gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature:TSG-10211:TSG-X-P0804增加自检功能和代理功能

Browse Source
This commit is contained in:
fumingwei
2022-04-13 14:11:11 +08:00
parent 3f6c7f8b40
commit 8a4c32ab0c
17 changed files with 695 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/HAL_deploy.yml
View File

@@ -123,12 +123,22 @@
- {role: mrzcpd, tags: mrzcpd}
- {role: sapp, tags: sapp}
- {role: tsg_master, tags: tsg_master}
- {role: kni, tags: kni}
- {role: firewall, tags: firewall}
- {role: tsg_app, tags: tsg_app}
- {role: redis, tags: redis}
- {role: certstore, tags: certstore}
- {role: tfe, tags: tfe}
- {role: telegraf_statistic, tags: telegraf_statistic}
- {role: exporter, tags: exporter}
- {role: docker, tags: docker}
- {role: tsg-diagnose, tags: tsg-diagnose}
- {role: tsg-exporter-proxy-TSGXP0804, tags: tsg-exporter-proxy-TSGXP0804}
- {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403}
- {role: system-init, tags: system-init}
- {role: wannat_wangw, tags: wannat_wangw}
- {role: wannat_common, tags: wannat_common}
- {role: wire_graft, tags: wire_graft}
- {role: tsg-os-provision-condition, tags: tsg-os-provision-condition}
- {role: hasp, tags: hasp}
- {role: OFED, tags: OFED}

29
ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml
View File

@@ -10,6 +10,11 @@ workload_firewall:
worker_threads: "{% raw %}{{ workload_firewall_worker_threads }}{% endraw %}"
send_only_threads_max: 0
workload_proxy:
enable_cpu_affinity: 1
cpu_affinity: "{% raw %}{{ workload_proxy_cpu_affinity }}{% endraw %}"
worker_thread: "{% raw %}{{ workload_proxy_worker_thread }}{% endraw %}"
dp_traffic_mirror:
nic_name: eth_mirr_d
traffic_mirror_vlan_id: 0
@@ -24,13 +29,33 @@ dp_steering_firewall:
nic_internal: "{% raw %}{{ network_setting.nic_raw.name }}{% endraw %}"
enable_mirror: 0
dp_steering_proxy:
###### location: value {local, foreign}
location: local
node_list:
- nic_name: virtio_kni
dp_certstore:
location: local
dp_proxy:
nic_name_data_incoming: virtio_kni
mac_addr_data_incoming: 00:0e:c6:d6:72:c1
enable_traffic_mirror: 1
traffic_mirror_type: 1
prefix_path:
mrzcpd: /opt/tsg/mrzcpd
framework: /opt/tsg/framework
sapp: /opt/tsg/sapp
monitor:
enable_redis_exporter: 1
enable_ipmi_exporter: 1
enable_redis_exporter: 0
enable_ipmi_exporter: 0
diagnose:
virtual_server_nic: virtio_dign_s
virtual_client_nic: virtio_dign_c
### TSG-server, TSG-7400-mcn0 TSG-7400-mcn123 TSG-9140
runtime_env: TSG-X-P0804

2
ansible/install_config/group_vars/rpm_version.yml
View File

@@ -55,7 +55,7 @@ kni_rpm_version:
kni: kni-4.0.1.6d75cbe
mrzcpd_rpm_version:
mrzcpd: mrzcpd-4.5.0.42186ea
mrzcpd: mrzcpd-4.5.1.0fe6ba8
sapp_rpm_version:
sapp: sapp-4.2.84.11fa03b

1
ansible/roles/certstore/tasks/main.yml
View File

@@ -15,6 +15,7 @@
yum:
name: "{{ certstore_rpm_fullname.files[0].path }}"
state: present
disable_gpg_check: yes
- name: template certstore configure file
template:

9
ansible/roles/mrzcpd/tasks/main.yml
View File

@@ -82,7 +82,14 @@
src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P1403"
dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
when:
- runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804'
- runtime_env == 'TSG-X-P1403'
- name: "update mrglobal.conf - TSG-X-P0804"
template:
src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804"
dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
when:
- runtime_env == 'TSG-X-P0804'
- name: "replace action: replace service WantedBy from multi-user.target to workload.target"
replace:

69
ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 Normal file
View File

@@ -0,0 +1,69 @@
[device]
device={{ dp_steering_firewall.nic_internal }}
virtio_user={{ diagnose.virtual_client_nic }},{{ diagnose.virtual_server_nic }},{{ dp_steering_proxy.node_list[0].nic_name }}
sz_tunnel=8192
sz_buffer=0
[vlan_base_fwd]
device={{ dp_steering_firewall.nic_internal }},{{ diagnose.virtual_client_nic }},{{ diagnose.virtual_server_nic }}
[vlan_base_fwd:{{ dp_steering_firewall.nic_internal }}]
vdev_vlan=0,4000,4001
phydev_vlan=0
[vlan_base_fwd:{{ diagnose.virtual_client_nic }}]
phydev_vlan=4000
[vlan_base_fwd:{{ diagnose.virtual_server_nic }}]
phydev_vlan=4001
[device:{{ dp_steering_firewall.nic_internal }}]
{% raw %}in_addr={{etherfabric_settings.keepalive.ip}}
in_mask={{etherfabric_settings.keepalive.mask}}
{% endraw %}
vlan-filter=1
vlan-pvid=0
vlan-pvid-mode=2
promisc=1
allmulticast=1
rssmode=3
mtu=2048
[service]
# lcore id for i/o service, use comma to split
iocore={{ workload_zcpd.cpu_affinity }}
{% raw %}{% if session_distribution_policy.hash_key == 'outer-most-sip-dip' %}
distmode=0
{% endif %}
{% if session_distribution_policy.hash_key == 'outer-most-sip-dip-sport-dport' %}
distmode=1
{% endif %}
{% if session_distribution_policy.hash_key == 'inner-most-sip-dip' %}
distmode=2
{% endif %}
{% if session_distribution_policy.hash_key == 'inner-most-sip-dip-sport-dport' %}
distmode=3
{% endif %}
{% if session_distribution_policy.hash_key == 'hardware' %}
distmode=4
{% endif %}
{% endraw %}
hashmode=0
[eal]
virtaddr=0x7f40c4a00000
loglevel=7
[keepalive]
check_spinlock=1
[ctrlzone]
ctrlzone0=tunnat,64
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096

1
ansible/roles/redis/tasks/main.yml
View File

@@ -8,6 +8,7 @@
name:
- "/tmp/ansible_deploy/redis-6.2.5-1.el7.remi.x86_64.rpm"
state: present
disable_gpg_check: yes
- name: "Create /usr/lib/systemd/system/redis.service.d directory if it does not exist"
file:

BIN
ansible/roles/tsg-exporter-proxy-TSGXP0804/files/exporter-proxy.tar.gz Normal file
View File

Binary file not shown.

49
ansible/roles/tsg-exporter-proxy-TSGXP0804/tasks/main.yml Normal file
View File

@@ -0,0 +1,49 @@
---
- name: "mkdir /opt/tsg/exporter"
file:
path: /opt/tsg/exporter
state: directory
- name: "unarchive exporter-proxy(NGINX)"
unarchive:
src: "{{role_path}}/files/exporter-proxy.tar.gz"
dest: /opt/tsg/exporter
- name: "templates exporter-proxy.service"
template:
src: "{{role_path}}/templates/exporter-proxy.service.j2"
dest: /usr/lib/systemd/system/exporter-proxy.service
tags: template
- name: "template nginx.conf"
template:
src: "{{role_path}}/templates/nginx.conf.j2"
dest: /opt/tsg/exporter/exporter-proxy/conf/nginx.conf
tags: template
- name: "Create /usr/lib/systemd/system/exporter-proxy.service.d/ directory if it does not exist"
file:
path: "{{ item }}"
state: directory
mode: '0755'
with_items:
- /usr/lib/systemd/system/exporter-proxy.service.d
- name: "copy slice file to exporter-proxy.service.d"
copy:
src: "{{ role_path }}/templates/service_override_slice.conf.j2"
dest: /usr/lib/systemd/system/exporter-proxy.service.d/service_override_slice.conf
mode: 0644
- name: "replace action: replace service WantedBy from multi-user.target to workload.target"
replace:
path: "{{ item }}"
regexp: 'WantedBy=multi-user.target'
replace: 'WantedBy=workload.target'
with_items:
- /usr/lib/systemd/system/exporter-proxy.service
- name: 'exporter-proxy service start'
systemd:
name: exporter-proxy
enabled: yes

12
ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/exporter-proxy.service.j2 Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=TSG-9140 Exporter Proxy (NGINX) for NEZHA
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=simple
ExecStart=/opt/tsg/exporter/exporter-proxy/sbin/nginx -p /opt/tsg/exporter/exporter-proxy
ExecReload=/opt/tsg/exporter/exporter-proxy/sbin/nginx -p /opt/tsg/exporter/exporter-proxy -s reload
ExecStop=/opt/tsg/exporter/exporter-proxy/sbin/nginx -p /opt/tsg/exporter/exporter-proxy -s stop
[Install]
WantedBy=multi-user.target

64
ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/nginx.conf.j2 Normal file
View File

@@ -0,0 +1,64 @@
user nobody;
worker_processes 1;
daemon off;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
server {
listen 9000;
server_name localhost;
location /metrics/blade/node_exporter {
proxy_pass http://127.0.0.1:9100/metrics;
}
location /metrics/blade/systemd_exporter {
proxy_pass http://127.0.0.1:9558/metrics;
}
location /metrics/blade/certstore {
proxy_pass http://127.0.0.1:9002/metrics;
}
location /metrics/blade/tfe {
proxy_pass http://127.0.0.1:9001/metrics;
}
location /metrics/blade/sapp {
proxy_pass http://127.0.0.1:9273/metrics;
}
location /metrics/blade/mrapm_device {
proxy_pass http://127.0.0.1:8901/metrics;
}
location /metrics/blade/mrapm_stream {
proxy_pass http://127.0.0.1:8902/metrics;
}
}
}

2
ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/service_override_slice.conf.j2 Normal file
View File

@@ -0,0 +1,2 @@
[Service]
Slice=workload.slice

84
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 Normal file
View File

@@ -0,0 +1,84 @@
feature:
enable_policy_local_cache: 1
enable_stream_bypass_under_ddos: 0
firewall:
enable: 1
enable_hos: 1
proxy:
enable: 1
enable_hos: 1
sessionrecord:
enable: 1
enable_dns_record: 1
enable_rtp_record: 1
capturepacket:
enable: 1
radius:
enable: 1
app_behavior:
enable: 0
gtp:
enable_gtp_c_record: 1
wannat:
enable: 0
nat_gateway_address: "127.0.0.1"
reachability_test_server_address: "127.0.0.1"
reachability_test_server_port: 8888
feedback_linkinfo_interval: 30
nat_gateway_broadcast_session_port: 5671
reachability_test_server_broadcast_session_port: 5672
reachability_test_server_tunnel_port: 3542
wan_gateway_listen_port_range_left_edge: 3545
nat_gateway_listen_port: 3544
enable_link_info_recording: 1
ddossketch:
enable: 1
tcp_flood_report_thresh: 0.0008
udp_flood_report_thresh: 0.0008
icmp_flood_report_thresh: 0.0008
dns_flood_report_thresh: 0.0008
app:
identify_by:
user_defined_signature: 1
builtin_app_engine: 1
coredump:
format: none
collect: local
sentry_url: http://127.0.0.1:9000/api/2/minidump/
advanced_settings:
stream_tcp_max: 50000
stream_tcp_timeout: 30
stream_udp_max: 50000
stream_udp_timeout: 60
stream_bypass_trigger_cpu_usage: 90
cm:
policy_server:
port_num: 1
db_static: 0
db_dynamic: 1
#####session_distribution_policy.hash_key in [outer-most-sip-dip,outer-most-sip-dip-sport-dport,inner-most-sip-dip,inner-most-sip-dip-sport-dport]
session_distribution_policy:
mode: sym-hash
hash_key: inner-most-sip-dip
cpu_layouts:
- match:
model_name: "5318Y"
sockets: 2
sapp_affinity: [5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76]
mrzcpd_affinity: [1,2,3,4]
tfe_affinity: [77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92]

77
ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 Normal file
View File

@@ -0,0 +1,77 @@
version: 1
device:
tags:
- key1: value1
- key2: value2
session_id_generator:
snowflake_worker_id_base: 1
snowflake_worker_id_offset: 1
feature:
enable_stream_bypass_under_ddos: 0
firewall:
enable: 0/1
proxy:
enable: 0/1
sessionrecord:
enable: 0/1
enable_dns_record: 0/1
enable_rtp_record: 0/1
capturepacket:
enable: 0/1
radius:
enable: 0/1
gtp:
enable_gtp_c_record: 0/1
wannat:
enable: 0/1
nat_gateway_address: "127.0.0.1"
reachability_test_server_address: "127.0.0.1"
ddossketch:
enable: 0/1
app:
identify_by:
user_defined_signature: 0/1
builtin_app_engine: 0/1
cm:
policy_server:
address: "127.0.0.1"
port: 7002
olap:
kafka_broker:
address_list: ['1.1.1.1:9092','2.2.2.2:9092']
hos_server:
address: "127.0.0.1"
port: 9098
# npb_device value in [inline_device, tera,direct,etherfabric]
npb_device: etherfabric
etherfabric_settings:
keepalive:
ip: 127.0.0.1
mask: 255.255.255.0
network_setting:
nic_policy_log:
name: eth0
nic_raw:
name: eth0
coredump:
format: minidump/core/none
collect: local/sentry
sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595

265
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 Normal file
View File

@@ -0,0 +1,265 @@
---
- hosts: provision
tasks:
- name: Load default config file variable
include_vars:
file: /opt/tsg/tsg-os-provision/provision.default.yml
- name: Load general config file variable
include_vars:
file: /data/tsg-os-provision/provision.yml
- name: Load provision.yml.d config file variable
include_vars:
dir: /data/tsg-os-provision/provision.yml.d/
ignore_unknown_extensions: yes
extensions:
- 'yml'
- 'yaml'
######setting cpu affinity start######
- name: obtain cpu layout info
set_fact:
cpu_layout_obtained: "{{ item }}"
loop: "{{ cpu_layouts }}"
when:
- ansible_facts.processor[2] is search(item.match.model_name)
- ansible_facts.processor_count == item.match.sockets
- name: set cpu affinity variable
set_fact:
workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity | join(',') }}"
workload_zcpd_cpu_affinity: "{{ cpu_layout_obtained.mrzcpd_affinity | join(',')}}"
workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity | length }}"
workload_proxy_cpu_affinity: "{{ cpu_layout_obtained.tfe_affinity | join(',') }}"
workload_proxy_worker_thread: "{{ cpu_layout_obtained.tfe_affinity | length | int - 1 }}"
######setting cpu affinity end######
- name: "set keep_alive_ip"
set_fact:
gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}"
- name: "set cm_policy_server_ip and cm_policy_server_port"
set_fact:
cm_policy_server_ip: "{{cm.policy_server.address}}"
cm_policy_server_port: "{{ cm.policy_server.port }}"
- name: "tsg-os-provision: Template the conflist.inf"
template:
src: ../templates/conflist.inf.j2
dest: /opt/tsg/sapp/plug/conflist.inf
tags: sapp
- name: "tsg-os-provision: template gdev.conf file"
template:
src: "../templates/gdev.conf.j2"
dest: /opt/tsg/sapp/etc/gdev.conf
tags: sapp
- name: "tsg-os-provision: template mrglobal.conf file"
template:
src: "../templates/mrglobal.conf.j2"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
tags: mrzcpd
- name: "tsg-os-provision: template certstore configure file"
template:
src: "../templates/cert_store.ini.j2"
dest: /opt/tsg/certstore/conf/cert_store.ini
tags: certstore
- name: "tsg-os-provision: Template the tsgconf/main.conf"
template:
src: "../templates/main.conf.j2"
dest: /opt/tsg/sapp/tsgconf/main.conf
tags: firewall
- name: "tsg-os-provision: Template the tsgconf/maat.conf"
template:
src: "../templates/maat.conf.j2"
dest: /opt/tsg/sapp/tsgconf/maat.conf
tags: firewall
- name: "tsg-os-provision: Template the tsg_conn_sketch.inf"
template:
src: "../templates/tsg_conn_sketch.inf.j2"
dest: /opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"
dest: /opt/tsg/sapp/etc/sapp.toml
tags: sapp
- name: "tsg-os-provision: Template the send_raw_pkt.conf"
template:
src: "../templates/send_raw_pkt.conf.j2"
dest: /opt/tsg/sapp/etc/send_raw_pkt.conf
tags: sapp
- name: "tsg-os-provision: Templates telegraf.conf"
template:
src: "../templates/telegraf_statistic.conf.j2"
dest: /etc/telegraf/telegraf_statistic.conf
tags: telegraf_statistic
- name: "tsg-os-provision: template the tfe.conf"
template:
src: "../templates/tfe.conf.j2"
dest: /opt/tsg/tfe/conf/tfe/tfe.conf
tags: tfe
- name: "tsg-os-provision: template the pangu_pxy.conf"
template:
src: "../templates/pangu_pxy.conf.j2"
dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
tags: tfe
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
state: directory
- name: "tsg-os-provision: obtain sn and write sn to tsg_sn.json"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
register: result_exec_obtain_sn_and_write_sn_in_file
- name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file"
assert:
that:
- result_exec_obtain_sn_and_write_sn_in_file.rc == 0
- result_exec_obtain_sn_and_write_sn_in_file.failed == False
fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}"
success_msg: "Successded: obtain the sn and write sn into tsg_sn.json"
- name: "tsg-os-provision: template the tsg_device_tag"
template:
src: "../templates/tsg_device_tag.json.j2"
dest: /opt/tsg/etc/tsg_device_tag.json
tags: tsg_device_tag
- name: 'tsg-os-provision: execute command - systemctl daemon-reload'
systemd:
daemon_reload: yes
- name: "tsg-os-provision: template wannat wangw.conf file"
template:
src: "../templates/wangw.conf.j2"
dest: /opt/tsg/sapp/etc/wannat/wangw.conf
tags: wangw
- name: "tsg-os-provision: template wire_graft.conf file"
template:
src: "../templates/wire_graft.conf.j2"
dest: /opt/tsg/sapp/etc/wire_graft/wire_graft.conf
tags: wire_graft
- name: "tsg-os-provision: coredump setup override - mkdir"
file:
path: /usr/lib/systemd/coredump.conf.d/
state: directory
- name: "tsg-os-provision: coredump setup override - override"
template:
src: "../templates/coredump_setup_override.conf.j2"
dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
- name: "tsg-os-provision: snapshot the stage2 config files"
copy:
src: /data/tsg-os-provision/provision.yml
dest: /data/tsg-os-provision/provision.yml.snapshot
- name: "tsg-os-provision: rewrite sapp_cpu_affinity and sapp_worker_threads"
set_fact:
workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.sapp_affinity | join(',') }}"
workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.sapp_affinity | length }}"
when: proxy.enable == 0
- name: "tsg-os-provision: disable enable service step 1:mount partition to mnt_tmp"
mount:
path: /tmp/mnt_tmp
src: /dev/sda4
fstype: ext4
state: mounted
- name: "tsg-os-provision: disable service step 2:disable tfe service"
shell: systemctl --root=/tmp/mnt_tmp disable tfe.service
when: proxy.enable == 0
- name: "tsg-os-provision: enable service step 2:enable tfe service"
shell: systemctl --root=/tmp/mnt_tmp enable tfe.service
when: proxy.enable == 1
- name: "tsg-os-provision: disable enable service step 3:umount mnt_tmp"
mount:
path: /tmp/mnt_tmp
state: absent
- name: "tsg-os-provision: stop tfe"
systemd:
name: tfe
state: stopped
when: proxy.enable == 0
- name: add porvision successed sign
file:
path: /data/tsg-os-provision/.provision_succeeded
state: touch
- name: "tsg-os-provision: restart mrenv"
systemd:
name: mrenv
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrzcpd"
systemd:
name: mrzcpd
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_device"
systemd:
name: mrapm_device
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_stream"
systemd:
name: mrapm_stream
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart telegraf_statistic"
systemd:
name: telegraf_statistic
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart certstore"
systemd:
name: certstore
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart cert-redis"
systemd:
name: cert-redis
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart sapp"
systemd:
name: sapp
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart tfe"
systemd:
name: tfe
state: restarted
when:
- enable_config_apply == '1'
- proxy.enable == 1

27
ansible/roles/tsg-os-provision/tasks/main.yml
View File

@@ -75,7 +75,14 @@
src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P1403"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804'
when: runtime_env == 'TSG-X-P1403'
- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p0804"
copy:
src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P0804"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: runtime_env == 'TSG-X-P0804'
- name: "tsg-os-provision: copy provision.yml.sample file to dest - tsg9140"
copy:
@@ -117,7 +124,14 @@
src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804'
when: runtime_env == 'TSG-X-P1403'
- name: "tsg-os-provision: copy provision.default.yml - TSG-X-P0804"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: runtime_env == 'TSG-X-P0804'
- name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0"
copy:
@@ -145,7 +159,14 @@
src: "{{ role_path }}/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403"
dest: /opt/tsg/tsg-os-provision/provision.yml.sample
mode: 0644
when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804'
when: runtime_env == 'TSG-X-P1403'
- name: "tsg-os-provision: copy provision.yml.sample to dest - TSG-X-P0804"
copy:
src: "{{ role_path }}/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804"
dest: /opt/tsg/tsg-os-provision/provision.yml.sample
mode: 0644
when: runtime_env == 'TSG-X-P0804'
- name: "tsg-os-provision: copy provision.sh file to dest"
copy:

1
ansible/roles/wannat_common/tasks/main.yml
View File

@@ -9,6 +9,7 @@
name:
- /tmp/nanomsg-1.1.5-6.el7.x86_64.rpm
state: present
disable_gpg_check: yes
- name: "Install wannat_common library"
shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }}