diff --git a/ansible/HAL_deploy.yml b/ansible/HAL_deploy.yml index 0a445d1e..8fb588cc 100644 --- a/ansible/HAL_deploy.yml +++ b/ansible/HAL_deploy.yml @@ -123,12 +123,22 @@ - {role: mrzcpd, tags: mrzcpd} - {role: sapp, tags: sapp} - {role: tsg_master, tags: tsg_master} + - {role: kni, tags: kni} - {role: firewall, tags: firewall} - {role: tsg_app, tags: tsg_app} + - {role: redis, tags: redis} + - {role: certstore, tags: certstore} + - {role: tfe, tags: tfe} - {role: telegraf_statistic, tags: telegraf_statistic} - {role: exporter, tags: exporter} + - {role: docker, tags: docker} + - {role: tsg-diagnose, tags: tsg-diagnose} + - {role: tsg-exporter-proxy-TSGXP0804, tags: tsg-exporter-proxy-TSGXP0804} - {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403} - {role: system-init, tags: system-init} + - {role: wannat_wangw, tags: wannat_wangw} + - {role: wannat_common, tags: wannat_common} + - {role: wire_graft, tags: wire_graft} - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition} - {role: hasp, tags: hasp} - {role: OFED, tags: OFED} \ No newline at end of file diff --git a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml index 8664c8c1..3dc6c23b 100644 --- a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml +++ b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml @@ -10,6 +10,11 @@ workload_firewall: worker_threads: "{% raw %}{{ workload_firewall_worker_threads }}{% endraw %}" send_only_threads_max: 0 +workload_proxy: + enable_cpu_affinity: 1 + cpu_affinity: "{% raw %}{{ workload_proxy_cpu_affinity }}{% endraw %}" + worker_thread: "{% raw %}{{ workload_proxy_worker_thread }}{% endraw %}" + dp_traffic_mirror: nic_name: eth_mirr_d traffic_mirror_vlan_id: 0 @@ -24,13 +29,33 @@ dp_steering_firewall: nic_internal: "{% raw %}{{ network_setting.nic_raw.name }}{% endraw %}" enable_mirror: 0 +dp_steering_proxy: + ###### location: value {local, foreign} + location: local + node_list: + - nic_name: virtio_kni + +dp_certstore: + location: local + +dp_proxy: + nic_name_data_incoming: virtio_kni + mac_addr_data_incoming: 00:0e:c6:d6:72:c1 + enable_traffic_mirror: 1 + traffic_mirror_type: 1 + prefix_path: mrzcpd: /opt/tsg/mrzcpd framework: /opt/tsg/framework sapp: /opt/tsg/sapp monitor: - enable_redis_exporter: 1 - enable_ipmi_exporter: 1 + enable_redis_exporter: 0 + enable_ipmi_exporter: 0 + +diagnose: + virtual_server_nic: virtio_dign_s + virtual_client_nic: virtio_dign_c + ### TSG-server, TSG-7400-mcn0 TSG-7400-mcn123 TSG-9140 runtime_env: TSG-X-P0804 \ No newline at end of file diff --git a/ansible/install_config/group_vars/rpm_version.yml b/ansible/install_config/group_vars/rpm_version.yml index cb7fa06c..1b10a0c3 100644 --- a/ansible/install_config/group_vars/rpm_version.yml +++ b/ansible/install_config/group_vars/rpm_version.yml @@ -55,7 +55,7 @@ kni_rpm_version: kni: kni-4.0.1.6d75cbe mrzcpd_rpm_version: - mrzcpd: mrzcpd-4.5.0.42186ea + mrzcpd: mrzcpd-4.5.1.0fe6ba8 sapp_rpm_version: sapp: sapp-4.2.84.11fa03b diff --git a/ansible/roles/certstore/tasks/main.yml b/ansible/roles/certstore/tasks/main.yml index e40ab985..2e109e16 100644 --- a/ansible/roles/certstore/tasks/main.yml +++ b/ansible/roles/certstore/tasks/main.yml @@ -15,6 +15,7 @@ yum: name: "{{ certstore_rpm_fullname.files[0].path }}" state: present + disable_gpg_check: yes - name: template certstore configure file template: diff --git a/ansible/roles/mrzcpd/tasks/main.yml b/ansible/roles/mrzcpd/tasks/main.yml index 5166e4d1..1e84c3e4 100644 --- a/ansible/roles/mrzcpd/tasks/main.yml +++ b/ansible/roles/mrzcpd/tasks/main.yml @@ -82,7 +82,14 @@ src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P1403" dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2 when: - - runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' + - runtime_env == 'TSG-X-P1403' + +- name: "update mrglobal.conf - TSG-X-P0804" + template: + src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804" + dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2 + when: + - runtime_env == 'TSG-X-P0804' - name: "replace action: replace service WantedBy from multi-user.target to workload.target" replace: diff --git a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 new file mode 100644 index 00000000..1ebbe58c --- /dev/null +++ b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 @@ -0,0 +1,69 @@ +[device] +device={{ dp_steering_firewall.nic_internal }} +virtio_user={{ diagnose.virtual_client_nic }},{{ diagnose.virtual_server_nic }},{{ dp_steering_proxy.node_list[0].nic_name }} +sz_tunnel=8192 +sz_buffer=0 + +[vlan_base_fwd] +device={{ dp_steering_firewall.nic_internal }},{{ diagnose.virtual_client_nic }},{{ diagnose.virtual_server_nic }} + +[vlan_base_fwd:{{ dp_steering_firewall.nic_internal }}] +vdev_vlan=0,4000,4001 +phydev_vlan=0 + +[vlan_base_fwd:{{ diagnose.virtual_client_nic }}] +phydev_vlan=4000 + +[vlan_base_fwd:{{ diagnose.virtual_server_nic }}] +phydev_vlan=4001 + + +[device:{{ dp_steering_firewall.nic_internal }}] +{% raw %}in_addr={{etherfabric_settings.keepalive.ip}} +in_mask={{etherfabric_settings.keepalive.mask}} +{% endraw %} +vlan-filter=1 +vlan-pvid=0 +vlan-pvid-mode=2 +promisc=1 +allmulticast=1 +rssmode=3 +mtu=2048 + +[service] +# lcore id for i/o service, use comma to split +iocore={{ workload_zcpd.cpu_affinity }} +{% raw %}{% if session_distribution_policy.hash_key == 'outer-most-sip-dip' %} +distmode=0 +{% endif %} +{% if session_distribution_policy.hash_key == 'outer-most-sip-dip-sport-dport' %} +distmode=1 +{% endif %} +{% if session_distribution_policy.hash_key == 'inner-most-sip-dip' %} +distmode=2 +{% endif %} +{% if session_distribution_policy.hash_key == 'inner-most-sip-dip-sport-dport' %} +distmode=3 +{% endif %} +{% if session_distribution_policy.hash_key == 'hardware' %} +distmode=4 +{% endif %} +{% endraw %} +hashmode=0 + +[eal] +virtaddr=0x7f40c4a00000 +loglevel=7 + +[keepalive] +check_spinlock=1 + +[ctrlzone] +ctrlzone0=tunnat,64 + +[pool] +create_mode=3 +sz_direct_pktmbuf=4194304 +sz_indirect_pktmbuf=8192 +sz_cache=256 +sz_data=4096 \ No newline at end of file diff --git a/ansible/roles/redis/tasks/main.yml b/ansible/roles/redis/tasks/main.yml index 7fa15e00..fa0f7dee 100644 --- a/ansible/roles/redis/tasks/main.yml +++ b/ansible/roles/redis/tasks/main.yml @@ -8,6 +8,7 @@ name: - "/tmp/ansible_deploy/redis-6.2.5-1.el7.remi.x86_64.rpm" state: present + disable_gpg_check: yes - name: "Create /usr/lib/systemd/system/redis.service.d directory if it does not exist" file: diff --git a/ansible/roles/tsg-exporter-proxy-TSGXP0804/files/exporter-proxy.tar.gz b/ansible/roles/tsg-exporter-proxy-TSGXP0804/files/exporter-proxy.tar.gz new file mode 100644 index 00000000..6f8b96ab Binary files /dev/null and b/ansible/roles/tsg-exporter-proxy-TSGXP0804/files/exporter-proxy.tar.gz differ diff --git a/ansible/roles/tsg-exporter-proxy-TSGXP0804/tasks/main.yml b/ansible/roles/tsg-exporter-proxy-TSGXP0804/tasks/main.yml new file mode 100644 index 00000000..a3424a23 --- /dev/null +++ b/ansible/roles/tsg-exporter-proxy-TSGXP0804/tasks/main.yml @@ -0,0 +1,49 @@ +--- +- name: "mkdir /opt/tsg/exporter" + file: + path: /opt/tsg/exporter + state: directory + +- name: "unarchive exporter-proxy(NGINX)" + unarchive: + src: "{{role_path}}/files/exporter-proxy.tar.gz" + dest: /opt/tsg/exporter + +- name: "templates exporter-proxy.service" + template: + src: "{{role_path}}/templates/exporter-proxy.service.j2" + dest: /usr/lib/systemd/system/exporter-proxy.service + tags: template + +- name: "template nginx.conf" + template: + src: "{{role_path}}/templates/nginx.conf.j2" + dest: /opt/tsg/exporter/exporter-proxy/conf/nginx.conf + tags: template + +- name: "Create /usr/lib/systemd/system/exporter-proxy.service.d/ directory if it does not exist" + file: + path: "{{ item }}" + state: directory + mode: '0755' + with_items: + - /usr/lib/systemd/system/exporter-proxy.service.d + +- name: "copy slice file to exporter-proxy.service.d" + copy: + src: "{{ role_path }}/templates/service_override_slice.conf.j2" + dest: /usr/lib/systemd/system/exporter-proxy.service.d/service_override_slice.conf + mode: 0644 + +- name: "replace action: replace service WantedBy from multi-user.target to workload.target" + replace: + path: "{{ item }}" + regexp: 'WantedBy=multi-user.target' + replace: 'WantedBy=workload.target' + with_items: + - /usr/lib/systemd/system/exporter-proxy.service + +- name: 'exporter-proxy service start' + systemd: + name: exporter-proxy + enabled: yes \ No newline at end of file diff --git a/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/exporter-proxy.service.j2 b/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/exporter-proxy.service.j2 new file mode 100644 index 00000000..99ee4cb1 --- /dev/null +++ b/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/exporter-proxy.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=TSG-9140 Exporter Proxy (NGINX) for NEZHA +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=simple +ExecStart=/opt/tsg/exporter/exporter-proxy/sbin/nginx -p /opt/tsg/exporter/exporter-proxy +ExecReload=/opt/tsg/exporter/exporter-proxy/sbin/nginx -p /opt/tsg/exporter/exporter-proxy -s reload +ExecStop=/opt/tsg/exporter/exporter-proxy/sbin/nginx -p /opt/tsg/exporter/exporter-proxy -s stop + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/nginx.conf.j2 b/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/nginx.conf.j2 new file mode 100644 index 00000000..cafefa1b --- /dev/null +++ b/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/nginx.conf.j2 @@ -0,0 +1,64 @@ + +user nobody; +worker_processes 1; +daemon off; + +error_log logs/error.log; +error_log logs/error.log notice; +error_log logs/error.log info; +pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + tcp_nopush on; + + keepalive_timeout 65; + gzip on; + + server { + listen 9000; + server_name localhost; + + location /metrics/blade/node_exporter { + proxy_pass http://127.0.0.1:9100/metrics; + } + + location /metrics/blade/systemd_exporter { + proxy_pass http://127.0.0.1:9558/metrics; + } + + location /metrics/blade/certstore { + proxy_pass http://127.0.0.1:9002/metrics; + } + + location /metrics/blade/tfe { + proxy_pass http://127.0.0.1:9001/metrics; + } + + location /metrics/blade/sapp { + proxy_pass http://127.0.0.1:9273/metrics; + } + + location /metrics/blade/mrapm_device { + proxy_pass http://127.0.0.1:8901/metrics; + } + + location /metrics/blade/mrapm_stream { + proxy_pass http://127.0.0.1:8902/metrics; + } + } +} diff --git a/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/service_override_slice.conf.j2 b/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/service_override_slice.conf.j2 new file mode 100644 index 00000000..db248c50 --- /dev/null +++ b/ansible/roles/tsg-exporter-proxy-TSGXP0804/templates/service_override_slice.conf.j2 @@ -0,0 +1,2 @@ +[Service] +Slice=workload.slice \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 new file mode 100644 index 00000000..51fef03c --- /dev/null +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 @@ -0,0 +1,84 @@ +feature: + enable_policy_local_cache: 1 + enable_stream_bypass_under_ddos: 0 + +firewall: + enable: 1 + enable_hos: 1 + +proxy: + enable: 1 + enable_hos: 1 + +sessionrecord: + enable: 1 + enable_dns_record: 1 + enable_rtp_record: 1 + +capturepacket: + enable: 1 + +radius: + enable: 1 + +app_behavior: + enable: 0 + +gtp: + enable_gtp_c_record: 1 + +wannat: + enable: 0 + nat_gateway_address: "127.0.0.1" + reachability_test_server_address: "127.0.0.1" + reachability_test_server_port: 8888 + feedback_linkinfo_interval: 30 + nat_gateway_broadcast_session_port: 5671 + reachability_test_server_broadcast_session_port: 5672 + reachability_test_server_tunnel_port: 3542 + wan_gateway_listen_port_range_left_edge: 3545 + nat_gateway_listen_port: 3544 + enable_link_info_recording: 1 + +ddossketch: + enable: 1 + tcp_flood_report_thresh: 0.0008 + udp_flood_report_thresh: 0.0008 + icmp_flood_report_thresh: 0.0008 + dns_flood_report_thresh: 0.0008 + +app: + identify_by: + user_defined_signature: 1 + builtin_app_engine: 1 + +coredump: + format: none + collect: local + sentry_url: http://127.0.0.1:9000/api/2/minidump/ + +advanced_settings: + stream_tcp_max: 50000 + stream_tcp_timeout: 30 + stream_udp_max: 50000 + stream_udp_timeout: 60 + stream_bypass_trigger_cpu_usage: 90 + +cm: + policy_server: + port_num: 1 + db_static: 0 + db_dynamic: 1 + +#####session_distribution_policy.hash_key in [outer-most-sip-dip,outer-most-sip-dip-sport-dport,inner-most-sip-dip,inner-most-sip-dip-sport-dport] +session_distribution_policy: + mode: sym-hash + hash_key: inner-most-sip-dip + +cpu_layouts: + - match: + model_name: "5318Y" + sockets: 2 + sapp_affinity: [5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76] + mrzcpd_affinity: [1,2,3,4] + tfe_affinity: [77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92] \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 new file mode 100644 index 00000000..23f8425c --- /dev/null +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 @@ -0,0 +1,77 @@ +version: 1 + +device: + tags: + - key1: value1 + - key2: value2 + +session_id_generator: + snowflake_worker_id_base: 1 + snowflake_worker_id_offset: 1 + +feature: + enable_stream_bypass_under_ddos: 0 + +firewall: + enable: 0/1 + +proxy: + enable: 0/1 + +sessionrecord: + enable: 0/1 + enable_dns_record: 0/1 + enable_rtp_record: 0/1 + +capturepacket: + enable: 0/1 + +radius: + enable: 0/1 + +gtp: + enable_gtp_c_record: 0/1 + +wannat: + enable: 0/1 + nat_gateway_address: "127.0.0.1" + reachability_test_server_address: "127.0.0.1" + +ddossketch: + enable: 0/1 + +app: + identify_by: + user_defined_signature: 0/1 + builtin_app_engine: 0/1 + +cm: + policy_server: + address: "127.0.0.1" + port: 7002 + +olap: + kafka_broker: + address_list: ['1.1.1.1:9092','2.2.2.2:9092'] + hos_server: + address: "127.0.0.1" + port: 9098 + +# npb_device value in [inline_device, tera,direct,etherfabric] +npb_device: etherfabric + +etherfabric_settings: + keepalive: + ip: 127.0.0.1 + mask: 255.255.255.0 + +network_setting: + nic_policy_log: + name: eth0 + nic_raw: + name: eth0 + +coredump: + format: minidump/core/none + collect: local/sentry + sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595 diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 new file mode 100644 index 00000000..6a3e3f3c --- /dev/null +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 @@ -0,0 +1,265 @@ +--- +- hosts: provision + tasks: + - name: Load default config file variable + include_vars: + file: /opt/tsg/tsg-os-provision/provision.default.yml + + - name: Load general config file variable + include_vars: + file: /data/tsg-os-provision/provision.yml + + - name: Load provision.yml.d config file variable + include_vars: + dir: /data/tsg-os-provision/provision.yml.d/ + ignore_unknown_extensions: yes + extensions: + - 'yml' + - 'yaml' + +######setting cpu affinity start###### + - name: obtain cpu layout info + set_fact: + cpu_layout_obtained: "{{ item }}" + loop: "{{ cpu_layouts }}" + when: + - ansible_facts.processor[2] is search(item.match.model_name) + - ansible_facts.processor_count == item.match.sockets + + - name: set cpu affinity variable + set_fact: + workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity | join(',') }}" + workload_zcpd_cpu_affinity: "{{ cpu_layout_obtained.mrzcpd_affinity | join(',')}}" + workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity | length }}" + workload_proxy_cpu_affinity: "{{ cpu_layout_obtained.tfe_affinity | join(',') }}" + workload_proxy_worker_thread: "{{ cpu_layout_obtained.tfe_affinity | length | int - 1 }}" + +######setting cpu affinity end###### + + - name: "set keep_alive_ip" + set_fact: + gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}" + + - name: "set cm_policy_server_ip and cm_policy_server_port" + set_fact: + cm_policy_server_ip: "{{cm.policy_server.address}}" + cm_policy_server_port: "{{ cm.policy_server.port }}" + + - name: "tsg-os-provision: Template the conflist.inf" + template: + src: ../templates/conflist.inf.j2 + dest: /opt/tsg/sapp/plug/conflist.inf + tags: sapp + + - name: "tsg-os-provision: template gdev.conf file" + template: + src: "../templates/gdev.conf.j2" + dest: /opt/tsg/sapp/etc/gdev.conf + tags: sapp + + - name: "tsg-os-provision: template mrglobal.conf file" + template: + src: "../templates/mrglobal.conf.j2" + dest: /opt/tsg/mrzcpd/etc/mrglobal.conf + tags: mrzcpd + + - name: "tsg-os-provision: template certstore configure file" + template: + src: "../templates/cert_store.ini.j2" + dest: /opt/tsg/certstore/conf/cert_store.ini + tags: certstore + + - name: "tsg-os-provision: Template the tsgconf/main.conf" + template: + src: "../templates/main.conf.j2" + dest: /opt/tsg/sapp/tsgconf/main.conf + tags: firewall + + - name: "tsg-os-provision: Template the tsgconf/maat.conf" + template: + src: "../templates/maat.conf.j2" + dest: /opt/tsg/sapp/tsgconf/maat.conf + tags: firewall + + - name: "tsg-os-provision: Template the tsg_conn_sketch.inf" + template: + src: "../templates/tsg_conn_sketch.inf.j2" + dest: /opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf + tags: firewall + + - name: "tsg-os-provision: Template the sapp.toml" + template: + src: "../templates/sapp.toml.j2" + dest: /opt/tsg/sapp/etc/sapp.toml + tags: sapp + + - name: "tsg-os-provision: Template the send_raw_pkt.conf" + template: + src: "../templates/send_raw_pkt.conf.j2" + dest: /opt/tsg/sapp/etc/send_raw_pkt.conf + tags: sapp + + - name: "tsg-os-provision: Templates telegraf.conf" + template: + src: "../templates/telegraf_statistic.conf.j2" + dest: /etc/telegraf/telegraf_statistic.conf + tags: telegraf_statistic + + - name: "tsg-os-provision: template the tfe.conf" + template: + src: "../templates/tfe.conf.j2" + dest: /opt/tsg/tfe/conf/tfe/tfe.conf + tags: tfe + + - name: "tsg-os-provision: template the pangu_pxy.conf" + template: + src: "../templates/pangu_pxy.conf.j2" + dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf + tags: tfe + + - name: "mkdir /opt/tsg/etc/" + file: + path: /opt/tsg/etc + state: directory + + - name: "tsg-os-provision: obtain sn and write sn to tsg_sn.json" + shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh + register: result_exec_obtain_sn_and_write_sn_in_file + + - name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file" + assert: + that: + - result_exec_obtain_sn_and_write_sn_in_file.rc == 0 + - result_exec_obtain_sn_and_write_sn_in_file.failed == False + fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}" + success_msg: "Successded: obtain the sn and write sn into tsg_sn.json" + + - name: "tsg-os-provision: template the tsg_device_tag" + template: + src: "../templates/tsg_device_tag.json.j2" + dest: /opt/tsg/etc/tsg_device_tag.json + tags: tsg_device_tag + + - name: 'tsg-os-provision: execute command - systemctl daemon-reload' + systemd: + daemon_reload: yes + + - name: "tsg-os-provision: template wannat wangw.conf file" + template: + src: "../templates/wangw.conf.j2" + dest: /opt/tsg/sapp/etc/wannat/wangw.conf + tags: wangw + + - name: "tsg-os-provision: template wire_graft.conf file" + template: + src: "../templates/wire_graft.conf.j2" + dest: /opt/tsg/sapp/etc/wire_graft/wire_graft.conf + tags: wire_graft + + - name: "tsg-os-provision: coredump setup override - mkdir" + file: + path: /usr/lib/systemd/coredump.conf.d/ + state: directory + + - name: "tsg-os-provision: coredump setup override - override" + template: + src: "../templates/coredump_setup_override.conf.j2" + dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf + + - name: "tsg-os-provision: snapshot the stage2 config files" + copy: + src: /data/tsg-os-provision/provision.yml + dest: /data/tsg-os-provision/provision.yml.snapshot + + - name: "tsg-os-provision: rewrite sapp_cpu_affinity and sapp_worker_threads" + set_fact: + workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.sapp_affinity | join(',') }}" + workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.sapp_affinity | length }}" + when: proxy.enable == 0 + + - name: "tsg-os-provision: disable enable service step 1:mount partition to mnt_tmp" + mount: + path: /tmp/mnt_tmp + src: /dev/sda4 + fstype: ext4 + state: mounted + + - name: "tsg-os-provision: disable service step 2:disable tfe service" + shell: systemctl --root=/tmp/mnt_tmp disable tfe.service + when: proxy.enable == 0 + + - name: "tsg-os-provision: enable service step 2:enable tfe service" + shell: systemctl --root=/tmp/mnt_tmp enable tfe.service + when: proxy.enable == 1 + + - name: "tsg-os-provision: disable enable service step 3:umount mnt_tmp" + mount: + path: /tmp/mnt_tmp + state: absent + + - name: "tsg-os-provision: stop tfe" + systemd: + name: tfe + state: stopped + when: proxy.enable == 0 + + - name: add porvision successed sign + file: + path: /data/tsg-os-provision/.provision_succeeded + state: touch + + - name: "tsg-os-provision: restart mrenv" + systemd: + name: mrenv + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart mrzcpd" + systemd: + name: mrzcpd + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart mrapm_device" + systemd: + name: mrapm_device + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart mrapm_stream" + systemd: + name: mrapm_stream + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart telegraf_statistic" + systemd: + name: telegraf_statistic + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart certstore" + systemd: + name: certstore + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart cert-redis" + systemd: + name: cert-redis + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart sapp" + systemd: + name: sapp + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart tfe" + systemd: + name: tfe + state: restarted + when: + - enable_config_apply == '1' + - proxy.enable == 1 diff --git a/ansible/roles/tsg-os-provision/tasks/main.yml b/ansible/roles/tsg-os-provision/tasks/main.yml index 97ed44c5..c2daeec6 100644 --- a/ansible/roles/tsg-os-provision/tasks/main.yml +++ b/ansible/roles/tsg-os-provision/tasks/main.yml @@ -75,7 +75,14 @@ src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P1403" dest: /opt/tsg/tsg-os-provision/tasks/provision.yml mode: 0644 - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P1403' + +- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p0804" + copy: + src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P0804" + dest: /opt/tsg/tsg-os-provision/tasks/provision.yml + mode: 0644 + when: runtime_env == 'TSG-X-P0804' - name: "tsg-os-provision: copy provision.yml.sample file to dest - tsg9140" copy: @@ -117,7 +124,14 @@ src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403" dest: /opt/tsg/tsg-os-provision/provision.default.yml mode: 0644 - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P1403' + +- name: "tsg-os-provision: copy provision.default.yml - TSG-X-P0804" + copy: + src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804" + dest: /opt/tsg/tsg-os-provision/provision.default.yml + mode: 0644 + when: runtime_env == 'TSG-X-P0804' - name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0" copy: @@ -145,7 +159,14 @@ src: "{{ role_path }}/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403" dest: /opt/tsg/tsg-os-provision/provision.yml.sample mode: 0644 - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P1403' + +- name: "tsg-os-provision: copy provision.yml.sample to dest - TSG-X-P0804" + copy: + src: "{{ role_path }}/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804" + dest: /opt/tsg/tsg-os-provision/provision.yml.sample + mode: 0644 + when: runtime_env == 'TSG-X-P0804' - name: "tsg-os-provision: copy provision.sh file to dest" copy: diff --git a/ansible/roles/wannat_common/tasks/main.yml b/ansible/roles/wannat_common/tasks/main.yml index 318d947d..c8a14e74 100644 --- a/ansible/roles/wannat_common/tasks/main.yml +++ b/ansible/roles/wannat_common/tasks/main.yml @@ -9,6 +9,7 @@ name: - /tmp/nanomsg-1.1.5-6.el7.x86_64.rpm state: present + disable_gpg_check: yes - name: "Install wannat_common library" shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }}