feature:TSG-7265新增provision.yml配置文件feature字段控制firewall插件的运行

2021-08-04 17:40:42 +08:00
parent 59245337d9
commit fe25fc0a2c
10 changed files with 92 additions and 65 deletions
--- a/ansible/roles/sapp/tasks/main.yml
+++ b/ansible/roles/sapp/tasks/main.yml
@@ -58,8 +58,8 @@

 - name: Template the conflist.inf - tsg_9140
  template:
-    src: "{{ role_path }}/templates/conflist.inf.j2.9000NPBP01R01"
-    dest: /opt/tsg/sapp/plug/conflist.inf
+    src: "{{ role_path }}/templates/conflist.inf.j2.j2.9000NPBP01R01"
+    dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2
  tags: template
  when:
    - PROFILE_ID == '9000-NPB-P01R01'
@@ -84,21 +84,13 @@
    dest: /opt/tsg/sapp/etc/asymmetric_addr_layer.conf
  tags: template

- name: Template the necessary_plug_list.conf - tsg_9140
+- name: Template the necessary_plug_list.conf - 7400-MCN0 and 9140
  template:
-    src: "{{ role_path }}/templates/necessary_plug_list.conf.j2.9000NPBP01R01"
+    src: "{{ role_path }}/templates/necessary_plug_list.conf.j2"
    dest: /opt/tsg/sapp/etc/necessary_plug_list.conf
  tags: template
  when:
-    - PROFILE_ID == '9000-NPB-P01R01'
-
- name: Template the necessary_plug_list.conf - tsg_7400
-  template:
-    src: "{{ role_path }}/templates/necessary_plug_list.conf.j2.j2.7400MCN0P01R01"
-    dest: /opt/tsg/tsg-os-provision/templates/necessary_plug_list.conf.j2
-  tags: template
-  when:
-    - PROFILE_ID == '7400-MCN0-P01R01'
+    - PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '9000-NPB-P01R01'

 - name: Template the vlan_flipping_map.conf - tsg-9140
  template:
--- a/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01
+++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01
@@ -1,9 +1,16 @@
 [platform]
+{% raw %}{% if wannat.enable == 1 %}
 ./plug/platform/wannat/wangw.inf
 ./plug/platform/wire_graft/wire_graft.inf
+{% endif %}
+{% if connsketch.enable == 1 %}
 ./plug/platform/app_proto_identify/app_proto_identify.inf
+{% endif %}
 ./plug/platform/tsg_master/tsg_master.inf
+{% if app.identify_by.builtin_app_engine == 1 %}
 ./plug/platform/app_proto_engine/app_proto_engine.inf
+{% endif %}
+{% endraw %}

 [protocol]
 ./plug/protocol/mesa_sip/mesa_sip.inf
@@ -18,9 +25,16 @@
 ./plug/protocol/gtp/gtp.inf

 [business]
+{% raw %}{% if connsketch.enable == 1 %}
 ./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+{% endif %}
+{% if capturepacket.enable == 1 %}
 ./plug/business/capture_packet_plug/capture_packet_plug.inf
+{% endif %}
+{% if proxy.enable == 1 %}
 ./plug/business/kni/kni.inf
+{% endif %}
+{% if firewall.enable == 1 %}
 ./plug/business/fw_ssl_plug/fw_ssl_plug.inf
 ./plug/business/fw_http_plug/fw_http_plug.inf
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
@@ -28,11 +42,14 @@
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
 ./plug/business/fw_quic_plug/fw_quic_plug.inf
 ./plug/business/fw_voip_plug/fw_voip_plug.inf
-./plug/business/conn_telemetry/conn_telemetry.inf
-./plug/business/app_sketch_local/app_sketch_local.inf
 ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
-./plug/business/deal_socks/deal_socks.inf
-{% raw %}{% if npb_device == 'tera' %}
+./plug/business/deal_socks/deal_socks.inf 
+{% endif %}
+./plug/business/conn_telemetry/conn_telemetry.inf
+{% if app.identify_by.user_defined_signature == 1 %}
+./plug/business/app_sketch_local/app_sketch_local.inf
+{% endif %}
+{% if npb_device == 'tera' %}
 ./plug/business/http_healthcheck/http_healthcheck.inf
 {% endif %}
 {% endraw %}
--- a/ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01
+++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01
@@ -1,7 +1,12 @@
 [platform]
+{% raw %}{% if connsketch.enable == 1 %}
 ./plug/platform/app_proto_identify/app_proto_identify.inf
+{% endif %}
 ./plug/platform/tsg_master/tsg_master.inf
+{% if app.identify_by.builtin_app_engine == 1 %}
 ./plug/platform/app_proto_engine/app_proto_engine.inf
+{% endif %}
+{% endraw %}

 [protocol]
 ./plug/protocol/mesa_sip/mesa_sip.inf
@@ -16,9 +21,16 @@
 ./plug/protocol/gtp/gtp.inf

 [business]
+{% raw %}{% if connsketch.enable == 1 %}
 ./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+{% endif %}
+{% if capturepacket.enable == 1 %}
 ./plug/business/capture_packet_plug/capture_packet_plug.inf
+{% endif %}
+{% if proxy.enable == 1 %}
 ./plug/business/kni/kni.inf
+{% endif %}
+{% if firewall.enable == 1 %}
 ./plug/business/fw_ssl_plug/fw_ssl_plug.inf
 ./plug/business/fw_http_plug/fw_http_plug.inf
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
@@ -26,7 +38,11 @@
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
 ./plug/business/fw_quic_plug/fw_quic_plug.inf
 ./plug/business/fw_voip_plug/fw_voip_plug.inf
-./plug/business/conn_telemetry/conn_telemetry.inf
-./plug/business/app_sketch_local/app_sketch_local.inf
 ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
-./plug/business/deal_socks/deal_socks.inf
+./plug/business/deal_socks/deal_socks.inf 
+{% endif %}
+./plug/business/conn_telemetry/conn_telemetry.inf
+{% if app.identify_by.user_defined_signature == 1 %}
+./plug/business/app_sketch_local/app_sketch_local.inf
+{% endif %}
+{% endraw %}
--- a/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.j2.7400MCN0P01R01
+++ b/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.j2.7400MCN0P01R01
@@ -31,7 +31,4 @@
 ./plug/protocol/gtp/gtp.inf
 ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
 ./plug/platform/app_proto_engine/app_proto_engine.inf
-{% raw %}{% if npb_device == 'tera' %}
-./plug/business/http_healthcheck/http_healthcheck.inf
-{% endif %}
-{% endraw %}
+./plug/business/http_healthcheck/http_healthcheck.inf
--- a/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.9000NPBP01R01
+++ b/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.9000NPBP01R01
@@ -1,31 +0,0 @@
-#以下插件如果加载,初始化失败, sapp平台会退出;
-#插件的路径来自配置文件 ./plug/conflist.inf, 不需要加段落标识[platform],[protocol],[business]等.
-#If the following plugins fail to initialize, the sapp platform will exit.
-#The name of the plugin comes from the configuration ./plug/conflist.inf, section identification is not required.
-
-./plug/platform/app_proto_identify/app_proto_identify.inf
-./plug/platform/tsg_master/tsg_master.inf
-./plug/protocol/mesa_sip/mesa_sip.inf
-./plug/protocol/rtp/rtp.inf
-./plug/protocol/ssl/ssl.inf
-./plug/protocol/http/http.inf
-./plug/protocol/dns/dns.inf
-./plug/protocol/mail/mail.inf
-./plug/protocol/ftp/ftp.inf
-./plug/protocol/quic/quic.inf
-./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf
-./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
-./plug/business/capture_packet_plug/capture_packet_plug.inf
-./plug/business/kni/kni.inf
-./plug/business/fw_ssl_plug/fw_ssl_plug.inf
-./plug/business/fw_http_plug/fw_http_plug.inf
-./plug/business/fw_dns_plug/fw_dns_plug.inf
-./plug/business/fw_mail_plug/fw_mail_plug.inf
-./plug/business/fw_ftp_plug/fw_ftp_plug.inf
-./plug/business/fw_quic_plug/fw_quic_plug.inf
-./plug/business/fw_voip_plug/fw_voip_plug.inf
-./plug/business/conn_telemetry/conn_telemetry.inf
-./plug/business/app_sketch_local/app_sketch_local.inf
-./plug/protocol/gtp/gtp.inf
-./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
-./plug/platform/app_proto_engine/app_proto_engine.inf
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
@@ -67,12 +67,31 @@ network_setting:
  nic_policy_log:
    ipv4: 127.0.0.1/24
    ipv6: 'fe80\:\:5/64'
-    gateway_ipv4: 191.168.1.1 
+    gateway_ipv4: 192.168.1.1 
 	
 wannat_natgw:
  natgw_ip: "127.0.0.1"
-  
+
 wannat_toroad:
  server_ip: "127.0.0.1"
  server_port: 8888
-	
+
+firewall:
+  enable: 0/1
+
+proxy:
+  enable: 0/1
+
+connsketch:
+  enable: 0/1
+
+capturepacket:
+  enable: 0/1
+
+wannat:
+  enable: 0/1
+
+app:
+  identify_by:
+    user_defined_signature: 0/1
+    builtin_app_engine: 0/1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01
@@ -38,4 +38,4 @@ network_setting:
  nic_policy_log:
    ipv4: 127.0.0.1/24
    ipv6: 'fe80\:\:5/64'
-    gateway_ipv4: 191.168.1.1 
+    gateway_ipv4: 192.168.1.1 
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
@@ -34,3 +34,20 @@ cache:
  hos:
    address: "127.0.0.1"
    port: 9090
+
+firewall:
+  enable: 0/1
+
+proxy:
+  enable: 0/1
+
+connsketch:
+  enable: 0/1
+
+capturepacket:
+  enable: 0/1
+
+app:
+  identify_by:
+    user_defined_signature: 0/1
+    builtin_app_engine: 0/1
--- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01
@@ -94,12 +94,6 @@
        dest: /opt/tsg/sapp/plug/conflist.inf
      tags: sapp

-    - name: "tsg-os-provision: necessary_plug_list.conf"
-      template:
-        src: ../templates/necessary_plug_list.conf.j2
-        dest: /opt/tsg/sapp/etc/necessary_plug_list.conf
-      tags: sapp
-
    - name: "tsg-os-provision: vlan_flipping_map.conf"
      template:
        src: ../templates/vlan_flipping_map.conf.j2
--- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01
@@ -43,6 +43,12 @@
      set_fact:
        keepalive_subnet_ip: "{{ result_exec_obtain_keepalive_subnet.stdout_lines[0] }}"

+    - name: "tsg-os-provision: Template the conflist.inf"
+      template:
+        src: ../templates/conflist.inf.j2
+        dest: /opt/tsg/sapp/plug/conflist.inf
+      tags: sapp
+
    - name: "tsg-os-provision: template gdev.conf file"
      template:
        src: "../templates/gdev.conf.j2"