tsgv20.05更新

author: zhangzhihan <[email protected]> 2020-05-18 18:52:52 +0800
committer: zhangzhihan <[email protected]> 2020-05-18 18:52:52 +0800
commit: faae89e6e5f7e40be0c90f4041c35a9a31981868 (patch)
tree: 22086da1c3d91c5703a70f0bf4b4659016487e40
parent: cd5d4b9a42f056248528d59c7e6df186200d49a5 (diff)
57 files changed, 239 insertions, 54 deletions
diff --git a/roles/clotho/templates/clotho.conf.j2 b/roles/clotho/templates/clotho.conf.j2
index b85c316..0638aa3 100644
--- a/roles/clotho/templates/clotho.conf.j2
+++ b/roles/clotho/templates/clotho.conf.j2
@@ -2,6 +2,10 @@
 BROKER_LIST={{ log_kafkabrokers.address }}
 
 [SYSTEM]
+{% if tsg_access_typ == 0 %}
+NIC_NAME={{ tsg_tun_mode.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 LOG_LEVEL=10
 LOG_PATH=log/clotho
diff --git a/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm
new file mode 100644
index 0000000..dcf47d0
--- /dev/null
+++ b/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100644
index bc464cc..0000000
--- a/roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm b/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
new file mode 100644
index 0000000..e0f5a90
--- /dev/null
+++ b/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm b/roles/firewall/files/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
deleted file mode 100755
index 07696bb..0000000
--- a/roles/firewall/files/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm
new file mode 100644
index 0000000..056e182
--- /dev/null
+++ b/roles/firewall/files/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
deleted file mode 100644
index de29362..0000000
--- a/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm
new file mode 100644
index 0000000..54bae55
--- /dev/null
+++ b/roles/firewall/files/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100755
index cf78897..0000000
--- a/roles/firewall/files/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm b/roles/firewall/files/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm
new file mode 100644
index 0000000..93df525
--- /dev/null
+++ b/roles/firewall/files/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100644
index d04d29e..0000000
--- a/roles/firewall/files/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100644
index 033b4d1..0000000
--- a/roles/firewall/files/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
new file mode 100644
index 0000000..3fffca4
--- /dev/null
+++ b/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm b/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
new file mode 100644
index 0000000..5d10ae6
--- /dev/null
+++ b/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100644
index 0c5dd35..0000000
--- a/roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
new file mode 100644
index 0000000..f24a0ac
--- /dev/null
+++ b/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100644
index 44b1dea..0000000
--- a/roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
new file mode 100644
index 0000000..6d0a2b4
--- /dev/null
+++ b/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
diff --git a/roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100644
index 82d11ad..0000000
--- a/roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index b5ff6bc..f4a6b39 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -10,17 +10,17 @@
     state: present
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
       - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
 
diff --git a/roles/firewall/templates/capture_packet_plug.conf.j2 b/roles/firewall/templates/capture_packet_plug.conf.j2
index aa9e6c5..aefa19f 100644
--- a/roles/firewall/templates/capture_packet_plug.conf.j2
+++ b/roles/firewall/templates/capture_packet_plug.conf.j2
@@ -15,7 +15,11 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 
 [LOG]
+{% if tsg_access_type == 0 %}
+NIC_NAME={{ tsg_tun_mode.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 BROKER_LIST={{ log_kafkabrokers.address }}
 FIELD_FILE=conf/capture_packet_log_field.conf
 
diff --git a/roles/firewall/templates/main.conf.j2 b/roles/firewall/templates/main.conf.j2
index 87f561c..4538399 100644
--- a/roles/firewall/templates/main.conf.j2
+++ b/roles/firewall/templates/main.conf.j2
@@ -24,7 +24,11 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
+{% if tsg_access_type == 0 %}
+NIC_NAME={{ tsg_tun_mode.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 MAX_SERVICE=1
 LOG_LEVEL=10
 LOG_PATH=./tsglog/tsglog
diff --git a/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm b/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
deleted file mode 100755
index ec80489..0000000
--- a/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
+++ /dev/null
diff --git a/roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm b/roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
new file mode 100644
index 0000000..7075af8
--- /dev/null
+++ b/roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm b/roles/framework/files/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm
new file mode 100644
index 0000000..019ef51
--- /dev/null
+++ b/roles/framework/files/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm b/roles/framework/files/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm
new file mode 100644
index 0000000..d619e6c
--- /dev/null
+++ b/roles/framework/files/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm b/roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
new file mode 100644
index 0000000..be1eef3
--- /dev/null
+++ b/roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm b/roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
new file mode 100644
index 0000000..30cf381
--- /dev/null
+++ b/roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm b/roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
new file mode 100644
index 0000000..5218635
--- /dev/null
+++ b/roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm b/roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
new file mode 100644
index 0000000..005d21f
--- /dev/null
+++ b/roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm b/roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
new file mode 100644
index 0000000..d5fc04d
--- /dev/null
+++ b/roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm b/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm
deleted file mode 100644
index 372f30d..0000000
--- a/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/framework/files/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm
new file mode 100644
index 0000000..6a1f74f
--- /dev/null
+++ b/roles/framework/files/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm
diff --git a/roles/framework/files/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm b/roles/framework/files/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm
new file mode 100644
index 0000000..21fe4cb
--- /dev/null
+++ b/roles/framework/files/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm
diff --git a/roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm b/roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
new file mode 100644
index 0000000..db703cc
--- /dev/null
+++ b/roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml
index bb42da9..5617b6b 100644
--- a/roles/framework/tasks/main.yml
+++ b/roles/framework/tasks/main.yml
@@ -9,7 +9,26 @@
     state: present
   vars:
     packages:
-      - /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
+
+- name: "mkdir /etc/ld.so.conf.d/"
+  file:
+    path: /etc/ld.so.conf.d/
+    state: directory
+
+- name: "copy framework.conf to destination server"
+  copy: "{{ role_path }}/files/framework.conf"
+  dest: /etc/ld.so.conf.d/
 
 - name: "update ld"
   command: ldconfig
diff --git a/roles/kni/templates/kni.conf.j2 b/roles/kni/templates/kni.conf.j2
index 680d767..9d0ba36 100644
--- a/roles/kni/templates/kni.conf.j2
+++ b/roles/kni/templates/kni.conf.j2
@@ -2,7 +2,11 @@
 log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
+{% if tsg_access_type == 0 %}
+manage_eth = {{ tsg_tun_mode.ethname }}
+{% else %}
 manage_eth = {{ nic_mgr.name }}
+{% endif %}
 {% if tsg_access_type == 0 %}
 deploy_mode = tun
 {% else %}
@@ -30,12 +34,20 @@ ip_addr = 192.168.100.4
 {% endif %}
 
 [tfe_cmsg_receiver]
+{% if tsg_access_type == 0 %}
+listen_eth = {{ tsg_tun_mode.tun_name }}
+{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
+{% endif %}
 listen_port = 2475
 
 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
+{% if tsg_access_type == 0 %}
+listen_eth = {{ tsg_tun_mode.tun_name }}
+{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
+{% endif %}
 listen_port = 2476
 keepalive_idle = 2
 keepalive_intvl = 1
diff --git a/roles/mrzcpd/files/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm
index 3c91957..723306d 100644..100755
--- a/roles/mrzcpd/files/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm
+++ b/roles/mrzcpd/files/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm
diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml
index 6fb1448..4b6e626 100644
--- a/roles/mrzcpd/tasks/main.yml
+++ b/roles/mrzcpd/tasks/main.yml
@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
@@ -20,6 +20,15 @@
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: nic_traffic_mirror is defined
 
+
+- name: "update mrglobal.conf.tun_mode - tun_server"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 0
+
 - name: "update mrglobal.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
@@ -36,6 +45,14 @@
     - nic_traffic_mirror is not defined
     - tsg_access_type == 2
 
+- name: "update mrglobal.conf.allot - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 3
+
 - name: "update mrtunnat.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
@@ -52,6 +69,14 @@
     - nic_traffic_mirror is not defined
     - tsg_access_type == 2
 
+- name: "update mrtunnat.conf.allot_access - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrtunnat.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 3
+
 - name: "enable mrenv"
   systemd:
     name: mrenv
@@ -61,19 +86,19 @@
 - name: "enable mrzcpd"
   systemd:
     name: mrzcpd
-    enabled: 1
+    enabled: yes
     daemon_reload: yes
 
 - name: "enable mrtunnat on master"
   systemd:
     name: mrtunnat
-    enabled: 1
+    enabled: yes
     daemon_reload: yes
   when: nic_traffic_mirror is not defined
 
 - name: "disable mrtunnat on slave"
   systemd:
     name: mrtunnat
-    enabled: 0
+    enabled: no
     daemon_reload: yes
   when: nic_traffic_mirror is defined
diff --git a/roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2
new file mode 100644
index 0000000..fc9600d
--- /dev/null
+++ b/roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2
@@ -0,0 +1,67 @@
+[device]
+device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_data_incoming.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+vlan-filter=1
+vlan-id-allow=1000,1001,2000,2001,4000,4001
+#vlan-pvid=0
+#vlan-pvid-mode=0
+
+[device:{{nic_to_tfe.tfe0.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe1.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe2.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
+forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
diff --git a/roles/mrzcpd/templates/mrglobal.conf.inline.j2 b/roles/mrzcpd/templates/mrglobal.conf.inline.j2
index 5d5862b..fb4aa35 100644
--- a/roles/mrzcpd/templates/mrglobal.conf.inline.j2
+++ b/roles/mrzcpd/templates/mrglobal.conf.inline.j2
@@ -4,29 +4,16 @@ sz_tunnel=8192
 sz_buffer=0
 
 [device:{{nic_data_incoming.name}}]
-{% if nic_data_incoming.ip is defined %}
 in_addr={{nic_data_incoming.ip}}
-{% endif %}
-{% if nic_data_incoming.mask is defined %}
 in_mask={{nic_data_incoming.mask}}
-{% endif %}
-{% if nic_data_incoming.gw is defined %}
 gateway={{nic_data_incoming.gw}}
-{% endif %}
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
-{% if nic_data_incoming.ip is defined %}
 #vlan-filter=1
-#vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
+#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
 #vlan-pvid=0
 #vlan-pvid-mode=0
-{% else %}
-vlan-filter=0
-vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
-vlan-pvid=0
-vlan-pvid-mode=0
-{% endif %}
 
 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1
diff --git a/roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2 b/roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2
new file mode 100644
index 0000000..af2d528
--- /dev/null
+++ b/roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2
@@ -0,0 +1,28 @@
+[device]
+device=fake
+sz_tunnel=8192
+sz_buffer=0
+
+[device:lo]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+iocore={{ mrzcpd.iocore }}
+
+[eal]
+virtaddr=0x7d0000000000
+loglevel=7
+
+[keepalive]
+check_spinlock=1
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
diff --git a/roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2
new file mode 100644
index 0000000..29d8310
--- /dev/null
+++ b/roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2
@@ -0,0 +1,24 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{nic_data_incoming.name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0=4000
+i_router_vlan_id_0=4001
+en_mac_flipping_0=0
+c_router_vlan_id_1=1000
+i_router_vlan_id_1=1001
+en_mac_flipping_1=0
+c_router_vlan_id_2=2000
+i_router_vlan_id_2=2001
+en_mac_flipping_2=0
diff --git a/roles/sapp/files/sapp-4.0.12.f8435d8-x86_64.rpm b/roles/sapp/files/sapp-4.0.12.f8435d8-x86_64.rpm
new file mode 100644
index 0000000..aad4d1e
--- /dev/null
+++ b/roles/sapp/files/sapp-4.0.12.f8435d8-x86_64.rpm
diff --git a/roles/sapp/files/sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm b/roles/sapp/files/sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
deleted file mode 100644
index 712cb9d..0000000
--- a/roles/sapp/files/sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/sapp/files/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm b/roles/sapp/files/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm
new file mode 100644
index 0000000..27d8e69
--- /dev/null
+++ b/roles/sapp/files/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm
diff --git a/roles/sapp/files/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm b/roles/sapp/files/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm
deleted file mode 100644
index 9d334b7..0000000
--- a/roles/sapp/files/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml
index a5d19f2..edbdf8c 100644
--- a/roles/sapp/tasks/main.yml
+++ b/roles/sapp/tasks/main.yml
@@ -7,8 +7,7 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-    #  - /tmp/ansible_deploy/sapp-4.0.11.347f7b7-x86_64.rpm
-      - /tmp/ansible_deploy/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm
     state: present
 
 - name: "judge sapp"
@@ -17,7 +16,7 @@
   ignore_errors: true
 
 - name: "install sapp rpms from localhost"
-  shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
+  shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.12.f8435d8-x86_64.rpm
   when: return.rc != 0
 
 - name: make dir
diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2
index b65494d..028ad13 100644
--- a/roles/sapp/templates/sapp.toml.j2
+++ b/roles/sapp/templates/sapp.toml.j2
@@ -27,7 +27,7 @@ BSD_packet_filter=""
    
 ### note, depolyment.mode options: [mirror, inline, transparent]
     [packet_io.depolyment]
-    {% if nic_transparent_mode.enable == 1 %}
+    {% if tsg_access_type == 0 %}
     mode=transparent
     {% else %}
     mode=inline
@@ -35,18 +35,18 @@ BSD_packet_filter=""
 
 ### note, interface.type options: [pag,pcap,marsio]
     [packet_io.internal.interface]
-    {% if nic_transparent_mode.enable == 1 %}
-    type={{nic_transparent_mode.mode}}
-    name={{nic_transparent_mode.internel_interface}}
+    {% if tsg_access_type == 0 %}
+    type=pcap
+    name={{tsg_tun_mode.internel_interface}}
     {% else %}
     type=marsio
     name=vxlan_user
     {% endif %}
 
     [packet_io.external.interface]
-    {% if nic_transparent_mode.enable %}
-    type={{nic_transparent_mode.mode}}
-    name={{nic_transparent_mode.external_interface}}
+    {% if tsg_access_type == 0 %}
+    type=pcap
+    name={{tsg_tun_mode.external_interface}}
     {% else %}
     type=pcap
     name=lo
diff --git a/roles/tfe/files/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm
deleted file mode 100755
index 065549f..0000000
--- a/roles/tfe/files/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/tfe/files/tfe-4.3.2.374930d-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.2.374930d-1.el7.x86_64.rpm
new file mode 100755
index 0000000..fbf2b90
--- /dev/null
+++ b/roles/tfe/files/tfe-4.3.2.374930d-1.el7.x86_64.rpm
diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml
index 485abbc..9b0552b 100644
--- a/roles/tfe/tasks/main.yml
+++ b/roles/tfe/tasks/main.yml
@@ -8,7 +8,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.2.374930d-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"
diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2
index 46aa3c1..35730c0 100644
--- a/roles/tfe/templates/pangu_pxy.conf.j2
+++ b/roles/tfe/templates/pangu_pxy.conf.j2
@@ -2,7 +2,11 @@
 log_level=30
 
 [log]
-nic_name= {{ nic_mgr.name }}
+{% if tsg_access_type == 0 %}
+nic_name={{ tsg_tun_mode.ethname }}
+{% else %}
+nic_name={{ nic_mgr.name }}
+{% endif %}
 entrance_id=0
 kafka_brokerlist= {{ log_kafkabrokers.address }}
 kafka_topic=PROXY-EVENT-LOG
diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2
index 2874c27..edc4dd0 100644
--- a/roles/tfe/templates/tfe-env-config.j2
+++ b/roles/tfe/templates/tfe-env-config.j2
@@ -1,11 +1,14 @@
-
-TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}}
+{% if tsg_access_type == 0 %}
+TFE_DEVICE_DATA_INCOMING={{ tsg_tun_mode.tun_name }}
+{% else %}
+TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
+{% endif %}
 TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
 TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
 
 {% if tsg_access_type == 0 %}
-TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }}
+TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }}
 TFE_WATCHDOG_IP=192.168.100.1
 {% endif %}
diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2
index a8ebffd..62d2fd4 100644
--- a/roles/tfe/templates/tfe.conf.j2
+++ b/roles/tfe/templates/tfe.conf.j2
@@ -4,6 +4,7 @@ enable_breakpad=1
 enable_breakpad_upload=0
 breakpad_minidump_dir=/run/tfe/crashreport/
 breakpad_upload_url=http://127.0.0.1:9000/
+disable_coredump=0
 
 [kni]
 ip=192.168.100.1
@@ -30,7 +31,11 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
+{% if tsg_access_type == 0 %}
+mc_cache_eth={{ tsg_tun_mode.tun_name }}
+{% else %}
 mc_cache_eth={{ nic_inner_ctrl.name }}
+{% endif %}
 # default NULL
 mc_cache_broker_list={{ log_kafkabrokers.address }}
 # default PXY-EXCH-INTERMEDIA-CERT
diff --git a/roles/tsg-env-tun-mode/templates/setup.j2 b/roles/tsg-env-tun-mode/templates/setup.j2
index 5b88ab0..0d26092 100644
--- a/roles/tsg-env-tun-mode/templates/setup.j2
+++ b/roles/tsg-env-tun-mode/templates/setup.j2
@@ -1,11 +1,11 @@
 #!/bin/bash
 modprobe 8021q
-vconfig add {{ nic_mgr.name }} 100
-vconfig set_flag {{ nic_mgr.name }}.100 1 1
-ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up
-ethtool -K {{ nic_transparent_mode.internel_interface }} tso off
-ethtool -K {{ nic_transparent_mode.internel_interface }} gso off
-ethtool -K {{ nic_transparent_mode.internel_interface }} gro off
-ethtool -K {{ nic_transparent_mode.externel_interface }} tso off
-ethtool -K {{ nic_transparent_mode.externel_interface }} gso off
-ethtool -K {{ nic_transparent_mode.externel_interface }} gro off
+vconfig add {{ tsg_tun_mode.ethname }} 100
+vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1
+ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
+ethtool -K {{ tsg_tun_mode.internel_interface }} tso off
+ethtool -K {{ tsg_tun_mode.internel_interface }} gso off
+ethtool -K {{ tsg_tun_mode.internel_interface }} gro off
+ethtool -K {{ tsg_tun_mode.externel_interface }} tso off
+ethtool -K {{ tsg_tun_mode.externel_interface }} gso off
+ethtool -K {{ tsg_tun_mode.externel_interface }} gro off
diff --git a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
index 1ab740b..9976a0a 100644
--- a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
+++ b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
@@ -1,5 +1,5 @@
 #!/bin/bash
 #
 echo 0 >/sys/class/net/ens1/device/sriov_numvfs
-ifconfig {{ nic_mgr.name }}.100 down
-vconfig rem {{ nic_mgr.name }}.100
+ifconfig {{ tsg_tun_mode.ethname }}.100 down
+vconfig rem {{ tsg_tun_mode.ethname }}.100
author	zhangzhihan <[email protected]>	2020-05-18 18:52:52 +0800
committer	zhangzhihan <[email protected]>	2020-05-18 18:52:52 +0800
commit	faae89e6e5f7e40be0c90f4041c35a9a31981868 (patch)
tree	22086da1c3d91c5703a70f0bf4b4659016487e40
parent	cd5d4b9a42f056248528d59c7e6df186200d49a5 (diff)