gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

上传遗漏修改的配置文件

Browse Source
This commit is contained in:
liuxueli
2023-11-21 10:54:10 +08:00
committed by fumingwei
parent 12478ba1ec
commit f48651c704
15 changed files with 1 additions and 1501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/HAL_server_deploy.yml
View File

@@ -16,7 +16,6 @@
- {role: framework, tags: framework}
- {role: mrzcpd, tags: mrzcpd}
- {role: sapp, tags: sapp}
- {role: tsg_master, tags: tsg_master}
- {role: kni, tags: kni}
- {role: firewall, tags: firewall}
- {role: tsg_app, tags: tsg_app}

7
ansible/roles/firewall/tasks/main.yml
View File

@@ -25,13 +25,6 @@
dest: /opt/tsg/tsg-os-provision/templates/maat.conf.j2
tags: template
when: runtime_env != 'TSG-X-P0906'
- name: "Template the /opt/tsg/sapp/plug/business/session_record/session_record.inf"
template:
src: "{{ role_path }}/templates/session_record.inf.j2.j2"
dest: /opt/tsg/tsg-os-provision/templates/session_record.inf.j2
tags: template
when: runtime_env != 'TSG-X-P0906'
- name: "Template the conf/http/http.conf"
template:

21
ansible/roles/mrzcpd/tasks/main.yml
View File

@@ -122,27 +122,6 @@
when:
- runtime_env == 'TSG-7400-mcn123'
- name: "update mrglobal.conf - TSG server"
template:
src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.SERVER"
dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
when:
- runtime_env == 'TSG-server'
- name: "update mrglobal.conf - TSG-X-P1403"
template:
src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P1403"
dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
when:
- runtime_env == 'TSG-X-P1403'
- name: "update mrglobal.conf - TSG-X-P0804"
template:
src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804"
dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
when:
- runtime_env == 'TSG-X-P0804'
- name: "update mrglobal.conf - TSG-X-P0906"
copy:
src: "{{ role_path }}/templates/mrglobal.conf.TSGXNXR620G40R01P0906"

10
ansible/roles/rpm_download/tasks/main.yml
View File

@@ -78,16 +78,6 @@
download_only: yes
download_dir: "{{ path_download }}"
- name: "download rpm packages: tsg_master"
yum:
name:
- "{{ tsg_master_rpm_version.tsg_master }}"
conf_file: "{{ rpm_repo_config_path }}"
state: present
download_only: yes
download_dir: "{{ path_download }}"
- name: "download rpm packages: tsg-diagnose"
yum:
name:

16
ansible/roles/sapp/tasks/main.yml
View File

@@ -71,14 +71,7 @@
src: "{{ role_path }}/templates/send_raw_pkt.conf.j2"
dest: /opt/tsg/sapp/etc/send_raw_pkt.conf
tags: template
when: runtime_env != 'TSG-X-P1403' and runtime_env != 'TSG-X-P0804' and runtime_env != 'TSG-X-P0906'
- name: Template the send_raw_pkt.conf
template:
src: "{{ role_path }}/templates/send_raw_pkt.conf.j2"
dest: /opt/tsg/tsg-os-provision/templates/send_raw_pkt.conf.j2
tags: template
when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804'
when: runtime_env != 'TSG-X-P0906'
- name: Template the conflist.inf - tsg_server
template:
@@ -121,13 +114,6 @@
when:
- runtime_env == 'TSG-7400-mcn0'
- name: Template the vlan_flipping_map.conf - tsg-x-p1403
template:
src: "{{ role_path }}/templates/vlan_flipping_map.conf.j2.TSGXNXR620G40R01P1403"
dest: /opt/tsg/sapp/etc/vlan_flipping_map.conf
tags: template
when:
- runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804'
- name: Template the sapp_log.conf
template:
src: "{{ role_path }}/templates/sapp_log.conf.j2"

92
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER
View File

@@ -1,92 +0,0 @@
feature:
enable_stream_bypass_under_ddos: 0
firewall:
enable: 1
enable_hos: 1
rapidjson_chunk_capacity: 2048
proxy:
enable: 1
enable_hos: 1
sessionrecord:
enable: 1
enable_dns_record: 1
enable_rtp_record: 1
enable_interim_record: 1
enable_transcation_record: 1
enable_contains_app_id: 0
enable_contains_nat_linkinfo: 0
enable_contains_dns_resource_record: 0
capturepacket:
enable: 1
radius:
enable: 1
app_behavior:
enable: 0
gtp:
enable_gtp_c_record: 1
wannat:
enable: 0
nat_gateway_address: "127.0.0.1"
reachability_test_server_address: "127.0.0.1"
reachability_test_server_port: 8888
feedback_linkinfo_interval: 30
nat_gateway_broadcast_session_port: 5671
reachability_test_server_broadcast_session_port: 5672
reachability_test_server_tunnel_port: 3542
wan_gateway_listen_port_range_left_edge: 3545
nat_gateway_listen_port: 3544
enable_link_info_recording: 1
ddossketch:
enable: 1
tcp_flood_report_thresh: 0.0008
udp_flood_report_thresh: 0.0008
icmp_flood_report_thresh: 0.0008
dns_flood_report_thresh: 0.0008
app:
identify_by:
user_defined_signature: 1
builtin_app_engine: 1
coredump:
format: none
collect: local
sentry_url: http://127.0.0.1:9000/api/2/minidump/
advanced_settings:
stream_tcp_max: 50000
stream_tcp_timeout: 30
stream_udp_max: 50000
stream_udp_timeout: 60
stream_bypass_trigger_cpu_usage: 90
cm:
policy_server:
port_num: 1
db_static: 0
db_dynamic: 1
#####session_distribution_policy.hash_key in [outer-most-sip-dip,outer-most-sip-dip-sport-dport,inner-most-sip-dip,inner-most-sip-dip-sport-dport]
session_distribution_policy:
mode: sym-hash
hash_key: inner-most-sip-dip
vsys_id: 1
consul_agent:
mode: "server"
encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
datacenter: "dc1"
node_name: ""
shaping:
enable: 0

112
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
View File

@@ -1,112 +0,0 @@
feature:
enable_policy_local_cache: 1
enable_stream_bypass_under_ddos: 0
firewall:
enable: 1
enable_hos: 1
rapidjson_chunk_capacity: 2048
enable_dtls: 1
enable_sip: 1
enable_bgp: 1
proxy:
enable: 1
enable_hos: 1
sessionrecord:
enable: 1
enable_dns_record: 1
enable_rtp_record: 1
enable_interim_record: 1
enable_transcation_record: 1
enable_contains_app_id: 0
enable_contains_nat_linkinfo: 0
enable_contains_dns_resource_record: 0
capturepacket:
enable: 1
radius:
enable: 1
app_behavior:
enable: 0
gtp:
enable_gtp_c_record: 1
wannat:
enable: 0
nat_gateway_address: "127.0.0.1"
reachability_test_server_address: "127.0.0.1"
reachability_test_server_port: 8888
feedback_linkinfo_interval: 30
nat_gateway_broadcast_session_port: 5671
reachability_test_server_broadcast_session_port: 5672
reachability_test_server_tunnel_port: 3542
wan_gateway_listen_port_range_left_edge: 3545
nat_gateway_listen_port: 3544
enable_link_info_recording: 1
ddossketch:
enable: 1
tcp_flood_report_thresh: 0.0008
udp_flood_report_thresh: 0.0008
icmp_flood_report_thresh: 0.0008
dns_flood_report_thresh: 0.0008
app:
identify_by:
user_defined_signature: 1
builtin_app_engine: 1
coredump:
format: none
collect: local
sentry_url: http://127.0.0.1:9000/api/2/minidump/
advanced_settings:
stream_tcp_max: 50000
stream_tcp_timeout: 30
stream_udp_max: 50000
stream_udp_timeout: 60
stream_bypass_trigger_cpu_usage: 90
cm:
policy_server:
port_num: 1
db_static: 0
db_dynamic: 1
#####session_distribution_policy.hash_key in [outer-most-sip-dip,outer-most-sip-dip-sport-dport,inner-most-sip-dip,inner-most-sip-dip-sport-dport]
session_distribution_policy:
mode: sym-hash
hash_key: inner-most-sip-dip
cpu_layouts:
- match:
model_name: "5318Y"
sockets: 2
sapp_affinity: [5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76]
mrzcpd_affinity: [1,2,3,4]
tfe_affinity: [77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92]
olap:
hos_server:
token: "c21f969b5f03d33d43e04f8f136e7682"
vsys_id: 1
consul_agent:
mode: "server"
encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
datacenter: "dc1"
node_name: ""
shaping:
enable: 0
sid:
shaping: 1000

110
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403
View File

@@ -1,110 +0,0 @@
feature:
enable_policy_local_cache: 1
enable_stream_bypass_under_ddos: 0
firewall:
enable: 1
enable_hos: 1
rapidjson_chunk_capacity: 2048
enable_dtls: 1
enable_sip: 1
enable_bgp: 1
proxy:
enable: 0
enable_hos: 0
sessionrecord:
enable: 1
enable_dns_record: 1
enable_rtp_record: 1
enable_interim_record: 1
enable_transcation_record: 1
enable_contains_app_id: 0
enable_contains_nat_linkinfo: 0
enable_contains_dns_resource_record: 0
capturepacket:
enable: 1
radius:
enable: 1
app_behavior:
enable: 0
gtp:
enable_gtp_c_record: 1
wannat:
enable: 0
nat_gateway_address: "127.0.0.1"
reachability_test_server_address: "127.0.0.1"
reachability_test_server_port: 8888
feedback_linkinfo_interval: 30
nat_gateway_broadcast_session_port: 5671
reachability_test_server_broadcast_session_port: 5672
reachability_test_server_tunnel_port: 3542
wan_gateway_listen_port_range_left_edge: 3545
nat_gateway_listen_port: 3544
enable_link_info_recording: 1
ddossketch:
enable: 1
tcp_flood_report_thresh: 0.0008
udp_flood_report_thresh: 0.0008
icmp_flood_report_thresh: 0.0008
dns_flood_report_thresh: 0.0008
app:
identify_by:
user_defined_signature: 1
builtin_app_engine: 1
coredump:
format: none
collect: local
sentry_url: http://127.0.0.1:9000/api/2/minidump/
advanced_settings:
stream_tcp_max: 50000
stream_tcp_timeout: 30
stream_udp_max: 50000
stream_udp_timeout: 60
stream_bypass_trigger_cpu_usage: 90
cm:
policy_server:
port_num: 1
db_static: 0
db_dynamic: 1
#####session_distribution_policy.hash_key in [outer-most-sip-dip,outer-most-sip-dip-sport-dport,inner-most-sip-dip,inner-most-sip-dip-sport-dport]
session_distribution_policy:
mode: sym-hash
hash_key: inner-most-sip-dip
cpu_layouts:
- match:
model_name: "5318Y"
sockets: 2
sapp_affinity: [5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92]
mrzcpd_affinity: [1,2,3,4]
olap:
hos_server:
token: "c21f969b5f03d33d43e04f8f136e7682"
vsys_id: 1
consul_agent:
mode: "server"
encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
datacenter: "dc1"
node_name: ""
shaping:
enable: 0
sid:
shaping: 1000

90
ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER
View File

@@ -1,90 +0,0 @@
version: 1
device:
tags:
- key1: value1
- key2: value2
session_id_generator:
snowflake_worker_id_base: 1
snowflake_worker_id_offset: 1
feature:
enable_stream_bypass_under_ddos: 0
firewall:
enable: 0/1
proxy:
enable: 0/1
sessionrecord:
enable: 0/1
enable_dns_record: 0/1
enable_rtp_record: 0/1
enable_interim_record: 0/1
enable_transcation_record: 0/1
capturepacket:
enable: 0/1
radius:
enable: 0/1
gtp:
enable_gtp_c_record: 0/1
wannat:
enable: 0/1
natgw_address: "127.0.0.1"
toroad_address: "127.0.0.1"
toroad_port: 8888
ddossketch:
enable: 0/1
app:
identify_by:
user_defined_signature: 0/1
builtin_app_engine: 0/1
cm:
policy_server:
address: "127.0.0.1"
port: 7002
olap:
kafka_broker:
address_list: ['1.1.1.1:9092','2.2.2.2:9092']
hos_server:
address: "127.0.0.1"
port: 9098
token: "xxxxxxxxxx"
inline_device_settings:
keepalive:
ip: 127.0.0.1
mask: 255.255.255.0
coredump:
format: minidump/core/none
collect: local/sentry
sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
vsys_id: 1
consul_agent:
mode: client/server
#encrypt: ""
bootstrapExpect: 1
#node_name: ""
#datacenter: "dc1"
join:
- address: 111.111.111.111
port: 8301
- address: 222.222.222.222
port: 8301
shaping:
enable: 1

102
ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804
View File

@@ -1,102 +0,0 @@
version: 1
device:
tags:
- key1: value1
- key2: value2
session_id_generator:
snowflake_worker_id_base: 1
snowflake_worker_id_offset: 1
feature:
enable_stream_bypass_under_ddos: 0
firewall:
enable: 0/1
proxy:
enable: 0/1
sessionrecord:
enable: 0/1
enable_dns_record: 0/1
enable_rtp_record: 0/1
enable_interim_record: 0/1
enable_transcation_record: 0/1
capturepacket:
enable: 0/1
radius:
enable: 0/1
gtp:
enable_gtp_c_record: 0/1
wannat:
enable: 0/1
nat_gateway_address: "127.0.0.1"
reachability_test_server_address: "127.0.0.1"
ddossketch:
enable: 0/1
app:
identify_by:
user_defined_signature: 0/1
builtin_app_engine: 0/1
cm:
policy_server:
address: "127.0.0.1"
port: 7002
olap:
kafka_broker:
address_list: ['1.1.1.1:9092','2.2.2.2:9092']
hos_server:
address: "127.0.0.1"
port: 9098
token: "xxxxxxxxxx"
# npb_device value in [inline_device, tera,direct,etherfabric]
npb_device: etherfabric
etherfabric_settings:
keepalive:
ip: 127.0.0.1
mask: 255.255.255.0
network_setting:
nic_policy_log:
name: eth0
nic_raw:
name: eth0
nic_mirror:
name: eth0
coredump:
format: minidump/core/none
collect: local/sentry
sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
vsys_id: 1
consul_agent:
mode: client/server
#encrypt: ""
bootstrapExpect: 1
#node_name: ""
#datacenter: "dc1"
join:
- address: 111.111.111.111
port: 8301
- address: 222.222.222.222
port: 8301
shaping:
enable: 1
sid:
shaping: 1000

93
ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403
View File

@@ -1,93 +0,0 @@
version: 1
device:
tags:
- key1: value1
- key2: value2
session_id_generator:
snowflake_worker_id_base: 1
snowflake_worker_id_offset: 1
feature:
enable_policy_local_cache: 1
enable_stream_bypass_under_ddos: 0
firewall:
enable: 0/1
sessionrecord:
enable: 0/1
enable_dns_record: 0/1
enable_rtp_record: 0/1
enable_interim_record: 0/1
enable_transcation_record: 0/1
capturepacket:
enable: 0/1
radius:
enable: 0/1
gtp:
enable_gtp_c_record: 0/1
ddossketch:
enable: 0/1
app:
identify_by:
user_defined_signature: 0/1
builtin_app_engine: 0/1
cm:
policy_server:
address: "127.0.0.1"
port: 7002
olap:
kafka_broker:
address_list: ['1.1.1.1:9092','2.2.2.2:9092']
hos_server:
address: "127.0.0.1"
port: 9098
token: "xxxxxxxxxx"
# npb_device value in [inline_device, tera,direct,etherfabric]
npb_device: etherfabric
etherfabric_settings:
keepalive:
ip: 127.0.0.1
mask: 255.255.255.0
network_setting:
nic_policy_log:
name: eth0
nic_raw:
name: eth0
coredump:
format: minidump/core/none
collect: local/sentry
sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
vsys_id: 1
consul_agent:
mode: client/server
#encrypt: ""
bootstrapExpect: 1
#node_name: ""
#datacenter: "dc1"
join:
- address: 111.111.111.111
port: 8301
- address: 222.222.222.222
port: 8301
shaping:
enable: 1
sid:
shaping: 1000

225
ansible/roles/tsg-os-provision/files/tasks/provision.yml.SERVER
View File

@@ -1,225 +0,0 @@
---
- hosts: provision
tasks:
- name: Delete porvision successed sign
file:
path: /data/tsg-os-provision/.provision_succeeded
state: absent
- name: Load default config file variable
include_vars:
file: /opt/tsg/tsg-os-provision/provision.default.yml
- name: Load general config file variable
include_vars:
file: /data/tsg-os-provision/provision.yml
- name: Load provision.yml.d config file variable
include_vars:
dir: /data/tsg-os-provision/provision.yml.d/
ignore_unknown_extensions: yes
extensions:
- 'yml'
- 'yaml'
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
state: directory
- name: "tsg-os-provision: ldconfig"
shell: ldconfig
- name: "tsg-os-provision: obtain sn"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
register: result_exec_obtain_sn_and_write_sn_in_file
- name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file"
assert:
that:
- result_exec_obtain_sn_and_write_sn_in_file.rc == 0
- result_exec_obtain_sn_and_write_sn_in_file.failed == False
fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}"
success_msg: "Successded: obtain the sn and write sn into tsg_sn.json"
- name: "set cm_policy_server_ip and cm_policy_server_port"
set_fact:
cm_policy_server_ip: "{{cm.policy_server.address}}"
cm_policy_server_port: "{{ cm.policy_server.port }}"
- name: "set gdev_conf_keep_alive_ip variable"
set_fact:
gdev_conf_keep_alive_ip: "{{ inline_device_settings.keepalive.ip }}"
- name: "tsg-os-provision: Template the conflist.inf"
template:
src: ../templates/conflist.inf.j2
dest: /opt/tsg/sapp/plug/conflist.inf
tags: sapp
- name: "tsg-os-provision: template gdev.conf file"
template:
src: "../templates/gdev.conf.j2"
dest: /opt/tsg/sapp/etc/gdev.conf
tags: sapp
- name: "tsg-os-provision: template mrglobal.conf file"
template:
src: "../templates/mrglobal.conf.j2"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
tags: mrzcpd
- name: "tsg-os-provision: template certstore configure file"
template:
src: "../templates/cert_store.ini.j2"
dest: /opt/tsg/certstore/conf/cert_store.ini
tags: certstore
- name: "tsg-os-provision: Template the tsgconf/main.conf"
template:
src: "../templates/main.conf.j2"
dest: /opt/tsg/sapp/tsgconf/main.conf
tags: firewall
- name: "tsg-os-provision: Template the tsgconf/maat.conf"
template:
src: "../templates/maat.conf.j2"
dest: /opt/tsg/sapp/tsgconf/maat.conf
tags: firewall
- name: "tsg-os-provision: Template the session_record.inf"
template:
src: "../templates/session_record.inf.j2"
dest: /opt/tsg/sapp/plug/business/session_record/session_record.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"
dest: /opt/tsg/sapp/etc/sapp.toml
tags: sapp
- name: "tsg-os-provision: Templates telegraf.conf"
template:
src: "../templates/telegraf_statistic.conf.j2"
dest: /etc/telegraf/telegraf_statistic.conf
tags: telegraf_statistic
- name: "tsg-os-provision: Templates telegraf.conf"
template:
src: "../templates/telegraf_shaping.conf.j2"
dest: /etc/telegraf/telegraf_shaping.conf
tags: telegraf_shaping
- name: "tsg-os-provision: template the tfe.conf"
template:
src: "../templates/tfe.conf.j2"
dest: /opt/tsg/tfe/conf/tfe/tfe.conf
tags: tfe
- name: "tsg-os-provision: template the pangu_pxy.conf"
template:
src: "../templates/pangu_pxy.conf.j2"
dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
tags: tfe
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
state: directory
- name: "tsg-os-provision: template the tsg_device_tag"
template:
src: "../templates/tsg_device_tag.json.j2"
dest: /opt/tsg/etc/tsg_device_tag.json
tags: tsg_device_tag
- name: "tsg-os-provision: template wannat wangw.conf file"
template:
src: "../templates/wangw.conf.j2"
dest: /opt/tsg/sapp/etc/wannat/wangw.conf
tags: wangw
- name: "tsg-os-provision: template wire_graft.conf file"
template:
src: "../templates/wire_graft.conf.j2"
dest: /opt/tsg/sapp/etc/wire_graft/wire_graft.conf
tags: wire_graft
- name: "tsg-os-provision: coredump setup override - mkdir"
file:
path: /usr/lib/systemd/coredump.conf.d/
state: directory
- name: "tsg-os-provision: coredump setup override - override"
template:
src: "../templates/coredump_setup_override.conf.j2"
dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
- name: 'tsg-os-provision: execute command - systemctl daemon-reload'
systemd:
daemon_reload: yes
- name: "tsg-os-provision: snapshot the stage2 config files"
copy:
src: /data/tsg-os-provision/provision.yml
dest: /data/tsg-os-provision/provision.yml.snapshot
- name: add porvision successed sign
file:
path: /data/tsg-os-provision/.provision_succeeded
state: touch
- name: "tsg-os-provision: start mrenv"
systemd:
name: mrenv
state: started
when: enable_config_apply == '1'
- name: "tsg-os-provision: start mrzcpd"
systemd:
name: mrzcpd
state: started
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_device"
systemd:
name: mrapm_device
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_stream"
systemd:
name: mrapm_stream
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart telegraf_statistic"
systemd:
name: telegraf_statistic
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart certstore"
systemd:
name: certstore
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart cert-redis"
systemd:
name: cert-redis
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart sapp"
systemd:
name: sapp
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart tfe"
systemd:
name: tfe
state: restarted
when: enable_config_apply == '1'

402
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804
View File

@@ -1,402 +0,0 @@
---
- hosts: provision
tasks:
- name: Load default config file variable
include_vars:
file: /opt/tsg/tsg-os-provision/provision.default.yml
- name: Load general config file variable
include_vars:
file: /data/tsg-os-provision/provision.yml
- name: Load provision.yml.d config file variable
include_vars:
dir: /data/tsg-os-provision/provision.yml.d/
ignore_unknown_extensions: yes
extensions:
- 'yml'
- 'yaml'
######setting cpu affinity start######
- name: obtain cpu layout info
set_fact:
cpu_layout_obtained: "{{ item }}"
loop: "{{ cpu_layouts }}"
when:
- ansible_facts.processor[2] is search(item.match.model_name)
- ansible_facts.processor_count == item.match.sockets
- name: set cpu affinity variable
set_fact:
workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity | join(',') }}"
workload_zcpd_cpu_affinity: "{{ cpu_layout_obtained.mrzcpd_affinity | join(',')}}"
workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity | length }}"
workload_proxy_cpu_affinity: "{{ cpu_layout_obtained.tfe_affinity | join(',') }}"
workload_proxy_worker_thread: "{{ cpu_layout_obtained.tfe_affinity | length | int - 1 }}"
- name: "tsg-os-provision: rewrite sapp_cpu_affinity and sapp_worker_threads"
set_fact:
workload_firewall_cpu_affinity: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | join(',') }}"
workload_firewall_worker_threads: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | length }}"
when: proxy.enable == 0
######setting cpu affinity end######
######setting nic cpu affinity mask start######
- name: output cpu_layouts config to config .cpu_layouts.json
copy:
content: "{{ cpu_layouts| to_json }}"
dest: /opt/tsg/tsg-os-provision/.cpu_layouts.json
- name: "tsg-os-provision: obtain rps_mask"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_rps_mask.py
register: result_exec_obtain_rps_mask
- name: "tsg-os-provision: check result_exec_obtain_rps_mask"
assert:
that:
- result_exec_obtain_rps_mask.rc == 0
- result_exec_obtain_rps_mask.failed == False
fail_msg: "error:{{ result_exec_obtain_rps_mask.stderr }},stdout:{{ result_exec_obtain_rps_mask.stdout_lines }}"
success_msg: "Successded: obtain rpm mask"
- name: "set rps_mask into tfe-env-config"
set_fact:
tfe_env_rps_info: "{{ result_exec_obtain_rps_mask.stdout | from_json }}"
- name: "output tfe_env_rps_info"
debug:
msg: "{{ tfe_env_rps_info }}"
######setting nic cpu affinity mask end######
######get isolate cpu core start######
- name: redirect proxy config to config .proxy.json
copy:
content: "{{ proxy | to_json }}"
dest: /opt/tsg/tsg-os-provision/.proxy.json
- name: "tsg-os-provision: execute obtain_isolate_cpu_range.py"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_isolate_cpu_range.py
register: result_exec_obtain_isolate_cpu_range
- name: "tsg-os-provision: check result_exec_obtain_isolate_cpu_range"
assert:
that:
- result_exec_obtain_isolate_cpu_range.rc == 0
- result_exec_obtain_isolate_cpu_range.failed == False
fail_msg: "error:{{ result_exec_obtain_isolate_cpu_range.stderr }},stdout:{{ result_exec_obtain_isolate_cpu_range.stdout_lines }}"
success_msg: "Successded: obtain isolate cpu range"
- name: "set fact grub_cpu_isolate"
set_fact:
grub_cpu_isolate: "{{ result_exec_obtain_isolate_cpu_range.stdout }}"
######get isolate cpu core end######
- name: get /proc/cmdline
shell: cat /proc/cmdline
register: result_exec_cat_cmdline
- name: need to reboot
fail:
msg: "Detected that the configuration of cpu isolate has changed, please run command \"provision-config-apply --reboot\" to reboot the machine that make the configuration take effect!"
when:
- result_exec_cat_cmdline is not search(grub_cpu_isolate)
- enable_config_apply != '2'
- name: "set keep_alive_ip"
set_fact:
gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}"
- name: "set cm_policy_server_ip and cm_policy_server_port"
set_fact:
cm_policy_server_ip: "{{cm.policy_server.address}}"
cm_policy_server_port: "{{ cm.policy_server.port }}"
- name: "replace action: grub config isolate cpu"
replace:
path: "{{ item }}"
regexp: 'isolcpus=\d+-+\d+'
replace: 'isolcpus={{grub_cpu_isolate}}'
with_items:
- /boot/grub/grub.cfg
- /etc/grub.d/40_onie_grub
- name: "tsg-os-provision: Template the conflist.inf"
template:
src: ../templates/conflist.inf.j2
dest: /opt/tsg/sapp/plug/conflist.inf
tags: sapp
- name: "tsg-os-provision: template gdev.conf file"
template:
src: "../templates/gdev.conf.j2"
dest: /opt/tsg/sapp/etc/gdev.conf
tags: sapp
- name: "tsg-os-provision: template mrglobal.conf file"
template:
src: "../templates/mrglobal.conf.j2"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
tags: mrzcpd
- name: "tsg-os-provision: template certstore configure file"
template:
src: "../templates/cert_store.ini.j2"
dest: /opt/tsg/certstore/conf/cert_store.ini
tags: certstore
- name: "tsg-os-provision: Template the tsgconf/main.conf"
template:
src: "../templates/main.conf.j2"
dest: /opt/tsg/sapp/tsgconf/main.conf
tags: firewall
- name: "tsg-os-provision: Template the tsgconf/maat.conf"
template:
src: "../templates/maat.conf.j2"
dest: /opt/tsg/sapp/tsgconf/maat.conf
tags: firewall
- name: "tsg-os-provision: Template the session_record.inf"
template:
src: "../templates/session_record.inf.j2"
dest: /opt/tsg/sapp/plug/business/session_record/session_record.inf
tags: firewall
- name: "tsg-os-provision: Template the firewall.inf"
template:
src: "../templates/firewall.inf.j2"
dest: /opt/tsg/sapp/plug/business/firewall/firewall.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"
dest: /opt/tsg/sapp/etc/sapp.toml
tags: sapp
- name: "tsg-os-provision: Template the send_raw_pkt.conf"
template:
src: "../templates/send_raw_pkt.conf.j2"
dest: /opt/tsg/sapp/etc/send_raw_pkt.conf
tags: sapp
- name: "tsg-os-provision: template the kni.conf"
template:
src: "../templates/kni.conf.j2"
dest: /opt/tsg/sapp/etc/kni/kni.conf
tags: sapp
- name: "tsg-os-provision: Templates telegraf.conf"
template:
src: "../templates/telegraf_statistic.conf.j2"
dest: /etc/telegraf/telegraf_statistic.conf
tags: telegraf_statistic
# - name: "tsg-os-provision: Templates telegraf.conf"
# template:
# src: "../templates/telegraf_shaping.conf.j2"
# dest: /etc/telegraf/telegraf_shaping.conf
# tags: telegraf_shaping
- name: "tsg-os-provision: Templates telegraf_security.conf"
template:
src: "../templates/telegraf_security.conf.j2"
dest: /etc/telegraf/telegraf_security.conf
tags: telegraf_security
- name: "template tfe-env service for rps mask"
template:
src: ../templates/service_add_StartPostForRps.conf.j2
dest: /usr/lib/systemd/system/tfe-env.service.d/service_add_StartPostForRps.conf
tags: tfe
- name: "tsg-os-provision: template the tfe.conf"
template:
src: "../templates/tfe.conf.j2"
dest: /opt/tsg/tfe/conf/tfe/tfe.conf
tags: tfe
- name: "tsg-os-provision: template the pangu_pxy.conf"
template:
src: "../templates/pangu_pxy.conf.j2"
dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
tags: tfe
- name: "tsg-os-provision: template consul"
template:
src: "../templates/consul.hcl.j2"
dest: /etc/consul.d/consul.hcl
tags: consul
when: shaping.enable == 1
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
state: directory
- name: "tsg-os-provision: obtain sn and write sn to tsg_sn.json"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
register: result_exec_obtain_sn_and_write_sn_in_file
- name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file"
assert:
that:
- result_exec_obtain_sn_and_write_sn_in_file.rc == 0
- result_exec_obtain_sn_and_write_sn_in_file.failed == False
fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}"
success_msg: "Successded: obtain the sn and write sn into tsg_sn.json"
- name: "tsg-os-provision: template the tsg_device_tag"
template:
src: "../templates/tsg_device_tag.json.j2"
dest: /opt/tsg/etc/tsg_device_tag.json
tags: tsg_device_tag
- name: 'tsg-os-provision: execute command - systemctl daemon-reload'
systemd:
daemon_reload: yes
- name: "tsg-os-provision: template wannat wangw.conf file"
template:
src: "../templates/wangw.conf.j2"
dest: /opt/tsg/sapp/etc/wannat/wangw.conf
tags: wangw
- name: "tsg-os-provision: template wire_graft.conf file"
template:
src: "../templates/wire_graft.conf.j2"
dest: /opt/tsg/sapp/etc/wire_graft/wire_graft.conf
tags: wire_graft
- name: "tsg-os-provision: coredump setup override - mkdir"
file:
path: /usr/lib/systemd/coredump.conf.d/
state: directory
- name: "tsg-os-provision: coredump setup override - override"
template:
src: "../templates/coredump_setup_override.conf.j2"
dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
- name: "tsg-os-provision: snapshot the stage2 config files"
copy:
src: /data/tsg-os-provision/provision.yml
dest: /data/tsg-os-provision/provision.yml.snapshot
- name: "tsg-os-provision: disable enable service step 1:mount partition to mnt_tmp"
mount:
path: /tmp/mnt_tmp
src: /dev/sda4
fstype: ext4
state: mounted
- name: "tsg-os-provision: disable service step 2:disable tfe service"
shell: "{{ item }}"
with_items:
- systemctl --root=/tmp/mnt_tmp disable tfe.service
- systemctl --root=/tmp/mnt_tmp disable tfe-env.service
when: proxy.enable == 0
- name: "tsg-os-provision: enable service step 2:enable tfe service"
shell: "{{ item }}"
with_items:
- systemctl --root=/tmp/mnt_tmp enable tfe.service
- systemctl --root=/tmp/mnt_tmp enable tfe-env.service
when: proxy.enable == 1
- name: "tsg-os-provision: disable enable service step 3:umount mnt_tmp"
mount:
path: /tmp/mnt_tmp
state: absent
- name: add porvision successed sign
file:
path: /data/tsg-os-provision/.provision_succeeded
state: touch
- name: "tsg-os-provision: restart consul"
systemd:
name: consul
state: restarted
when:
- enable_config_apply == '1'
- shaping.enable == 1
- name: "tsg-os-provision: restart mrenv"
systemd:
name: mrenv
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrzcpd"
systemd:
name: mrzcpd
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_device"
systemd:
name: mrapm_device
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_stream"
systemd:
name: mrapm_stream
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart telegraf_statistic"
systemd:
name: telegraf_statistic
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart certstore"
systemd:
name: certstore
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart cert-redis"
systemd:
name: cert-redis
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart sapp"
systemd:
name: sapp
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: stop tfe"
systemd:
name: "{{ item }}"
state: stopped
with_items:
- tfe
- tfe-env
when:
- enable_config_apply == '1'
- proxy.enable == 0
- name: "tsg-os-provision: restart tfe-env"
systemd:
name: tfe-env
state: restarted
when:
- enable_config_apply == '1'
- proxy.enable == 1
- name: "tsg-os-provision: restart tfe"
systemd:
name: tfe
state: restarted
when:
- enable_config_apply == '1'
- proxy.enable == 1

207
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403
View File

@@ -1,207 +0,0 @@
---
- hosts: provision
tasks:
- name: Load default config file variable
include_vars:
file: /opt/tsg/tsg-os-provision/provision.default.yml
- name: Load general config file variable
include_vars:
file: /data/tsg-os-provision/provision.yml
- name: Load provision.yml.d config file variable
include_vars:
dir: /data/tsg-os-provision/provision.yml.d/
ignore_unknown_extensions: yes
extensions:
- 'yml'
- 'yaml'
######setting cpu affinity start######
- name: obtain cpu layout info
set_fact:
cpu_layout_obtained: "{{ item }}"
loop: "{{ cpu_layouts }}"
when:
- ansible_facts.processor[2] is search(item.match.model_name)
- ansible_facts.processor_count == item.match.sockets
- name: set cpu affinity variable
set_fact:
workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity | join(',') }}"
workload_zcpd_cpu_affinity: "{{ cpu_layout_obtained.mrzcpd_affinity | join(',')}}"
workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity | length }}"
######setting cpu affinity end######
- name: "set keep_alive_ip"
set_fact:
gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}"
- name: "set cm_policy_server_ip and cm_policy_server_port"
set_fact:
cm_policy_server_ip: "{{cm.policy_server.address}}"
cm_policy_server_port: "{{ cm.policy_server.port }}"
- name: "tsg-os-provision: Template the conflist.inf"
template:
src: ../templates/conflist.inf.j2
dest: /opt/tsg/sapp/plug/conflist.inf
tags: sapp
- name: "tsg-os-provision: template gdev.conf file"
template:
src: "../templates/gdev.conf.j2"
dest: /opt/tsg/sapp/etc/gdev.conf
tags: sapp
- name: "tsg-os-provision: template mrglobal.conf file"
template:
src: "../templates/mrglobal.conf.j2"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
tags: mrzcpd
- name: "tsg-os-provision: Template the tsgconf/main.conf"
template:
src: "../templates/main.conf.j2"
dest: /opt/tsg/sapp/tsgconf/main.conf
tags: firewall
- name: "tsg-os-provision: Template the tsgconf/maat.conf"
template:
src: "../templates/maat.conf.j2"
dest: /opt/tsg/sapp/tsgconf/maat.conf
tags: firewall
- name: "tsg-os-provision: Template the firewall.inf"
template:
src: "../templates/firewall.inf.j2"
dest: /opt/tsg/sapp/plug/business/firewall/firewall.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"
dest: /opt/tsg/sapp/etc/sapp.toml
tags: sapp
- name: "tsg-os-provision: Template the send_raw_pkt.conf"
template:
src: "../templates/send_raw_pkt.conf.j2"
dest: /opt/tsg/sapp/etc/send_raw_pkt.conf
tags: sapp
- name: "tsg-os-provision: Templates telegraf.conf"
template:
src: "../templates/telegraf_statistic.conf.j2"
dest: /etc/telegraf/telegraf_statistic.conf
tags: telegraf_statistic
# - name: "tsg-os-provision: Templates telegraf.conf"
# template:
# src: "../templates/telegraf_shaping.conf.j2"
# dest: /etc/telegraf/telegraf_shaping.conf
# tags: telegraf_shaping
- name: "tsg-os-provision: Templates telegraf_security.conf"
template:
src: "../templates/telegraf_security.conf.j2"
dest: /etc/telegraf/telegraf_security.conf
tags: telegraf_security
- name: "tsg-os-provision: template consul"
template:
src: "../templates/consul.hcl.j2"
dest: /etc/consul.d/consul.hcl
tags: consul
when: shaping.enable == 1
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
state: directory
- name: "tsg-os-provision: obtain sn and write sn to tsg_sn.json"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
register: result_exec_obtain_sn_and_write_sn_in_file
- name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file"
assert:
that:
- result_exec_obtain_sn_and_write_sn_in_file.rc == 0
- result_exec_obtain_sn_and_write_sn_in_file.failed == False
fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}"
success_msg: "Successded: obtain the sn and write sn into tsg_sn.json"
- name: "tsg-os-provision: template the tsg_device_tag"
template:
src: "../templates/tsg_device_tag.json.j2"
dest: /opt/tsg/etc/tsg_device_tag.json
tags: tsg_device_tag
- name: 'tsg-os-provision: execute command - systemctl daemon-reload'
systemd:
daemon_reload: yes
- name: "tsg-os-provision: coredump setup override - mkdir"
file:
path: /usr/lib/systemd/coredump.conf.d/
state: directory
- name: "tsg-os-provision: coredump setup override - override"
template:
src: "../templates/coredump_setup_override.conf.j2"
dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
- name: "tsg-os-provision: snapshot the stage2 config files"
copy:
src: /data/tsg-os-provision/provision.yml
dest: /data/tsg-os-provision/provision.yml.snapshot
- name: add porvision successed sign
file:
path: /data/tsg-os-provision/.provision_succeeded
state: touch
- name: "tsg-os-provision: restart consul"
systemd:
name: consul
state: restarted
when:
- enable_config_apply == '1'
- shaping.enable == 1
- name: "tsg-os-provision: restart mrenv"
systemd:
name: mrenv
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrzcpd"
systemd:
name: mrzcpd
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_device"
systemd:
name: mrapm_device
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_stream"
systemd:
name: mrapm_stream
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart telegraf_statistic"
systemd:
name: telegraf_statistic
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart sapp"
systemd:
name: sapp
state: restarted
when: enable_config_apply == '1'

14
ansible/roles/tsg-os-provision/tasks/main.yml
View File

@@ -113,20 +113,6 @@
mode: 0644
when: runtime_env == 'TSG-9140'
- name: "tsg-os-provision: copy provision.default.yml - tsg server"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.SERVER"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: runtime_env == 'TSG-server'
- name: "tsg-os-provision: copy provision.default.yml - TSG-X-P1304"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: runtime_env == 'TSG-X-P1403'
- name: "tsg-os-provision: copy provision.default.yml - TSG-X-P0906"
copy:
src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804"