4 files changed, 181 insertions, 0 deletions
diff --git a/demo/ansible/hosts b/demo/ansible/hosts
new file mode 100644
index 0000000..71c3838
--- /dev/null
+++ b/demo/ansible/hosts
@@ -0,0 +1,2 @@
+[provision]
+localhost ansible_connection=local
+\ No newline at end of file
diff --git a/demo/ansible/provision.yml b/demo/ansible/provision.yml
new file mode 100644
index 0000000..f0ffe66
--- /dev/null
+++ b/demo/ansible/provision.yml
@@ -0,0 +1,70 @@
+version: 1
+
+vsys:
+  id: vsys1
+
+device:
+  tags:
+    - device_group: group-xxg-three
+    - data_center: center-xxg-three
+
+session_id_generator:
+  snowflake_worker_id_base: 3
+  snowflake_worker_id_offset: 2
+
+
+feature:
+  enable_stream_bypass_under_ddos: 1
+
+firewall:
+  enable: 1
+
+proxy:
+  enable: 1
+
+sessionrecord:
+  enable: 1
+  enable_dns_record: 1
+  enable_rtp_record: 1
+
+capturepacket:
+  enable: 1
+
+radius:
+  enable: 1
+
+gtp:
+  enable_gtp_c_record: 1
+  
+wannat:
+  enable: 1
+  nat_gateway_address: "192.168.40.134"
+  reachability_test_server_address: "192.168.40.134"
+
+ddossketch:
+  enable: 1
+
+app:
+  identify_by:
+    user_defined_signature: 1
+    builtin_app_engine: 1
+
+cm:
+  policy_server:
+    address: "192.168.44.72"
+    port: 7003
+
+olap:
+  kafka_broker:
+    address_list: ['192.168.44.11:9094','192.168.44.14:9094','192.168.44.15:9094']
+  hos_server:
+    address: "192.168.44.67"
+    port: 9098
+
+coredump:
+  format: core
+  collect: local
+  sentry_url: https://sentry.mesalab.cn/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025
+
+app_behavior:
+  enable: 1
diff --git a/demo/ansible/tasks/provision.yml b/demo/ansible/tasks/provision.yml
new file mode 100644
index 0000000..4d566a5
--- /dev/null
+++ b/demo/ansible/tasks/provision.yml
@@ -0,0 +1,18 @@
+---
+- hosts: provision
+  tasks:
+    - name: create vsys workload resource directory
+      file:
+        path: /opt/tsg/{{vsys.id}}/containerd/workload-resouce
+        state: directory
+
+    - name: Template the tsg-containerd-wr.yml
+      template:
+        src: "../templates/tsg-containerd-wr.yml.j2"
+        dest: /opt/tsg/{{vsys.id}}/containerd/workload-resouce/tsg-containerd-wr.yml
+
+    - name: Apply configmap
+      shell: kubectl create configmap {{vsys.id}}-provision-config --from-file provision.yml
+
+    - name: Apply tsg-containerd-wr.yml
+      shell: kubectl apply -f /opt/tsg/{{vsys.id}}/containerd/workload-resouce/tsg-containerd-wr.yml
+\ No newline at end of file
diff --git a/demo/ansible/templates/tsg-containerd-wr.yml.j2 b/demo/ansible/templates/tsg-containerd-wr.yml.j2
new file mode 100644
index 0000000..9b8566a
--- /dev/null
+++ b/demo/ansible/templates/tsg-containerd-wr.yml.j2
@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ vsys.id }}
+  labels:
+    app: {{ vsys.id }}
+
+spec:
+  selector:
+    matchLabels:
+      app: {{ vsys.id }}
+  template:
+    metadata:
+      labels:
+        app: {{ vsys.id }}
+
+    spec:
+      tolerations:
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: firewall
+        image: docker.io/library/tsg:firewall
+        imagePullPolicy: Never
+        command: ["/bin/bash", "-c", "tail -f /dev/null"]
+        securityContext:
+          privileged: true
+
+        volumeMounts:
+        - mountPath: /opt/tsg/mrzcpd
+          name: opt-tsg-mrzcpd
+          readOnly: false
+        - mountPath: /var/run/mrzcpd
+          name: var-run-mrzcpd
+          readOnly: false
+        - mountPath: /var/run/dpdk
+          name: var-run-dpdk
+          readOnly: false
+        - mountPath: /root/sys
+          name: root-sys
+          readOnly: false
+        - name: provision-config
+          mountPath: "/data/tsg-os-provision"
+          readOnly: true
+
+{% if proxy.enable == 1 %}
+      - name: proxy
+        image: docker.io/library/tsg:proxy
+        imagePullPolicy: Never
+        command: ["/bin/bash", "-c", "tail -f /dev/null"]
+        securityContext:
+          privileged: true
+
+        volumeMounts:
+        - mountPath: /opt/tsg/mrzcpd
+          name: opt-tsg-mrzcpd
+          readOnly: false
+        - mountPath: /var/run/mrzcpd
+          name: var-run-mrzcpd
+          readOnly: false
+        - mountPath: /var/run/dpdk
+          name: var-run-dpdk
+          readOnly: false
+        - mountPath: /root/sys
+          name: root-sys
+          readOnly: false
+        - name: provision-config
+          mountPath: "/data/tsg-os-provision"
+          readOnly: true
+{% endif %}
+
+      volumes:
+      - name: opt-tsg-mrzcpd
+        hostPath:
+          path: /opt/tsg/mrzcpd
+      - name: var-run-mrzcpd
+        hostPath:
+          path: /var/run/mrzcpd
+      - name: var-run-dpdk
+        hostPath:
+          path: /var/run/dpdk
+      - name: root-sys
+        hostPath:
+          path: /root/sys
+      - name: provision-config
+        configMap:
+          name: {{vsys.id}}-prosivion-config
+\ No newline at end of file