id={{ .Values.vsys_id }}
 mc_cache_broker_list={{- include "traffic-engine.config.olap-address" (list .  ",") }}
 mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
 sasl_username={{ .Values.external_resources.olap.kafka_brokers.sasl_username }}
@@ -176,6 +177,7 @@ kafka_topic=PROXY-EVENT
 sasl_username={{ .Values.external_resources.olap.kafka_brokers.sasl_username }}
 sasl_passwd={{ .Values.external_resources.olap.kafka_brokers.sasl_password }}
 device_id_filepath=/opt/tsg/etc/tsg_sn.json
+vsystem_id={{ .Values.vsys_id }}
 
 [maat]
 # 0:json 1:redis 2:iris
@@ -194,7 +196,7 @@ json_cfg_file=resource/pangu/pangu_http.json
 # redis mode conf iterm
 maat_redis_server={{ .Values.external_resources.cm.address }}
 maat_redis_port_range={{ .Values.external_resources.cm.port }}
-maat_redis_db_index={{ .Values.external_resources.cm.db_static }}
+maat_redis_db_index={{ .Values.vsys_id }}
 
 # iris mode conf iterm
 full_cfg_dir=pangu_policy/full/index/
diff --git a/ansible/roles/traffic-engine/files/helm/conf/wangw.conf b/ansible/roles/traffic-engine/files/helm/conf/wangw.conf
index 9a9cdb67..3dd9160c 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/wangw.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/wangw.conf
@@ -59,7 +59,7 @@ full_dir=./redis_dump/
 redis_server_ip={{ .Values.external_resources.cm.address }}
 redis_server_port={{ .Values.external_resources.cm.port }}
 REDIS_PORT_NUM={{ .Values.external_resources.cm.port_num }}
-redis_index={{ .Values.external_resources.cm.db_static }}
+redis_index={{ .Values.vsys_id }}
 
 
 [polling_sleep]
diff --git a/ansible/roles/traffic-engine/files/helm/values.yaml b/ansible/roles/traffic-engine/files/helm/values.yaml
index fdccc33f..c3d4e756 100644
--- a/ansible/roles/traffic-engine/files/helm/values.yaml
+++ b/ansible/roles/traffic-engine/files/helm/values.yaml
@@ -2,8 +2,6 @@ external_resources:
   cm:
     address: 10.X.X.X
     port: 7002
-    db_static: 0
-    db_dynamic: 1
     port_num: 1
 
   olap:
@@ -112,7 +110,7 @@ wannat:
   link_table_report_interval: 30
   wan_gateway_listen_port_range_left_edge: 3545
 
-vsys_id: "xxxxxxxxx"
+vsys_id: 1
 
 etherfabric_settings:
   keepalive:
diff --git a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
index ef6d5074..2b737373 100644
--- a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
+++ b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
@@ -74,7 +74,7 @@ redis_server_ip={% raw %}{{ cm_policy_server_ip }}
 redis_server_port={% raw %}{{ cm_policy_server_port }}
 {% endraw %}
 {% raw %}REDIS_PORT_NUM={{ cm.policy_server.port_num }}
-redis_index={{ cm.policy_server.db_static }}
+redis_index={{ vsys_id }}
 {% endraw %}