From 59dd9b03bc2c639ee1db1d26ec7d7bae77db9c3b Mon Sep 17 00:00:00 2001 From: lijia Date: Fri, 3 Jan 2020 18:10:49 +0800 Subject: 更新ansible部署脚本. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts.xxg.transparent | 12 -- houyi-install.yml | 5 + houyi-playbook.yml | 5 - houyi-uninstall.yml | 29 +++++ roles/sled-mcn0/files/bin/houyi | Bin 91992 -> 0 bytes roles/sled-mcn0/files/bin/houyi_send_plug.so | Bin 36808 -> 0 bytes roles/sled-mcn0/files/bin/net_flood | Bin 109704 -> 0 bytes roles/sled-mcn0/files/etc/conflist.inf | 20 +++ roles/sled-mcn0/files/etc/dns_query.base64 | 1 - roles/sled-mcn0/files/etc/houyi.conf | 17 --- roles/sled-mcn0/files/etc/maat_tableinfo.conf | 14 -- roles/sled-mcn0/files/etc/maat_test.json | 89 ------------- .../files/rpm/houyi-1.0.0.26712da-1.el7.x86_64.rpm | Bin 0 -> 476340 bytes .../rpm/houyi-plug-1.0.0.2a4c05f-1.el7.x86_64.rpm | Bin 0 -> 10124 bytes .../rpm/net_flood-2.0.3.6ae51f2-1.el7.x86_64.rpm | Bin 0 -> 24312 bytes .../files/rpm/sapp-4.0.7.06731c3-1.el7.x86_64.rpm | Bin 0 -> 376492 bytes roles/sled-mcn0/files/service/sapp.service | 13 ++ roles/sled-mcn0/tasks/main.yml | 143 ++++++++++++++------- roles/sled-mcn0/templates/houyi.conf.j2 | 17 +++ roles/sled-mcn0/templates/houyi.inf.j2 | 5 + roles/sled-mcn0/templates/houyi_plug.conf.j2 | 8 ++ .../templates/houyi_plug_static_arp.conf.j2 | 6 + roles/sled-mcn0/templates/sapp.toml.j2 | 137 ++++++++++++++++++++ xxg_env/group_vars/all.yml | 9 ++ xxg_env/hosts.xxg | 13 ++ 25 files changed, 357 insertions(+), 186 deletions(-) delete mode 100644 hosts.xxg.transparent create mode 100644 houyi-install.yml delete mode 100644 houyi-playbook.yml create mode 100644 houyi-uninstall.yml delete mode 100644 roles/sled-mcn0/files/bin/houyi delete mode 100644 roles/sled-mcn0/files/bin/houyi_send_plug.so delete mode 100644 roles/sled-mcn0/files/bin/net_flood create mode 100644 roles/sled-mcn0/files/etc/conflist.inf delete mode 100644 roles/sled-mcn0/files/etc/dns_query.base64 delete mode 100644 roles/sled-mcn0/files/etc/houyi.conf delete mode 100644 roles/sled-mcn0/files/etc/maat_tableinfo.conf delete mode 100644 roles/sled-mcn0/files/etc/maat_test.json create mode 100644 roles/sled-mcn0/files/rpm/houyi-1.0.0.26712da-1.el7.x86_64.rpm create mode 100644 roles/sled-mcn0/files/rpm/houyi-plug-1.0.0.2a4c05f-1.el7.x86_64.rpm create mode 100644 roles/sled-mcn0/files/rpm/net_flood-2.0.3.6ae51f2-1.el7.x86_64.rpm create mode 100644 roles/sled-mcn0/files/rpm/sapp-4.0.7.06731c3-1.el7.x86_64.rpm create mode 100644 roles/sled-mcn0/files/service/sapp.service create mode 100644 roles/sled-mcn0/templates/houyi.conf.j2 create mode 100644 roles/sled-mcn0/templates/houyi.inf.j2 create mode 100644 roles/sled-mcn0/templates/houyi_plug.conf.j2 create mode 100644 roles/sled-mcn0/templates/houyi_plug_static_arp.conf.j2 create mode 100644 roles/sled-mcn0/templates/sapp.toml.j2 create mode 100644 xxg_env/group_vars/all.yml create mode 100644 xxg_env/hosts.xxg diff --git a/hosts.xxg.transparent b/hosts.xxg.transparent deleted file mode 100644 index 56dba3a..0000000 --- a/hosts.xxg.transparent +++ /dev/null @@ -1,12 +0,0 @@ -[all:vars] -ansible_user=root - -[sled-mcn0] -192.168.40.133 - -[tsg-all:children] -sled-mcn0 - - - - diff --git a/houyi-install.yml b/houyi-install.yml new file mode 100644 index 0000000..b1d1b3d --- /dev/null +++ b/houyi-install.yml @@ -0,0 +1,5 @@ +--- +- hosts: sled-mcn0 + roles: + - sled-mcn0 + diff --git a/houyi-playbook.yml b/houyi-playbook.yml deleted file mode 100644 index b1d1b3d..0000000 --- a/houyi-playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: sled-mcn0 - roles: - - sled-mcn0 - diff --git a/houyi-uninstall.yml b/houyi-uninstall.yml new file mode 100644 index 0000000..d33c323 --- /dev/null +++ b/houyi-uninstall.yml @@ -0,0 +1,29 @@ +--- +- hosts: sled-mcn0 + tasks: + - name: "uninstall sapp" + yum: + name: "sapp" + state: absent + + - name: "uninstall houyi" + yum: + name: "houyi" + state: absent + + - name: "uninstall houyi-plug" + yum: + name: "houyi-plug" + state: absent + + - name: "remove sapp" + file: + path: /home/mesasoft/sapp_run/ + state: absent + force: 1 + + - name: "remove houyi" + file: + path: /opt/houyi/ + state: absent + force: 1 \ No newline at end of file diff --git a/roles/sled-mcn0/files/bin/houyi b/roles/sled-mcn0/files/bin/houyi deleted file mode 100644 index fb4f832..0000000 Binary files a/roles/sled-mcn0/files/bin/houyi and /dev/null differ diff --git a/roles/sled-mcn0/files/bin/houyi_send_plug.so b/roles/sled-mcn0/files/bin/houyi_send_plug.so deleted file mode 100644 index 92bf35f..0000000 Binary files a/roles/sled-mcn0/files/bin/houyi_send_plug.so and /dev/null differ diff --git a/roles/sled-mcn0/files/bin/net_flood b/roles/sled-mcn0/files/bin/net_flood deleted file mode 100644 index 078ecde..0000000 Binary files a/roles/sled-mcn0/files/bin/net_flood and /dev/null differ diff --git a/roles/sled-mcn0/files/etc/conflist.inf b/roles/sled-mcn0/files/etc/conflist.inf new file mode 100644 index 0000000..5a70cbc --- /dev/null +++ b/roles/sled-mcn0/files/etc/conflist.inf @@ -0,0 +1,20 @@ +[platform] +./plug/platform/g_device_plug/g_device_plug.inf +./plug/platform/tsg_master/tsg_master.inf + +[protocol] +./plug/protocol/ssl/ssl.inf +./plug/protocol/http/http.inf +./plug/protocol/dns/dns.inf +./plug/protocol/mail/mail.inf +./plug/protocol/ftp/ftp.inf + +[business] +./plug/business/kni/kni.inf +./plug/business/fw_ssl/fw_ssl.inf +./plug/business/fw_http_plug/fw_http_plug.inf +./plug/business/fw_dns_plug/fw_dns_plug.inf +./plug/business/fw_mail_plug/fw_mail_plug.inf +./plug/business/fw_ftp_plug/fw_ftp_plug.inf +./plug/business/tsg_conn_record/tsg_conn_record.inf +./plug/business/houyi/houyi.inf \ No newline at end of file diff --git a/roles/sled-mcn0/files/etc/dns_query.base64 b/roles/sled-mcn0/files/etc/dns_query.base64 deleted file mode 100644 index 3146da2..0000000 --- a/roles/sled-mcn0/files/etc/dns_query.base64 +++ /dev/null @@ -1 +0,0 @@ -BAAABAAAAAAAABHRlc3QDY29tAAD/AAE= \ No newline at end of file diff --git a/roles/sled-mcn0/files/etc/houyi.conf b/roles/sled-mcn0/files/etc/houyi.conf deleted file mode 100644 index 5b2b333..0000000 --- a/roles/sled-mcn0/files/etc/houyi.conf +++ /dev/null @@ -1,17 +0,0 @@ -[main] -send_pkt_tool_path=./net_flood -log_path=./houyi_log/runtime.log -log_level=20 - - -[maat] -table_info=./houyi_etc/maat_tableinfo.conf -#json, redis, local_file -config_src_type=json -json_cfg_file=./houyi_etc/maat_test.json -inc_dir=./redis_dump/ -full_dir=./redis_dump/ -redis_server_ip=192.168.40.131 -redis_server_port=7002 -redis_index=0 - diff --git a/roles/sled-mcn0/files/etc/maat_tableinfo.conf b/roles/sled-mcn0/files/etc/maat_tableinfo.conf deleted file mode 100644 index edb9083..0000000 --- a/roles/sled-mcn0/files/etc/maat_tableinfo.conf +++ /dev/null @@ -1,14 +0,0 @@ -#each collumn seperate with '\t' -#id (0~65535) -#name string -#type one of ip,expr,expr_plus,digest,intval,compile or plugin -#src_charset one of GBK,BIG5,UNICODE,UTF8 -#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' -#do_merege yes or no -#cross cache 0~max -#quickswitch quickon or quick off -#id name type src_charset dst_charset do_merge cross_cache quickswitch -0 ACTIVE_DEFENCE_COMPILE plugin {"key":1,"valid":8} -1 ACTIVE_DEFENCE_PROFILE_CLAIMED_SRC_IP plugin {"key":1,"valid":5} -2 ACTIVE_DEFENCE_PROFILE_REFLECTOR plugin {"key":1,"valid":5} -3 GROUP_COMPILE_RELATION group -- diff --git a/roles/sled-mcn0/files/etc/maat_test.json b/roles/sled-mcn0/files/etc/maat_test.json deleted file mode 100644 index 8eeda28..0000000 --- a/roles/sled-mcn0/files/etc/maat_test.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "compile_table": "ACTIVE_DEFENCE_COMPILE", - "group_table": "GROUP_COMPILE_RELATION", - "rules": [ - { - "compile_id": 114, - "service": 0, - "action": 2, - "do_blacklist": 0, - "do_log": 1, - "effective_rage": 0, - "user_region": "{ \"method\":\"reflection\", \"reflector_type\":\"DNS\", \"__comments\":\"active_defence_profile_reflector.profile_id\", \"target_ip\":\"192.168.41.198\", \"target_port\":6666, \"rate_pps\":10, \"payload\":\"zasBAAABAAAAAAAABHRlc3QDY29tAAD/AAE=\", \"reflector_profile_id\":4011}", - "is_valid": "no", - "groups": [ - { - "regions": [ - { - "table_name": "IP_CONFIG", - "table_type": "ip", - "table_content": { - "addr_type": "ipv4", - "src_ip": "0.0.0.0", - "mask_src_ip": "255.255.255.255", - "src_port": "0", - "mask_src_port": "65535", - "dst_ip": "0.0.0.0", - "mask_dst_ip": "255.255.255.255", - "dst_port": "0", - "mask_dst_port": "65535", - "protocol": 6, - "direction": "double" - } - } - ] - } - ] - }, - { - "compile_id": 102, - "service": 0, - "action": 2, - "do_blacklist": 0, - "do_log": 1, - "effective_rage": 0, - "user_region": "{ \"method\":\"flood\", \"l4_protocol\":\"UDP\", \"__comments\":\"active_defence_profile_reflector.profile_id\", \"target_ip\":\"192.168.40.161\", \"target_port\":22222, \"rate_pps\":12, \"payload\":\"dGVzdA==\", \"claimed_src_ip_profile_id\":4001}", - "is_valid": "yes", - "groups": [ - { - "regions": [ - { - "table_name": "IP_CONFIG", - "table_type": "ip", - "table_content": { - "addr_type": "ipv4", - "src_ip": "0.0.0.0", - "mask_src_ip": "255.255.255.255", - "src_port": "0", - "mask_src_port": "65535", - "dst_ip": "0.0.0.0", - "mask_dst_ip": "255.255.255.255", - "dst_port": "0", - "mask_dst_port": "65535", - "protocol": 6, - "direction": "double" - } - } - ] - } - ] - } - ], - - "plugin_table": [ - { - "table_name": "ACTIVE_DEFENCE_PROFILE_CLAIMED_SRC_IP", - "table_content": [ - "4001\tgroup123\t[\"192.168.40.21\",\"192.168.40.22\",\"192.168.40.23\"]\t4\tnull\t1\t2019-12-02", - "6002\tgroup456\t[\"fe80::2487:81ff:fefa:222d\",\"fe80::2487:81ff:fefa:333d\"]\t6\tnull\t1\t2019-12-02" - ] - }, - { - "table_name": "ACTIVE_DEFENCE_PROFILE_REFLECTOR", - "table_content": [ - "4011\tgroup1234\t[\"192.168.40.134\",\"192.168.40.134\"]\t4\t1\t2019-12-02", - "6022\tgroup4567\t[\"fe80::db5a:b3e0:2d9:ce2c\",\"fe80::db3a:b3e3:3d9:ce3c\"]\t6\t1\t2019-12-02" - ] - } - ] -} diff --git a/roles/sled-mcn0/files/rpm/houyi-1.0.0.26712da-1.el7.x86_64.rpm b/roles/sled-mcn0/files/rpm/houyi-1.0.0.26712da-1.el7.x86_64.rpm new file mode 100644 index 0000000..80ee218 Binary files /dev/null and b/roles/sled-mcn0/files/rpm/houyi-1.0.0.26712da-1.el7.x86_64.rpm differ diff --git a/roles/sled-mcn0/files/rpm/houyi-plug-1.0.0.2a4c05f-1.el7.x86_64.rpm b/roles/sled-mcn0/files/rpm/houyi-plug-1.0.0.2a4c05f-1.el7.x86_64.rpm new file mode 100644 index 0000000..935ac1b Binary files /dev/null and b/roles/sled-mcn0/files/rpm/houyi-plug-1.0.0.2a4c05f-1.el7.x86_64.rpm differ diff --git a/roles/sled-mcn0/files/rpm/net_flood-2.0.3.6ae51f2-1.el7.x86_64.rpm b/roles/sled-mcn0/files/rpm/net_flood-2.0.3.6ae51f2-1.el7.x86_64.rpm new file mode 100644 index 0000000..405ac96 Binary files /dev/null and b/roles/sled-mcn0/files/rpm/net_flood-2.0.3.6ae51f2-1.el7.x86_64.rpm differ diff --git a/roles/sled-mcn0/files/rpm/sapp-4.0.7.06731c3-1.el7.x86_64.rpm b/roles/sled-mcn0/files/rpm/sapp-4.0.7.06731c3-1.el7.x86_64.rpm new file mode 100644 index 0000000..03772b3 Binary files /dev/null and b/roles/sled-mcn0/files/rpm/sapp-4.0.7.06731c3-1.el7.x86_64.rpm differ diff --git a/roles/sled-mcn0/files/service/sapp.service b/roles/sled-mcn0/files/service/sapp.service new file mode 100644 index 0000000..b765fd3 --- /dev/null +++ b/roles/sled-mcn0/files/service/sapp.service @@ -0,0 +1,13 @@ +[Unit] +Description=sapp service +Wants=network-online.target + +[Service] +WorkingDirectory=/home/mesasoft/sapp_run +ExecStart=/home/mesasoft/sapp_run/sapp +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target + diff --git a/roles/sled-mcn0/tasks/main.yml b/roles/sled-mcn0/tasks/main.yml index 8b01827..914656a 100644 --- a/roles/sled-mcn0/tasks/main.yml +++ b/roles/sled-mcn0/tasks/main.yml @@ -1,65 +1,112 @@ --- -- name: "copy houyi to destination server" - copy: - src: "{{ role_path }}/files/bin/houyi" - dest: "/opt/houyi/bin/" - mode: 0755 - -- name: "copy net_flood to destination server" - copy: - src: "{{ role_path }}/files/bin/net_flood" - dest: "/opt/houyi/bin/" - mode: 0755 - -- name: "copy houyi_send_plug to destination server" - copy: - src: "{{ role_path }}/files/bin/houyi_send_plug.so" - dest: "/home/mesasoft/sapp_run/plug/business/houyi/" - -- name: "copy houyi.conf to destination server" - copy: - src: "{{ role_path }}/files/etc/houyi.conf" - dest: "/opt/houyi/bin/houyi_etc/" +- name: "copy houyi_rpm_file to destination server" + synchronize: + src: "{{ role_path }}/files/rpm/{{ houyi_rpm_file }}" + dest: "/tmp/houyi_deploy/" -- name: "copy houyi static arp.conf to destination server" - copy: - src: "{{ role_path }}/files/etc/houyi_plug_static_arp.conf" - dest: "/opt/houyi/bin/houyi_etc/" - -- name: "copy maat tableinfo conf to destination server" +- name: "copy houyi_plug_rpm_file to destination server" synchronize: - src: "{{ role_path }}/files/etc/maat_tableinfo.conf" - dest: "/opt/houyi/bin/houyi_etc/" + src: "{{ role_path }}/files/rpm/{{ houyi_plug_rpm_file }}" + dest: "/tmp/houyi_deploy/" -- name: "copy maat test json to destination server" +- name: "copy net_flood_rpm_file to destination server" synchronize: - src: "{{ role_path }}/files/etc/maat_test.json" - dest: "/opt/houyi/bin/houyi_etc/" - -- name: "copy plug.inf to destination server" - copy: - src: "{{ role_path }}/files/etc/houyi.inf" - dest: "/home/mesasoft/sapp_run/plug/business/houyi/" + src: "{{ role_path }}/files/rpm/{{ net_flood_rpm_file }}" + dest: "/tmp/houyi_deploy/" -- name: "copy houyi_plug.conf to destination server" - copy: - src: "{{ role_path }}/files/etc/houyi_plug.conf" - dest: "/home/mesasoft/sapp_run/houyi_etc/" - mode: 0644 - -- name: "copy houyi.service destination server" - copy: - src: "{{ role_path }}/files/service/houyi.service" - dest: "/usr/lib/systemd/system/" +- name: "copy sapp_rpm_file to destination server" + synchronize: + src: "{{ role_path }}/files/rpm/{{ sapp_rpm_file }}" + dest: "/tmp/houyi_deploy/" -- name: Template the sapp conflist.inf +- name: "install sapp" + yum: + name: "{{ packages }}" + state: present + vars: + packages: + - /tmp/houyi_deploy/{{ sapp_rpm_file }} + +- name: "install houyi" + yum: + name: "{{ packages }}" + state: present + vars: + packages: + - /tmp/houyi_deploy/{{ houyi_rpm_file }} + +- name: "install houyi-plug" + yum: + name: "{{ packages }}" + state: present + vars: + packages: + - /tmp/houyi_deploy/{{ houyi_plug_rpm_file }} + +- name: "install net_flood" + yum: + name: "{{ packages }}" + state: present + vars: + packages: + - /tmp/houyi_deploy/{{ net_flood_rpm_file }} + + + +- name: "Template the sapp.toml" + template: + src: "{{ role_path }}/templates/sapp.toml.j2" + dest: /home/mesasoft/sapp_run/etc/sapp.toml + tags: template + +- name: "Template the conflist.inf" template: src: "{{ role_path }}/templates/conflist.inf.j2" dest: /home/mesasoft/sapp_run/plug/conflist.inf tags: template + +- name: "Template the houyi.inf" + template: + src: "{{ role_path }}/templates/houyi.inf.j2" + dest: /home/mesasoft/sapp_run/plug/business/houyi/houyi.inf + tags: template + +- name: "Template the houyi.inf" + template: + src: "{{ role_path }}/templates/houyi_plug.conf.j2" + dest: /home/mesasoft/sapp_run/houyi_etc/houyi_plug.conf + tags: template + +- name: "Template houyi_plug_static_arp.conf" + template: + src: "{{ role_path }}/templates/houyi_plug_static_arp.conf.j2" + dest: /home/mesasoft/sapp_run/houyi_etc/houyi_plug_static_arp.conf + tags: template + +- name: "Template houyi.conf" + template: + src: "{{ role_path }}/templates/houyi.conf.j2" + dest: /opt/houyi/bin/houyi_etc/houyi.conf + tags: template + +- name: "copy houyi.service to destination server" + synchronize: + src: "{{ role_path }}/files/service/houyi.service" + dest: "/usr/lib/systemd/system" +- name: "copy sapp.service to destination server" + synchronize: + src: "{{ role_path }}/files/service/sapp.service" + dest: "/usr/lib/systemd/system" + - name: "enable houyi service" systemd: name: houyi enabled: yes daemon_reload: yes + +- name: "enable sapp service" + systemd: + name: sapp + enabled: yes + daemon_reload: yes \ No newline at end of file diff --git a/roles/sled-mcn0/templates/houyi.conf.j2 b/roles/sled-mcn0/templates/houyi.conf.j2 new file mode 100644 index 0000000..b37d5a6 --- /dev/null +++ b/roles/sled-mcn0/templates/houyi.conf.j2 @@ -0,0 +1,17 @@ +[main] +send_pkt_tool_path=./net_flood +send_pkt_dev_name=tap_houyi +log_path=./houyi_log/runtime.log +log_level=20 + +[maat] +table_info=./houyi_etc/maat_tableinfo.conf +#json, redis, local_file +config_src_type=redis +json_cfg_file=./houyi_etc/maat_test.json +inc_dir=./redis_dump/ +full_dir=./redis_dump/ +redis_server_ip={{houyi_global.houyi.redis_server_ip}} +redis_server_port={{houyi_global.houyi.redis_server_port}} +redis_index={{houyi_global.houyi.redis_index}} + diff --git a/roles/sled-mcn0/templates/houyi.inf.j2 b/roles/sled-mcn0/templates/houyi.inf.j2 new file mode 100644 index 0000000..e0b357d --- /dev/null +++ b/roles/sled-mcn0/templates/houyi.inf.j2 @@ -0,0 +1,5 @@ +[PLUGINFO] +PLUGNAME=houyi_send_plug +SO_PATH=./plug/business/houyi/libhouyi_send_plug.so +INIT_FUNC=houyi_plug_init + diff --git a/roles/sled-mcn0/templates/houyi_plug.conf.j2 b/roles/sled-mcn0/templates/houyi_plug.conf.j2 new file mode 100644 index 0000000..3407f6b --- /dev/null +++ b/roles/sled-mcn0/templates/houyi_plug.conf.j2 @@ -0,0 +1,8 @@ +[main] +log_path=./houyi_log/runtime.log +log_level=20 + +log_interval=3 +fs2_remote_server_ip=192.168.40.1 +fs2_remote_server_port=8152 + diff --git a/roles/sled-mcn0/templates/houyi_plug_static_arp.conf.j2 b/roles/sled-mcn0/templates/houyi_plug_static_arp.conf.j2 new file mode 100644 index 0000000..d948459 --- /dev/null +++ b/roles/sled-mcn0/templates/houyi_plug_static_arp.conf.j2 @@ -0,0 +1,6 @@ +#static arp table, +#dir ip-version ip-string mac-addr-with':' +#dir: 0:C2I, outbound_device; 1:I2C, inbound_device +#example: +#0 4 192.168.40.161 46:9d:8e:37:53:f9 +#0 6 fe80::449d:8eff:fe37:53f9 46:9d:8e:37:53:f9 \ No newline at end of file diff --git a/roles/sled-mcn0/templates/sapp.toml.j2 b/roles/sled-mcn0/templates/sapp.toml.j2 new file mode 100644 index 0000000..a281849 --- /dev/null +++ b/roles/sled-mcn0/templates/sapp.toml.j2 @@ -0,0 +1,137 @@ +################################################################################################### +# NOTE: +# The format of this file is toml (https://github.com/cktan/tomlc99) +# to make vim editor display colorful and human readable, +# you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini +################################################################################################### + +[SYSTEM] +instance_name = "sapp_v4.0" + +[CPU] +worker_threads=2 +### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as [] +bind_mask=[] + +[PACKET_IO] +### note, used to represent inbound or outbound direction value, +### because it comes from other device, so it needs to be specified manually, +### if inbound_route_dir=1, then outbound_route_dir=0, vice versa, +### in other words, outbound_route_dir = 1 ^ inbound_route_dir; +inbound_route_dir=0 + +### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as "" +BSD_packet_filter="" + +### note, depolyment.mode options: [mirror, inline, transparent] + [packet_io.depolyment] + mode=transparent + +### note, interface.type options: [pag, pcap, marsio] +### receive from internal interface, route dir is 0, +### receive from external interface, route dir is 1. + [packet_io.internal.interface] + type=pcap + name={{houyi_global.sapp.packet_io.inbound_device}} + + [packet_io.external.interface] + type=pcap + name={{houyi_global.sapp.packet_io.outbound_device}} + + [packet_io.polling] +### note, polling_priority = call sapp_recv_pkt every call polling_entry times, + polling_priority=1 + +[STREAM] +### note, stream_id_base_time format is "%Y-%m-%d %H:%M:%S" + stream_id_base_time="2018-08-08 08:00:00" + [stream.tcp] + max=10000 + timeout=60 + syn_mandatory=1 + reorder_pkt_max=5 + analyse_option_enabled=1 + [stream.tcp.inject] + link_mss=1460 + + [stream.tcp.inject.rst] + auto_remedy=0 + number=3 + signature_enabled=1 + signature_seed1=65535 + signature_seed2=13 + + [stream.udp] + max=10000 + timeout=60 + +[PROTOCOL_FEATURE] + ipv6_decapsulation_enabled=1 + ipv6_send_packet_enabled=1 + tcp_drop_pure_ack_pkt=0 + tcp_syn_option_parse_enabled=1 + +[PROFILING] + [profiling.pkt_latency] + enabled=0 +### note, threshold unit is microseconds (us) + threshold=1000000 + + [profiling.sanity_check] + raw_pkt_broken_enabled=0 + symbol_conflict_enabled=0 + + [profiling.log] + level=20 + interval=5 + + [profiling.log.local] + enabled=1 +### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending. + file_truncate_enabled = 1 + log_file_name = "fs2_sysinfo.log" + + [profiling.log.remote] + enabled=1 + server_ip="192.168.11.90" + server_port=8126 + + [profiling.log.remote.field_stat2] +### note, is valid when "remote_send_out_type=field_stat2" +### note, metric_type option value: [default, json] + metric_type = default + app_name=sapp + +[TOOLS] + [tools.pkt_dump] + enabled=1 +### note, mode options value:[storage, udp_socket] + mode=udp_socket + BSD_packet_filter="" + + [tools.pkt_dump.threads] +### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=1, then 'dump_thread_id' is obsoleted. +### if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index. + all_threads_enabled=1 + +### note, dump_thread_id start from 0, max is CPU.worker_threads-1 + dump_thread_id=[0,1,2,3,4] + + [tools.pkt_dump.udp] + command_port=12345 + + [tools.pkt_dump.storage] +### note, file path must be double quotation mark extension, for example, path="/dev/shm/pkt_dump" + path="/dev/shm/pkt_dump" +### note, file size unit: MB + file_size_max_per_thread=10000 + +### note: +### These configurations format is complex and difficult to describe with toml grammar, +### so, create a Independent config file to description specific information. +[SPECIAL_CONFIG_LINK] + project_list_path="./etc/project_list.conf" + plugin_path="./etc/plugin.conf" + entrylist_path="./etc/entrylist.conf" + send_raw_pkt_path="./etc/send_raw_pkt.conf" + vxlan_sport_service_map_path="./etc/vxlan_sport_service_map.conf" diff --git a/xxg_env/group_vars/all.yml b/xxg_env/group_vars/all.yml new file mode 100644 index 0000000..3eff83a --- /dev/null +++ b/xxg_env/group_vars/all.yml @@ -0,0 +1,9 @@ +houyi_global: + sapp: + packet_io: + inbound_device: "eth0" + outbound_device: "eth1" + houyi: + redis_server_ip: "192.168.40.111" + redis_server_port: 27002 + redis_index: 0 \ No newline at end of file diff --git a/xxg_env/hosts.xxg b/xxg_env/hosts.xxg new file mode 100644 index 0000000..4077c7a --- /dev/null +++ b/xxg_env/hosts.xxg @@ -0,0 +1,13 @@ +[all:vars] +ansible_user=root +houyi_rpm_file=houyi-1.0.0.26712da-1.el7.x86_64.rpm +houyi_plug_rpm_file=houyi-plug-1.0.0.2a4c05f-1.el7.x86_64.rpm +net_flood_rpm_file=net_flood-2.0.3.6ae51f2-1.el7.x86_64.rpm +sapp_rpm_file=sapp-4.0.7.06731c3-1.el7.x86_64.rpm + +[sled-mcn0] +192.168.40.133 + +[tsg-all:children] +sled-mcn0 + -- cgit v1.2.3