diff --git a/ansible/roles/wannat_wangw/tasks/main.yml b/ansible/roles/wannat_wangw/tasks/main.yml
new file mode 100644
index 00000000..f2587bbc
--- /dev/null
+++ b/ansible/roles/wannat_wangw/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: "install wannat wangw plug packages"
+  yum:
+    name: "{{ item.value }}"
+    conf_file: "{{ rpm_repo_config_path }}"
+    state: present
+  with_dict: "{{ wannat_wangw_rpm_version }}"
+
+- name: "Template the etc/wannat/wangw.conf"
+  template:
+    src: "{{ role_path }}/templates/wangw.conf.j2.j2"
+    dest: /opt/tsg/tsg-os-provision/templates/wangw.conf.j2
+  tags: template
+
diff --git a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
new file mode 100644
index 00000000..b7007b1e
--- /dev/null
+++ b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
@@ -0,0 +1,68 @@
+[main]
+#在线模式用vxlan, 测试模式用ethernet, 即标准ethernet/IP协议
+NAT_GW_tunnel_mode=vxlan
+
+#本地监听端口
+NAT_GW_tunnel_recv_port={{ wannat_wangw.wangw_conf.main.NAT_GW_tunnel_recv_port }}
+
+#DNAT首包发送给NATGW时, 对端的监听端口
+NAT_GW_tunnel_send_port={{ wannat_wangw.wangw_conf.main.NAT_GW_tunnel_send_port }}
+
+#NAT GW的内部互联网卡名称
+NAT_GW_tunnel_device={{ wannat_wangw.wangw_conf.main.NAT_GW_tunnel_device }}
+
+#NAT GW的内部互联IP地址, 端口使用vxlan默认值, 要求对方也开放UDP 4789端口
+{% raw %}NAT_GW_tunnel_ip={{ wannat_natgw.natgw_ip }}
+{% endraw %}
+
+#接收来自NAT GW的包, 需要创建sapp的独立发包线程, 目前暂时只支持1个.
+I2E_independent_thread_num=1
+
+#重复流量识别
+duplicate_pkt_prune=1
+
+[pkt_dump]
+command_port=9346
+
+[session]
+#最大并发连接数 
+max_session_num=100000
+
+#连续no_pkt_timeout秒没有数据包, 认为此连接已超时, 可以删除
+no_pkt_timeout=60
+
+
+[runtime_log]
+log_file=./wannat_log/wannat.log
+log_level=30
+
+[field_stat2]
+Fs2_log_local_dir_path=./wannat_log
+Fs2_server_ip=127.0.0.1
+Fs2_server_port=8125
+Fs2_interval=3
+
+[maat]
+table_info=./etc/wannat/tableinfo.conf
+#json, redis, local_file
+#config_src_type=local_file
+config_src_type=redis
+#config_src_type=json
+json_cfg_file=./etc/wannat/gtest.json
+inc_dir=./redis_dump/
+full_dir=./redis_dump/
+
+redis_server_ip={{ cm_policy_server_ip }}
+{% raw %}REDIS_PORT_NUM={{ cm.policy_server.port_num }}
+redis_server_port={{ cm.policy_server.port_range }}
+redis_index={{ cm.policy_server.db_static }}
+{% endraw %}
+
+
+[no_nat_gw_self_test]
+test_eth_mode_nat_type=snat
+test_eth_mode_vlink_id=0
+test_eth_mode_link_dir=E
+test_eth_bpf="port 80"
+test_linkinfo_file=./etc/wannat/self_test.linkinfo
+
diff --git a/ansible/roles/wire_graft/tasks/main.yml b/ansible/roles/wire_graft/tasks/main.yml
new file mode 100644
index 00000000..546f9fe7
--- /dev/null
+++ b/ansible/roles/wire_graft/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: "install wire_graft plug packages"
+  yum:
+    name: "{{ item.value }}"
+    conf_file: "{{ rpm_repo_config_path }}"
+    state: present
+  with_dict: "{{ wire_graft_rpm_version }}"
+
+- name: "Template the etc/wire_graft/wire_graft.conf"
+  template:
+    src: "{{ role_path }}/templates/wire_graft.conf.j2.j2"
+    dest: /opt/tsg/tsg-os-provision/templates/wire_graft.conf.j2
+  tags: template
+
diff --git a/ansible/roles/wire_graft/templates/wire_graft.conf.j2.j2 b/ansible/roles/wire_graft/templates/wire_graft.conf.j2.j2
new file mode 100644
index 00000000..c7c9859f
--- /dev/null
+++ b/ansible/roles/wire_graft/templates/wire_graft.conf.j2.j2
@@ -0,0 +1,24 @@
+[main]
+
+[record_link_info]
+stream_project_tag_enable=1
+
+#单个流超过此包数的才发送链路信息, 防止遭受ddos攻击疯狂发日志
+at_least_total_num=2
+at_least_total_byte=10
+
+#用于标识本机ip使用哪块网卡,可能是管理口,可能是其他业务口
+identification_by_which_device={{ wire_graft.wire_graft_conf.main.identification_by_which_device}}
+
+#mirror镜像模式下, 从MAC地址获取链路信息
+mirror_mode_enable=0
+mirror_linkinfo_project_name=mirror_linkinfo_from_mac
+
+[toroad]
+sendto_toroad_enable={{ wire_graft.wire_graft_conf.toroad.sendto_toroad_enable }}
+{% raw %}toroad_ip={{ wannat_toroad.server_ip }}
+toroad_port={{ wannat_toroad.toroad.server_port }}
+{% endraw %}
+
+[log]
+log_level=30
\ No newline at end of file