20.07.rc1tsg-version20.07.rc1-deploy

author: zhangzhihan <[email protected]> 2020-07-24 16:06:23 +0800
committer: zhangzhihan <[email protected]> 2020-07-24 16:06:23 +0800
commit: 4ea95f72011b6ed5b3da2fe2769821f01b369e6c (patch)
tree: 4ab5ec258e4e5c3a62b039060f8495cf4937b41e
parent: e6fbb265a82a3e8939cc54707358616579e0fcf4 (diff)
52 files changed, 217 insertions, 156 deletions
diff --git a/install_config/group_vars/all.yml b/install_config/group_vars/all.yml
index 442e8be..bffd0f9 100644
--- a/install_config/group_vars/all.yml
+++ b/install_config/group_vars/all.yml
@@ -60,7 +60,6 @@ tfe:
   nr_threads: 32
   mc_cache_eth: lo 
   keykeeper:
-    mode: "normal"
     no_cache: 0
 
 ########################################
diff --git a/roles/firewall/files/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm b/roles/firewall/files/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
new file mode 100644
index 0000000..71e7a48
--- /dev/null
+++ b/roles/firewall/files/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100644
index 0876b5d..0000000
--- a/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm
deleted file mode 100644
index dcf47d0..0000000
--- a/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
new file mode 100644
index 0000000..f1cc58d
--- /dev/null
+++ b/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm b/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
deleted file mode 100755
index e0f5a90..0000000
--- a/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/ftp-1.0.6.2710506-2.el7.x86_64.rpm b/roles/firewall/files/ftp-1.0.6.2710506-2.el7.x86_64.rpm
new file mode 100644
index 0000000..01cd8a8
--- /dev/null
+++ b/roles/firewall/files/ftp-1.0.6.2710506-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm b/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
new file mode 100644
index 0000000..4d1aca7
--- /dev/null
+++ b/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
deleted file mode 100644
index 73504d3..0000000
--- a/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
deleted file mode 100644
index 4f8f7df..0000000
--- a/roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
new file mode 100644
index 0000000..cc78802
--- /dev/null
+++ b/roles/firewall/files/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
deleted file mode 100644
index d4a9845..0000000
--- a/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
new file mode 100644
index 0000000..73e73d7
--- /dev/null
+++ b/roles/firewall/files/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm b/roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
deleted file mode 100644
index d49eada..0000000
--- a/roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm b/roles/firewall/files/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
new file mode 100644
index 0000000..2e11d37
--- /dev/null
+++ b/roles/firewall/files/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm b/roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
deleted file mode 100644
index faa95cf..0000000
--- a/roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm b/roles/firewall/files/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm
new file mode 100644
index 0000000..a9ecf90
--- /dev/null
+++ b/roles/firewall/files/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
deleted file mode 100644
index 3fffca4..0000000
--- a/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_ssl_plug-3.0.0.3a29c3f-2.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-3.0.0.3a29c3f-2.el7.x86_64.rpm
new file mode 100644
index 0000000..830c3e4
--- /dev/null
+++ b/roles/firewall/files/fw_ssl_plug-3.0.0.3a29c3f-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm b/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
deleted file mode 100644
index 5d10ae6..0000000
--- a/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/http-2.0.3.9218b4b-2.el7.x86_64.rpm b/roles/firewall/files/http-2.0.3.9218b4b-2.el7.x86_64.rpm
new file mode 100644
index 0000000..231a672
--- /dev/null
+++ b/roles/firewall/files/http-2.0.3.9218b4b-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
deleted file mode 100644
index f24a0ac..0000000
--- a/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/mail-1.0.7.9e3be05-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
new file mode 100644
index 0000000..1ec20c3
--- /dev/null
+++ b/roles/firewall/files/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm b/roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
deleted file mode 100644
index ccd6241..0000000
--- a/roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm b/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
new file mode 100644
index 0000000..df8cdd3
--- /dev/null
+++ b/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
deleted file mode 100644
index 6d0a2b4..0000000
--- a/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
new file mode 100644
index 0000000..19e48c1
--- /dev/null
+++ b/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm b/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
new file mode 100644
index 0000000..af3776f
--- /dev/null
+++ b/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index a6c4c00..c2c86eb 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -11,21 +11,22 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.0.0.3a29c3f-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:
diff --git a/roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
deleted file mode 100644
index 0668dd4..0000000
--- a/roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/framework/files/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm
new file mode 100644
index 0000000..8bacf7c
--- /dev/null
+++ b/roles/framework/files/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm
diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml
index ed8fb4b..f6f1ea4 100644
--- a/roles/framework/tasks/main.yml
+++ b/roles/framework/tasks/main.yml
@@ -18,7 +18,7 @@
       - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
diff --git a/roles/kni/files/kni-20.06-1.el7.x86_64.rpm b/roles/kni/files/kni-20.06-1.el7.x86_64.rpm
deleted file mode 100644
index 0adb767..0000000
--- a/roles/kni/files/kni-20.06-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/kni/files/kni-20.07-1.el7.x86_64.rpm b/roles/kni/files/kni-20.07-1.el7.x86_64.rpm
new file mode 100644
index 0000000..2cefa0c
--- /dev/null
+++ b/roles/kni/files/kni-20.07-1.el7.x86_64.rpm
diff --git a/roles/kni/tasks/main.yml b/roles/kni/tasks/main.yml
index d2b8ab0..df94d99 100644
--- a/roles/kni/tasks/main.yml
+++ b/roles/kni/tasks/main.yml
@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.07-1.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf
diff --git a/roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm
index 29d0bca..a784468 100644
--- a/roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
+++ b/roles/mrzcpd/files/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm
diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml
index 4755904..c15a3b4 100644
--- a/roles/mrzcpd/tasks/main.yml
+++ b/roles/mrzcpd/tasks/main.yml
@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
diff --git a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
index c5f5b4e..951c9ac 100644
--- a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
+++ b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
@@ -1,7 +1,7 @@
 [device]
 device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
 sz_tunnel=8192
-sz_buffer=0
+sz_buffer=32
 
 [device:{{nic_data_incoming.vf0_name}}]
 mtu=4096
@@ -22,12 +22,15 @@ vlan-id-allow=4095
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1
+sz_tunnel=8192
+sz_buffer=0
 
 [service]
 # lcore id for i/o service, use comma to split
 iocore={{ mrzcpd.iocore }}
 distmode=2
 hashmode=0
+idle_threshold=10000
 
 [eal]
 virtaddr=0x7f40c4a00000
diff --git a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2
index c2f658c..4663143 100644
--- a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2
+++ b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2
@@ -11,6 +11,7 @@ use_recent_tunnel=0
 use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
+idle_threshold=10000
 
 [vlan_flipping]
 enable=1
diff --git a/roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm b/roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm
deleted file mode 100755
index f0ca673..0000000
--- a/roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm
+++ /dev/null
diff --git a/roles/sapp/files/sapp-4.0.18.bb2effd-x86_64...rpm b/roles/sapp/files/sapp-4.0.18.bb2effd-x86_64...rpm
new file mode 100755
index 0000000..5b3893b
--- /dev/null
+++ b/roles/sapp/files/sapp-4.0.18.bb2effd-x86_64...rpm
diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml
index 6c1c181..36aa5b5 100644
--- a/roles/sapp/tasks/main.yml
+++ b/roles/sapp/tasks/main.yml
@@ -7,7 +7,7 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/sapp-4.0.14.91cbc1b-x86_64.rpm
+      - /tmp/ansible_deploy/sapp-4.0.18.bb2effd-x86_64...rpm
     state: present
     skip_broken: yes
 
diff --git a/roles/sapp/templates/conflist.inf.j2 b/roles/sapp/templates/conflist.inf.j2
index 11b7d71..84a13e4 100644
--- a/roles/sapp/templates/conflist.inf.j2
+++ b/roles/sapp/templates/conflist.inf.j2
@@ -25,5 +25,7 @@
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
+./plug/business/fw_quic_plug/fw_quic_plug.inf
 ./plug/business/tsg_conn_record/tsg_conn_record.inf
+./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
 ./plug/business/capture_packet_plug/capture_packet_plug.inf
diff --git a/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
deleted file mode 100644
index 28234cf..0000000
--- a/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/tfe/files/tfe-4.3.7.39bff00-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.7.39bff00-1.el7.x86_64.rpm
new file mode 100644
index 0000000..9aecf93
--- /dev/null
+++ b/roles/tfe/files/tfe-4.3.7.39bff00-1.el7.x86_64.rpm
diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml
index 5356aa2..64af311 100644
--- a/roles/tfe/tasks/main.yml
+++ b/roles/tfe/tasks/main.yml
@@ -14,7 +14,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.7.39bff00-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"
@@ -37,6 +37,16 @@
     src: "{{ role_path }}/templates/pangu_pxy.conf.j2"
     dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
 
+- name: "create conf/doh/"
+  file:
+    path: /opt/tsg/tfe/conf/doh/ 
+    state: directory
+
+- name: "template the doh.conf"
+  template:
+    src: "{{ role_path }}/templates/doh.conf.j2"
+    dest: /opt/tsg/tfe/conf/doh/doh.conf
+
 - name: "create a override conf - first step, create dir"
   file:
     path: /etc/systemd/system/tfe.service.d/
diff --git a/roles/tfe/templates/doh.conf.j2 b/roles/tfe/templates/doh.conf.j2
new file mode 100644
index 0000000..300e584
--- /dev/null
+++ b/roles/tfe/templates/doh.conf.j2
@@ -0,0 +1,26 @@
+[doh]
+# default 1
+enable=1
+
+[log]
+# default 10
+# RLOG_LV_DEBUG : 10
+# RLOG_LV_INFO  : 20
+# RLOG_LV_FATAL : 30
+log_level=10
+
+[maat]
+# default TSG_OBJ_APP_ID
+table_appid=TSG_OBJ_APP_ID
+# default TSG_SECURITY_ADDR
+table_addr=TSG_SECURITY_ADDR
+# default TSG_FIELD_DOH_QNAME
+table_qname=TSG_FIELD_DOH_QNAME
+# default TSG_FIELD_HTTP_HOST
+table_host=TSG_FIELD_DOH_HOST
+
+[kafka]
+# default 0
+ENTRANCE_ID=0
+# default 1
+en_sendlog=1
diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2
index 8790677..26d8d15 100644
--- a/roles/tfe/templates/pangu_pxy.conf.j2
+++ b/roles/tfe/templates/pangu_pxy.conf.j2
@@ -1,129 +1,107 @@
-[debug]
-log_level=30
-
-[log]
-{% if tsg_running_type == 0 or 1 %}
-nic_name={{ server.ethname }}
-{% else %}
-nic_name={{ nic_mgr.name }}
-{% endif %}
-entrance_id=0
-device_id_filepath=/opt/tsg/etc/tsg_sn.json
-kafka_brokerlist= {{ log_kafkabrokers.address }}
-kafka_topic=PROXY-EVENT-LOG
-
-#Addresses of minio. Format is defined by WiredLB.
-#minio_ip_list=192.168.10.61-64;
-minio_ip_list= {{ log_minio.address }}
-minio_listen_port= {{ log_minio.port }}
-#Maximum number of connections opened by per host.
-#MAX_CONNECTION_PER_HOST=1
-#Maximum number of requests in a pipeline.
-#MAX_CNNT_PIPELINE_NUM=20
-#Maximum parellel sessions(http and redis) is allowed to open.
-#MAX_CURL_SESSION_NUM=100
-#Maximum time the request is allowed to take(seconds).
-#MAX_CURL_TRANSFER_TIMEOUT_S=0
-
-#Bucket name in minio.
-cache_bucket_name=proxybucket
-#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value.
-max_used_memroy_size_mb=5120
-#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute).
-cache_default_ttl_second=3600
-#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it.
-cache_object_key_hash_switch=1
-
-#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
-cache_store_object_way=0
-#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
-redis_cache_object_size=1024000
-#Configs of WiredLB for Minios load balancer.
-#WIREDLB_OVERRIDE=1
-wiredlb_health_port=42310
-#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
-redis_cluster_ip_list=192.168.10.62-63;
-redis_cluster_port_range=6379
-#wired load balancer configuration
-
-wiredlb_override=1
-wiredlb_topic=MinioFileLog
-wiredlb_datacenter=k18consul-tse
-wiredlb_health_port=52102
-wiredlb_group=FileLog
-
-log_fsstat_appname=tango_log_file
-log_fsstat_filepath=./tango_log_file.fs
-log_fsstat_interval=10
-log_fsstat_trig=1
-log_fsstat_dst_ip=10.4.20.202
-log_fsstat_dst_port=8125
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=resource/pangu/table_info.conf
-json_cfg_file=resource/pangu/pangu_http.json
-stat_file=log/pangu_scan.status
-full_cfg_dir=pangu_policy/full/index/
-inc_cfg_dir=pangu_policy/inc/index/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-
-[dynamic_maat]
-maat_input_mode=1
-table_info=resource/pangu/dynamic_maat_table_info.conf
-maat_redis_server={{ dynamic_maat_redis_server.address }}
-maat_redis_port_range={{ dynamic_maat_redis_server.port }}
-maat_redis_db_index={{ dynamic_maat_redis_server.db }}
-effect_interval_s=1
-
-[tango_cache]
-enable_cache=0
-minio_ip_list=192.168.10.61-64;
-minio_listen_port=9000
-
-#max_connection_per_host=1
-max_cnnt_pipeline_num=20
-#max_curl_session_num=100
-
-cache_bucket_name=proxybucket
-max_used_memory_size_mb=10240
-cache_default_ttl_second=3600
-cache_object_key_hash_switch=1
-
-#1-minio，2-redis
-#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
-cache_store_object_way=0
-#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
-redis_cache_object_size=102400
-#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
-redis_cluster_ip_list=192.168.10.62-63;
-redis_cluster_port_range=6379
-#wired load balancer configuration
-wiredlb_override=1
-wiredlb_topic=MinioCache
-wiredlb_datacenter=k18consul-tse
-wiredlb_health_port=52101
-wiredlb_group=TangoCache
-
-cache_undefined_obj=1
-query_undefined_obj=0
-statsd_server={{fs_remote.address}}
-statsd_port={{fs_remote.port}}
-histogram_bins=0.20,0.40,0.6,0.8
-
-log_fsstat_appname=tango_cache
-log_fsstat_filepath=./tango_cache_client.fs
-log_fsstat_interval=10
-log_fsstat_trig=1
-log_fsstat_dst_ip=10.4.20.201
-log_fsstat_dst_port=8125
-
-
-[traffic_mirror]
-table_info=resource/pangu/table_info_traffic_mirror.conf
-stat_file=log/traffic_mirror.status
+[debug]
+log_level=10
+
+[log]
+entrance_id=0
+
+#Addresses of minio. Format is defined by WiredLB.
+#minio_ip_list=192.168.10.61-64;
+minio_ip_list= {{ log_minio.address }}
+minio_listen_port= {{ log_minio.port }}
+#Maximum number of connections opened by per host.
+#MAX_CONNECTION_PER_HOST=1
+#Maximum number of requests in a pipeline.
+#MAX_CNNT_PIPELINE_NUM=20
+#Maximum parellel sessions(http and redis) is allowed to open.
+#MAX_CURL_SESSION_NUM=100
+#Maximum time the request is allowed to take(seconds).
+#MAX_CURL_TRANSFER_TIMEOUT_S=0
+
+#Bucket name in minio.
+cache_bucket_name=proxybucket
+#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value.
+max_used_memroy_size_mb=5120
+#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute).
+cache_default_ttl_second=3600
+#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it.
+cache_object_key_hash_switch=1
+
+#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
+cache_store_object_way=0
+#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
+redis_cache_object_size=1024000
+#Configs of WiredLB for Minios load balancer.
+#WIREDLB_OVERRIDE=1
+wiredlb_health_port=42310
+#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
+redis_cluster_ip_list=192.168.10.62-63;
+redis_cluster_port_range=6379
+#wired load balancer configuration
+
+wiredlb_override=1
+wiredlb_topic=MinioFileLog
+wiredlb_datacenter=k18consul-tse
+wiredlb_health_port=52102
+wiredlb_group=FileLog
+
+log_fsstat_appname=tango_log_file
+log_fsstat_filepath=./tango_log_file.fs
+log_fsstat_interval=10
+log_fsstat_trig=1
+log_fsstat_dst_ip=10.4.20.202
+log_fsstat_dst_port=8125
+
+[ratelimit]
+enable=0
+token_name=ratelimit
+redis_server={{ maat_redis_server.address }}
+redis_port={{ maat_redis_server.port }}
+redis_db_index=6
+
+[tango_cache]
+enable_cache=0
+minio_ip_list=192.168.10.61-64;
+minio_listen_port=9000
+
+#max_connection_per_host=1
+max_cnnt_pipeline_num=20
+#max_curl_session_num=100
+
+cache_bucket_name=proxybucket
+max_used_memory_size_mb=10240
+cache_default_ttl_second=3600
+cache_object_key_hash_switch=1
+
+#1-minio，2-redis
+#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
+cache_store_object_way=0
+#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
+redis_cache_object_size=102400
+#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
+redis_cluster_ip_list=192.168.10.62-63;
+redis_cluster_port_range=6379
+#wired load balancer configuration
+wiredlb_override=1
+wiredlb_topic=MinioCache
+wiredlb_datacenter=k18consul-tse
+wiredlb_health_port=52101
+wiredlb_group=TangoCache
+
+cache_undefined_obj=1
+query_undefined_obj=0
+statsd_server=192.168.10.72
+statsd_port=8126
+histogram_bins=0.20,0.40,0.6,0.8
+
+log_fsstat_appname=tango_cache
+log_fsstat_filepath=./tango_cache_client.fs
+log_fsstat_interval=10
+log_fsstat_trig=1
+log_fsstat_dst_ip=10.4.20.201
+log_fsstat_dst_port=8125
+
+
+[traffic_mirror]
+table_info=resource/pangu/table_info_traffic_mirror.conf
+stat_file=log/traffic_mirror.status
+
diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2
index 02beb08..cafdcc8 100644
--- a/roles/tfe/templates/tfe.conf.j2
+++ b/roles/tfe/templates/tfe.conf.j2
@@ -1,14 +1,15 @@
 [system]
 nr_worker_threads={{ tfe.nr_threads }}
-enable_breakpad=1
+enable_breakpad=0
 enable_breakpad_upload=0
 breakpad_minidump_dir=/run/tfe/crashreport/
 breakpad_upload_url=http://127.0.0.1:9000/
 disable_coredump=0
 
+
 [kni]
 ip=192.168.100.1
-scm_port=2475
+cmsg_port=2475
 watchdog_switch=1
 watchdog_port=2476
 
@@ -44,15 +45,17 @@ mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
 [key_keeper]
 #Mode: debug - generate cert with ca_path, normal - generate cert with cert store
 #0 on cache 1 off cache
-mode= {{ tfe.keykeeper.mode }}
+mode= normal
 no_cache=0
 cert_store_host= {{ cert_store_server.address }}
 cert_store_port= {{ cert_store_server.port }}
 ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
 untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
-enable_health_check=0
+# health_check only for "mode=normal"
+# default 1
+enable_health_check=1
 
-[debug]	
+[debug]
 passthrough_all_tcp=0
 
 [traffic_mirror]
@@ -84,6 +87,44 @@ level=10
 [stat]
 statsd_server={{ fs_remote.address }}
 statsd_port={{ fs_remote.port }}
+statsd_cycle=5
+# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
+statsd_format=2
 
 [http]
 loglevel=10
+
+[kafka]
+enable=1
+{% if tsg_running_type == 0 or 1 %}
+nic_name={{ server.ethname }}
+{% else %}
+nic_name={{ nic_mgr.name }}
+{% endif %}
+kafka_brokerlist={{ log_kafkabrokers.address }}
+kafka_topic=PROXY-EVENT-LOG
+device_id_filepath=/opt/tsg/etc/tsg_sn.json
+
+[maat]
+# 0:json 1: redis 2: iris
+maat_input_mode=1
+table_info=resource/pangu/table_info.conf
+json_cfg_file=resource/pangu/pangu_http.json
+stat_file=log/pangu_scan.status
+full_cfg_dir=pangu_policy/full/index/
+inc_cfg_dir=pangu_policy/inc/index/
+
+maat_redis_server={{ maat_redis_server.address }}
+maat_redis_port_range={{ maat_redis_server.port }}
+maat_redis_db_index={{ maat_redis_server.db }}
+effect_interval_s=1
+#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
+
+[dynamic_maat]
+maat_input_mode=1
+table_info=resource/pangu/dynamic_maat_table_info.conf
+maat_redis_server={{ dynamic_maat_redis_server.address }}
+maat_redis_port_range={{ dynamic_maat_redis_server.port }}
+maat_redis_db_index={{ dynamic_maat_redis_server.db }}
+effect_interval_s=1
+
diff --git a/roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
deleted file mode 100644
index 0c7893c..0000000
--- a/roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/tsg_master/files/tsg_master-3.0.3.3c9cf15-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-3.0.3.3c9cf15-2.el7.x86_64.rpm
new file mode 100644
index 0000000..5322b69
--- /dev/null
+++ b/roles/tsg_master/files/tsg_master-3.0.3.3c9cf15-2.el7.x86_64.rpm
diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml
index 3e75555..ef33686 100644
--- a/roles/tsg_master/tasks/main.yml
+++ b/roles/tsg_master/tasks/main.yml
@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-3.0.3.3c9cf15-2.el7.x86_64.rpm
     state: present
     skip_broken: yes
author	zhangzhihan <[email protected]>	2020-07-24 16:06:23 +0800
committer	zhangzhihan <[email protected]>	2020-07-24 16:06:23 +0800
commit	4ea95f72011b6ed5b3da2fe2769821f01b369e6c (patch)
tree	4ab5ec258e4e5c3a62b039060f8495cf4937b41e
parent	e6fbb265a82a3e8939cc54707358616579e0fcf4 (diff)