删除wangw, wire_graft_plug功能端模块, 更新RPM包.

deploy_env.tmp/group_vars/all.yml

@@ -51,9 +51,8 @@ wannat_global:
     rpm_files:
         wangw_rpm_file: "libwangw-1.3.0.bcc9c59-2.el7.x86_64.rpm"    
         natgw_rpm_file: "wannat_natgw-1.3.3.d7123b3-2.el7.x86_64.rpm"    
-        wire_graft_rpm_file: "libwire_graft-1.2.8.d123db9-2.el7.x86_64.rpm"
-        wire_graft_devel_rpm_file: "libwire_graft-devel-1.2.8.d123db9-2.el7.x86_64.rpm"
-        toroad_rpm_file: "toroad-1.1.11.b0562a5-2.el7.x86_64.rpm"
+        wire_graft_rpm_file: "libwire_graft-1.3.3.e1fe8e4-2.el7.x86_64.rpm"
+        toroad_rpm_file: "toroad-1.2.3.693a647-2.el7.x86_64.rpm"
         ppp_rpm_file: "ppp-2.4.5-34.el7_7.x86_64.rpm"
         pptpd_rpm_file: "pptpd-1.4.0-2.el7.x86_64.rpm"
         openvpn_rpm_file: "openvpn-2.4.11-1.el7.x86_64.rpm"

deploy_env.tmp/hosts.xxg

@@ -5,7 +5,7 @@ install_device_sn=false
 install_device_tag=false
 
 [wangw]
-192.168.40.21
+192.168.40.137
 
 [natgw]
 192.168.40.133
@@ -20,8 +20,5 @@ install_device_tag=false
 192.168.44.3
 
 [radius_client]
-192.168.40.133
-
-[openvpn]
-192.168.40.133
+192.168.40.3
 

deploy_env/group_vars/all.yml

@@ -1,26 +1,29 @@
 wannat_global:     
     common:
-        redis_server_ip: "192.168.44.3"
+        redis_server_ip: "192.168.44.72"
         redis_server_port: 7002
         redis_index: 0
         bifang_db_username: "root"
         bifang_db_password: "bifang!@#"
         bifang_radius_db_name: "tsg-bifang"
+        vpn_client_ip_cidr: "10.10.120.0/24"
+        vpn_server_ip_local: "10.10.120.1"
+        vpn_client_ip_range: "10.10.120.2-254"
         
     wangw:
-        NAT_GW_tunnel_device: "enp8s0"
+        NAT_GW_tunnel_device: "enp6s0"
         WAN_GW_tunnel_listen_port: 3544
-        NAT_GW_tunnel_ip: "192.168.40.133"
+        NAT_GW_tunnel_ip: "192.168.40.161"
         NAT_GW_tunnel_remote_port: 3544
         
     natgw:
         run_type: 0
         config_type: 1
-        wannat_ip: "192.168.40.21"
+        wannat_ip: "192.168.40.161"
         wannat_port: 3544
         natgw_bind_port: 3544
         device: "eth0"
-        vpn_client_ip_cidr: "10.10.133.0/24"
+        vpn_client_ip_cidr: "10.10.120.0/24"
         country_location: "private"
         province_location: "private"
 
@@ -35,25 +38,24 @@ wannat_global:
         config_src_type: "redis"
     
     wiregraft:
-        identification_by_which_device: "enp8s0"
-        toroad_server_ip: "192.168.40.133"
+        identification_by_which_device: "enp6s0"
+        toroad_server_ip: "192.168.40.134"
         toroad_server_port: 8888
         
     pptp:    
-        mtu: 9000
+        mtu: 2000
         dns1: "8.8.8.8"
         dns2: "114.114.114.114"
         
     radius:
         shared_secret: "testing123"
-        server_ip: "192.168.44.3"
+        server_ip: "192.168.44.72"
         
     rpm_files:
         wangw_rpm_file: "libwangw-1.3.0.bcc9c59-2.el7.x86_64.rpm"    
         natgw_rpm_file: "wannat_natgw-1.3.3.d7123b3-2.el7.x86_64.rpm"    
-        wire_graft_rpm_file: "libwire_graft-1.2.8.d123db9-2.el7.x86_64.rpm"
-        wire_graft_devel_rpm_file: "libwire_graft-devel-1.2.8.d123db9-2.el7.x86_64.rpm"
-        toroad_rpm_file: "toroad-1.1.11.b0562a5-2.el7.x86_64.rpm"
+        wire_graft_rpm_file: "libwire_graft-1.3.3.e1fe8e4-2.el7.x86_64.rpm"
+        toroad_rpm_file: "toroad-1.2.3.693a647-2.el7.x86_64.rpm"
         ppp_rpm_file: "ppp-2.4.5-34.el7_7.x86_64.rpm"
         pptpd_rpm_file: "pptpd-1.4.0-2.el7.x86_64.rpm"
         openvpn_rpm_file: "openvpn-2.4.11-1.el7.x86_64.rpm"

roles/libwire_graft/tasks/main.yml

@@ -6,7 +6,7 @@
     
 - name: "copy wiregraft_devel_rpm_file to destination server"
   synchronize:
-    src: "{{ role_path }}/files/rpm/{{ wannat_global.rpm_files.wire_graft_devel_rpm_file }}"
+    src: "{{ role_path }}/files/rpm/{{ wannat_global.rpm_files.wire_graft_rpm_file }}"
     dest: "/tmp/"
 
 - name: "install wiregraft_devel"
@@ -15,7 +15,7 @@
     state: present
   vars:
     packages:
-    - /tmp/{{ wannat_global.rpm_files.wire_graft_devel_rpm_file }}        
+    - /tmp/{{ wannat_global.rpm_files.wire_graft_rpm_file }}        
     
     
 

roles/natgw/templates/monit_natgw.j2

@@ -21,7 +21,7 @@ while [ 1 ]; do
 		ethtool -K tun_natgw gso off
 		ethtool -K tun_natgw tso off
 				
-		ip rule add from  {{wannat_global.natgw.vpn_client_ip_cidr}}  table 1001
+		ip rule add from  {{wannat_global.common.vpn_client_ip_cidr}}  table 1001
 		ip route add default via 192.168.1.253 table 1001
 		echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log
         fi

roles/pptpd/tasks/main.yml

@@ -31,6 +31,12 @@
     dest: /etc/ppp/options.pptpd
   tags: template
 
+- name: "Template the pptp.conf file"
+  template:
+    src: "{{ role_path }}/templates/pptpd.conf.j2"
+    dest: /etc/pptpd.conf
+  tags: template
+  
 - name: "Template the ip-up script file"
   template:
     src: "{{ role_path }}/templates/ip-up.j2"

roles/pptpd/templates/ip-up.j2

@@ -14,9 +14,6 @@ REALDEVICE=$1
 
 [ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
 
-# PPTP VPN客户端的mtu不能通过本地服务器通告而修改,
-# 如果能改小一些, 改成小于1500最好, 因为加了ppp头部,
-# 现在只能修改本地的MTU, 超过了一般以太网的最大值.
 ifconfig $1 mtu {{wannat_global.pptp.mtu}}
 
 exit 0

roles/pptpd/templates/pptpd.conf.j2

@@ -0,0 +1,108 @@
+###############################################################################
+# $Id: pptpd.conf,v 1.11 2011/05/19 00:02:50 quozl Exp $
+#
+# Sample Poptop configuration file /etc/pptpd.conf
+#
+# Changes are effective when pptpd is restarted.
+###############################################################################
+
+# TAG: ppp
+#	Path to the pppd program, default '/usr/sbin/pppd' on Linux
+#
+#ppp /usr/sbin/pppd
+
+# TAG: option
+#	Specifies the location of the PPP options file.
+#	By default PPP looks in '/etc/ppp/options'
+#
+option /etc/ppp/options.pptpd
+
+# TAG: debug
+#	Turns on (more) debugging to syslog
+#
+#debug
+
+# TAG: stimeout
+#	Specifies timeout (in seconds) on starting ctrl connection
+#
+# stimeout 10
+
+# TAG: noipparam
+#       Suppress the passing of the client's IP address to PPP, which is
+#       done by default otherwise.
+#
+#noipparam
+
+# TAG: logwtmp
+#	Use wtmp(5) to record client connections and disconnections.
+#
+logwtmp
+
+# TAG: vrf <vrfname>
+#	Switches PPTP & GRE sockets to the specified VRF, which must exist
+#	Only available if VRF support was compiled into pptpd.
+#
+#vrf test
+
+# TAG: bcrelay <if>
+#	Turns on broadcast relay to clients from interface <if>
+#
+#bcrelay eth1
+
+# TAG: delegate
+#	Delegates the allocation of client IP addresses to pppd.
+#
+#       Without this option, which is the default, pptpd manages the list of
+#       IP addresses for clients and passes the next free address to pppd.
+#       With this option, pptpd does not pass an address, and so pppd may use
+#       radius or chap-secrets to allocate an address.
+#
+#delegate
+
+# TAG: connections
+#       Limits the number of client connections that may be accepted.
+#
+#       If pptpd is allocating IP addresses (e.g. delegate is not
+#       used) then the number of connections is also limited by the
+#       remoteip option.  The default is 100.
+#connections 100
+
+# TAG: localip
+# TAG: remoteip
+#	Specifies the local and remote IP address ranges.
+#
+#	These options are ignored if delegate option is set.
+#
+#       Any addresses work as long as the local machine takes care of the
+#       routing.  But if you want to use MS-Windows networking, you should
+#       use IP addresses out of the LAN address space and use the proxyarp
+#       option in the pppd options file, or run bcrelay.
+#
+#	You can specify single IP addresses seperated by commas or you can
+#	specify ranges, or both. For example:
+#
+#		192.168.0.234,192.168.0.245-249,192.168.0.254
+#
+#	IMPORTANT RESTRICTIONS:
+#
+#	1. No spaces are permitted between commas or within addresses.
+#
+#	2. If you give more IP addresses than the value of connections,
+#	   it will start at the beginning of the list and go until it
+#	   gets connections IPs.  Others will be ignored.
+#
+#	3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
+#	   you must type 234-238 if you mean this.
+#
+#	4. If you give a single localIP, that's ok - all local IPs will
+#	   be set to the given one. You MUST still give at least one remote
+#	   IP for each simultaneous client.
+#
+# (Recommended)
+#localip 192.168.0.1
+#remoteip 192.168.0.234-238,192.168.0.245
+# or
+#localip 192.168.0.234-238,192.168.0.245
+#remoteip 192.168.1.234-238,192.168.1.245
+localip {{wannat_global.common.vpn_server_ip_local}}
+remoteip {{wannat_global.common.vpn_client_ip_range}}

roles/wangw/tasks/main.yml

@@ -1,25 +0,0 @@
----
-- name: "copy wangw_rpm_file to destination server"
-  synchronize:
-    src: "{{ role_path }}/files/rpm/{{ wannat_global.rpm_files.wangw_rpm_file }}"
-    dest: "/tmp/"
-    
-- name: "install wangw"
-  yum:
-    name: "{{ packages }}"
-    state: present
-  vars:
-    packages:
-    - /tmp/{{ wannat_global.rpm_files.wangw_rpm_file }}    
-    
-- name: "Creates ./etc/wannat directory"
-  file:
-    path: /home/mesasoft/sapp_run/etc/wannat
-    state: directory
-    
-- name: "Template the wangw.conf"
-  template:
-    src: "{{ role_path }}/templates/wangw.conf.j2"
-    dest: /home/mesasoft/sapp_run/etc/wannat/wangw.conf
-  tags: template
-

roles/wangw/templates/wangw.conf.j2

@@ -1,64 +0,0 @@
-[main]
-#在线模式用vxlan, 测试模式用ethernet, 即标准ethernet/IP协议
-NAT_GW_tunnel_mode=vxlan
-
-#本地监听端口
-NAT_GW_tunnel_recv_port={{wannat_global.wangw.WAN_GW_tunnel_listen_port}}
-
-#DNAT首包发送给NATGW时, 对端的监听端口
-NAT_GW_tunnel_send_port={{wannat_global.wangw.NAT_GW_tunnel_remote_port}}
-
-#NAT GW的内部互联网卡名称
-NAT_GW_tunnel_device={{wannat_global.wangw.NAT_GW_tunnel_device}}
-
-#NAT GW的内部互联IP地址, 端口使用vxlan默认值, 要求对方也开放UDP 4789端口
-NAT_GW_tunnel_ip={{wannat_global.wangw.NAT_GW_tunnel_ip}}
-
-
-#接收来自NAT GW的包, 需要创建sapp的独立发包线程, 目前暂时只支持1个.
-I2E_independent_thread_num=1
-
-#重复流量识别
-duplicate_pkt_prune=1
-
-[pkt_dump]
-command_port=1234
-
-[session]
-#最大并发连接数 
-max_session_num=100000
-
-#连续no_pkt_timeout秒没有数据包, 认为此连接已超时, 可以删除
-no_pkt_timeout=60
-
-
-[runtime_log]
-log_file=./wannat_log/wannat.log
-log_level=30
-
-[field_stat2]
-Fs2_log_local_dir_path=./wannat_log
-Fs2_server_ip=127.0.0.1
-Fs2_server_port=8125
-Fs2_interval=3
-
-[maat]
-table_info=./etc/wannat/tableinfo.conf
-#json, redis, local_file
-#config_src_type=local_file
-config_src_type=redis
-#config_src_type=json
-json_cfg_file=./etc/wannat/gtest.json
-inc_dir=./redis_dump/
-full_dir=./redis_dump/
-redis_server_ip={{wannat_global.common.redis_server_ip}}
-redis_server_port={{wannat_global.common.redis_server_port}}
-redis_index={{wannat_global.common.redis_index}}
-
-[no_nat_gw_self_test]
-test_eth_mode_nat_type=snat
-test_eth_mode_vlink_id=0
-test_eth_mode_link_dir=E
-test_eth_bpf="port 80"
-test_linkinfo_file=./etc/wannat/self_test.linkinfo
-

roles/wire_graft/tasks/main.yml

@@ -1,31 +0,0 @@
----
-- name: "Creates ./etc/wire_graft directory"
-  file:
-    path: /home/mesasoft/sapp_run/etc/wire_graft
-    state: directory
-    
-- name: "copy wiregraft_rpm_file to destination server"
-  synchronize:
-    src: "{{ role_path }}/files/rpm/{{ wannat_global.rpm_files.wire_graft_rpm_file }}"
-    dest: "/tmp/"
-    
-- name: "install wiregraft"
-  yum:
-    name: "{{ packages }}"
-    state: present
-  vars:
-    packages:
-    - /tmp/{{ wannat_global.rpm_files.wire_graft_rpm_file }}        
-
-- name: "Template the wire_graft.inf"
-  template:
-    src: "{{ role_path }}/templates/wire_graft.inf.j2"
-    dest: /home/mesasoft/sapp_run/plug/platform/wire_graft/wire_graft.inf
-  tags: template
-  
-- name: "Template the wire_graft.conf"
-  template:
-    src: "{{ role_path }}/templates/wire_graft.conf.j2"
-    dest: /home/mesasoft/sapp_run/etc/wire_graft/wire_graft.conf
-  tags: template
-

roles/wire_graft/templates/wire_graft.conf.j2

@@ -1,19 +0,0 @@
-[main]
-
-[record_link_info]
-stream_project_tag_enable=1
-link_info_prune=1
-#用于标识本机ip使用哪块网卡,可能是管理口,可能是其他业务口
-identification_by_which_device={{wannat_global.wiregraft.identification_by_which_device}}
-
-#单个流超过此包数的才发送链路信息, 防止遭受ddos攻击疯狂发日志
-at_least_total_num=2
-at_least_total_byte=10
-
-[toroad]
-sendto_toroad_enable=1
-toroad_ip={{wannat_global.wiregraft.toroad_server_ip}}
-toroad_port={{wannat_global.wiregraft.toroad_server_port}}
-
-[log]
-log_level=30

roles/wire_graft/templates/wire_graft.inf.j2

@@ -1,12 +0,0 @@
-[PLUGINFO]
-PLUGNAME=wire_graft
-SO_PATH=./plug/platform/wire_graft/libwire_graft.so
-INIT_FUNC=wire_graft_init
-
-[TCP_RAW]
-FUNC_FLAG=ALL
-FUNC_NAME=record_link_info_entry_raw
-
-#[POLLING]
-#FUNC_FLAG=ALL
-#FUNC_NAME=wire_graft_polling_cb

wannat-install.tmp.yml

@@ -1,47 +0,0 @@
----
-- hosts: wangw
-  roles:
-    - wangw
-    - wire_graft_devel
-    - wire_graft
-  vars_files:
-    - xxg_test_env/all.yml
-
-- hosts: natgw
-  roles:
-    - wire_graft_devel
-    - natgw
-  vars_files:
-    - xxg_test_env/all.yml
-    
-#- hosts: toroad
-#  roles:
-#    - wire_graft_devel
-#    - toroad
-#  vars_files:
-#    - wannat_deploy_env/all.yml
-
-#- hosts: radius_client    
-#  roles:
-#    - radius_client
-#  vars_files:
-#    - wannat_deploy_env/all.yml
-
-#- hosts: radius_server
-#  roles:
-#    - radius_server
-#  vars_files:
-#    - wannat_deploy_env/all.yml
-    
-#- hosts: pptpd
-  #roles:
-    #- pptpd
-  #vars_files:
-    #- wannat_deploy_env/all.yml
-
-#- hosts: openvpn
-#  roles:
-#    - openvpn
-#  vars_files:
-#    - wannat_deploy_env/all.yml
-   

wannat-install.yml

@@ -1,31 +1,20 @@
 ---
-- hosts: wangw
-  roles:
-    - wangw
-    - wire_graft_devel
-    - wire_graft
-  vars_files:
-    - wannat_deploy_env/all.yml
 
 - hosts: natgw
   roles:
-    - wire_graft_devel
+    - libwire_graft
     - natgw
      
   vars_files:
-    - wannat_deploy_env/all.yml
+    - deploy_env/group_vars/all.yml
     
 - hosts: toroad
   roles:
-    - wire_graft_devel
+    - libwire_graft
     - toroad
   vars_files:
-    - wannat_deploy_env/all.yml
+    - deploy_env/group_vars/all.yml
 
-- hosts: natgw
-  roles:
-    - wire_graft_devel
-    - natgw
 
 - hosts: radius_client    
   roles:
@@ -39,9 +28,9 @@
   roles:
     - pptpd
 
-- hosts: openvpn
-  roles:
-    - openvpn
+#- hosts: openvpn
+#  roles:
+#    - openvpn