From fe25fc0a2c19c8fc273042a3c90044878cf14822 Mon Sep 17 00:00:00 2001 From: fumingwei Date: Wed, 4 Aug 2021 17:40:42 +0800 Subject: [PATCH] =?UTF-8?q?feature:TSG-7265=E6=96=B0=E5=A2=9Eprovision.yml?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6feature=E5=AD=97=E6=AE=B5?= =?UTF-8?q?=E6=8E=A7=E5=88=B6firewall=E6=8F=92=E4=BB=B6=E7=9A=84=E8=BF=90?= =?UTF-8?q?=E8=A1=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/roles/sapp/tasks/main.yml | 18 +++-------- .../conflist.inf.j2.j2.7400MCN0P01R01 | 25 ++++++++++++--- ...01R01 => conflist.inf.j2.j2.9000NPBP01R01} | 22 +++++++++++-- ...MCN0P01R01 => necessary_plug_list.conf.j2} | 5 +-- .../necessary_plug_list.conf.j2.9000NPBP01R01 | 31 ------------------- .../provision.yml.sample.7400MCN0P01R01 | 25 +++++++++++++-- .../provision.yml.sample.7400MCN123P01R01 | 2 +- .../provision.yml.sample.9000NPBP01R01 | 17 ++++++++++ .../files/tasks/provision.yml.7400MCN0P01R01 | 6 ---- .../files/tasks/provision.yml.9000NPBP01R01 | 6 ++++ 10 files changed, 92 insertions(+), 65 deletions(-) rename ansible/roles/sapp/templates/{conflist.inf.j2.9000NPBP01R01 => conflist.inf.j2.j2.9000NPBP01R01} (72%) rename ansible/roles/sapp/templates/{necessary_plug_list.conf.j2.j2.7400MCN0P01R01 => necessary_plug_list.conf.j2} (92%) delete mode 100644 ansible/roles/sapp/templates/necessary_plug_list.conf.j2.9000NPBP01R01 diff --git a/ansible/roles/sapp/tasks/main.yml b/ansible/roles/sapp/tasks/main.yml index 6744bd82..c9a3df67 100644 --- a/ansible/roles/sapp/tasks/main.yml +++ b/ansible/roles/sapp/tasks/main.yml @@ -58,8 +58,8 @@ - name: Template the conflist.inf - tsg_9140 template: - src: "{{ role_path }}/templates/conflist.inf.j2.9000NPBP01R01" - dest: /opt/tsg/sapp/plug/conflist.inf + src: "{{ role_path }}/templates/conflist.inf.j2.j2.9000NPBP01R01" + dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2 tags: template when: - PROFILE_ID == '9000-NPB-P01R01' @@ -84,21 +84,13 @@ dest: /opt/tsg/sapp/etc/asymmetric_addr_layer.conf tags: template -- name: Template the necessary_plug_list.conf - tsg_9140 +- name: Template the necessary_plug_list.conf - 7400-MCN0 and 9140 template: - src: "{{ role_path }}/templates/necessary_plug_list.conf.j2.9000NPBP01R01" + src: "{{ role_path }}/templates/necessary_plug_list.conf.j2" dest: /opt/tsg/sapp/etc/necessary_plug_list.conf tags: template when: - - PROFILE_ID == '9000-NPB-P01R01' - -- name: Template the necessary_plug_list.conf - tsg_7400 - template: - src: "{{ role_path }}/templates/necessary_plug_list.conf.j2.j2.7400MCN0P01R01" - dest: /opt/tsg/tsg-os-provision/templates/necessary_plug_list.conf.j2 - tags: template - when: - - PROFILE_ID == '7400-MCN0-P01R01' + - PROFILE_ID == '7400-MCN0-P01R01' or PROFILE_ID == '9000-NPB-P01R01' - name: Template the vlan_flipping_map.conf - tsg-9140 template: diff --git a/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01 b/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01 index 8871d907..0a9cc899 100644 --- a/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01 +++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01 @@ -1,9 +1,16 @@ [platform] +{% raw %}{% if wannat.enable == 1 %} ./plug/platform/wannat/wangw.inf ./plug/platform/wire_graft/wire_graft.inf +{% endif %} +{% if connsketch.enable == 1 %} ./plug/platform/app_proto_identify/app_proto_identify.inf +{% endif %} ./plug/platform/tsg_master/tsg_master.inf +{% if app.identify_by.builtin_app_engine == 1 %} ./plug/platform/app_proto_engine/app_proto_engine.inf +{% endif %} +{% endraw %} [protocol] ./plug/protocol/mesa_sip/mesa_sip.inf @@ -18,9 +25,16 @@ ./plug/protocol/gtp/gtp.inf [business] +{% raw %}{% if connsketch.enable == 1 %} ./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf +{% endif %} +{% if capturepacket.enable == 1 %} ./plug/business/capture_packet_plug/capture_packet_plug.inf +{% endif %} +{% if proxy.enable == 1 %} ./plug/business/kni/kni.inf +{% endif %} +{% if firewall.enable == 1 %} ./plug/business/fw_ssl_plug/fw_ssl_plug.inf ./plug/business/fw_http_plug/fw_http_plug.inf ./plug/business/fw_dns_plug/fw_dns_plug.inf @@ -28,11 +42,14 @@ ./plug/business/fw_ftp_plug/fw_ftp_plug.inf ./plug/business/fw_quic_plug/fw_quic_plug.inf ./plug/business/fw_voip_plug/fw_voip_plug.inf -./plug/business/conn_telemetry/conn_telemetry.inf -./plug/business/app_sketch_local/app_sketch_local.inf ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf -./plug/business/deal_socks/deal_socks.inf -{% raw %}{% if npb_device == 'tera' %} +./plug/business/deal_socks/deal_socks.inf +{% endif %} +./plug/business/conn_telemetry/conn_telemetry.inf +{% if app.identify_by.user_defined_signature == 1 %} +./plug/business/app_sketch_local/app_sketch_local.inf +{% endif %} +{% if npb_device == 'tera' %} ./plug/business/http_healthcheck/http_healthcheck.inf {% endif %} {% endraw %} \ No newline at end of file diff --git a/ansible/roles/sapp/templates/conflist.inf.j2.9000NPBP01R01 b/ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01 similarity index 72% rename from ansible/roles/sapp/templates/conflist.inf.j2.9000NPBP01R01 rename to ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01 index a2a4421c..fdcf77e6 100644 --- a/ansible/roles/sapp/templates/conflist.inf.j2.9000NPBP01R01 +++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01 @@ -1,7 +1,12 @@ [platform] +{% raw %}{% if connsketch.enable == 1 %} ./plug/platform/app_proto_identify/app_proto_identify.inf +{% endif %} ./plug/platform/tsg_master/tsg_master.inf +{% if app.identify_by.builtin_app_engine == 1 %} ./plug/platform/app_proto_engine/app_proto_engine.inf +{% endif %} +{% endraw %} [protocol] ./plug/protocol/mesa_sip/mesa_sip.inf @@ -16,9 +21,16 @@ ./plug/protocol/gtp/gtp.inf [business] +{% raw %}{% if connsketch.enable == 1 %} ./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf +{% endif %} +{% if capturepacket.enable == 1 %} ./plug/business/capture_packet_plug/capture_packet_plug.inf +{% endif %} +{% if proxy.enable == 1 %} ./plug/business/kni/kni.inf +{% endif %} +{% if firewall.enable == 1 %} ./plug/business/fw_ssl_plug/fw_ssl_plug.inf ./plug/business/fw_http_plug/fw_http_plug.inf ./plug/business/fw_dns_plug/fw_dns_plug.inf @@ -26,7 +38,11 @@ ./plug/business/fw_ftp_plug/fw_ftp_plug.inf ./plug/business/fw_quic_plug/fw_quic_plug.inf ./plug/business/fw_voip_plug/fw_voip_plug.inf -./plug/business/conn_telemetry/conn_telemetry.inf -./plug/business/app_sketch_local/app_sketch_local.inf ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf -./plug/business/deal_socks/deal_socks.inf \ No newline at end of file +./plug/business/deal_socks/deal_socks.inf +{% endif %} +./plug/business/conn_telemetry/conn_telemetry.inf +{% if app.identify_by.user_defined_signature == 1 %} +./plug/business/app_sketch_local/app_sketch_local.inf +{% endif %} +{% endraw %} \ No newline at end of file diff --git a/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.j2.7400MCN0P01R01 b/ansible/roles/sapp/templates/necessary_plug_list.conf.j2 similarity index 92% rename from ansible/roles/sapp/templates/necessary_plug_list.conf.j2.j2.7400MCN0P01R01 rename to ansible/roles/sapp/templates/necessary_plug_list.conf.j2 index 9657ef2a..c003d024 100644 --- a/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.j2.7400MCN0P01R01 +++ b/ansible/roles/sapp/templates/necessary_plug_list.conf.j2 @@ -31,7 +31,4 @@ ./plug/protocol/gtp/gtp.inf ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf ./plug/platform/app_proto_engine/app_proto_engine.inf -{% raw %}{% if npb_device == 'tera' %} -./plug/business/http_healthcheck/http_healthcheck.inf -{% endif %} -{% endraw %} \ No newline at end of file +./plug/business/http_healthcheck/http_healthcheck.inf \ No newline at end of file diff --git a/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.9000NPBP01R01 b/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.9000NPBP01R01 deleted file mode 100644 index 811f7d85..00000000 --- a/ansible/roles/sapp/templates/necessary_plug_list.conf.j2.9000NPBP01R01 +++ /dev/null @@ -1,31 +0,0 @@ -#以下插件如果加载,初始化失败, sapp平台会退出; -#插件的路径来自配置文件 ./plug/conflist.inf, 不需要加段落标识[platform],[protocol],[business]等. -#If the following plugins fail to initialize, the sapp platform will exit. -#The name of the plugin comes from the configuration ./plug/conflist.inf, section identification is not required. - -./plug/platform/app_proto_identify/app_proto_identify.inf -./plug/platform/tsg_master/tsg_master.inf -./plug/protocol/mesa_sip/mesa_sip.inf -./plug/protocol/rtp/rtp.inf -./plug/protocol/ssl/ssl.inf -./plug/protocol/http/http.inf -./plug/protocol/dns/dns.inf -./plug/protocol/mail/mail.inf -./plug/protocol/ftp/ftp.inf -./plug/protocol/quic/quic.inf -./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf -./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf -./plug/business/capture_packet_plug/capture_packet_plug.inf -./plug/business/kni/kni.inf -./plug/business/fw_ssl_plug/fw_ssl_plug.inf -./plug/business/fw_http_plug/fw_http_plug.inf -./plug/business/fw_dns_plug/fw_dns_plug.inf -./plug/business/fw_mail_plug/fw_mail_plug.inf -./plug/business/fw_ftp_plug/fw_ftp_plug.inf -./plug/business/fw_quic_plug/fw_quic_plug.inf -./plug/business/fw_voip_plug/fw_voip_plug.inf -./plug/business/conn_telemetry/conn_telemetry.inf -./plug/business/app_sketch_local/app_sketch_local.inf -./plug/protocol/gtp/gtp.inf -./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf -./plug/platform/app_proto_engine/app_proto_engine.inf \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 index 2f9fc229..7f201a45 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 @@ -67,12 +67,31 @@ network_setting: nic_policy_log: ipv4: 127.0.0.1/24 ipv6: 'fe80\:\:5/64' - gateway_ipv4: 191.168.1.1 + gateway_ipv4: 192.168.1.1 wannat_natgw: natgw_ip: "127.0.0.1" - + wannat_toroad: server_ip: "127.0.0.1" server_port: 8888 - \ No newline at end of file + +firewall: + enable: 0/1 + +proxy: + enable: 0/1 + +connsketch: + enable: 0/1 + +capturepacket: + enable: 0/1 + +wannat: + enable: 0/1 + +app: + identify_by: + user_defined_signature: 0/1 + builtin_app_engine: 0/1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01 index 2d268fdf..ecf1c327 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN123P01R01 @@ -38,4 +38,4 @@ network_setting: nic_policy_log: ipv4: 127.0.0.1/24 ipv6: 'fe80\:\:5/64' - gateway_ipv4: 191.168.1.1 \ No newline at end of file + gateway_ipv4: 192.168.1.1 \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 index 318b48b9..287a44f8 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 @@ -34,3 +34,20 @@ cache: hos: address: "127.0.0.1" port: 9090 + +firewall: + enable: 0/1 + +proxy: + enable: 0/1 + +connsketch: + enable: 0/1 + +capturepacket: + enable: 0/1 + +app: + identify_by: + user_defined_signature: 0/1 + builtin_app_engine: 0/1 diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 index b1152eae..5b88e978 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 @@ -94,12 +94,6 @@ dest: /opt/tsg/sapp/plug/conflist.inf tags: sapp - - name: "tsg-os-provision: necessary_plug_list.conf" - template: - src: ../templates/necessary_plug_list.conf.j2 - dest: /opt/tsg/sapp/etc/necessary_plug_list.conf - tags: sapp - - name: "tsg-os-provision: vlan_flipping_map.conf" template: src: ../templates/vlan_flipping_map.conf.j2 diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 index beb3a344..4b52c12e 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 @@ -43,6 +43,12 @@ set_fact: keepalive_subnet_ip: "{{ result_exec_obtain_keepalive_subnet.stdout_lines[0] }}" + - name: "tsg-os-provision: Template the conflist.inf" + template: + src: ../templates/conflist.inf.j2 + dest: /opt/tsg/sapp/plug/conflist.inf + tags: sapp + - name: "tsg-os-provision: template gdev.conf file" template: src: "../templates/gdev.conf.j2"