summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzhangzhihan <[email protected]>2020-09-23 14:07:56 +0800
committerzhangzhihan <[email protected]>2020-09-23 14:07:56 +0800
commitc84cf9fa02f71279f6f157a12318ccab7bbc82e1 (patch)
tree0299fef8fa8744b3f61fea469b2790140905ccfa
parent37dab8e8425a98a9ddc72ddf1c635de2fdaac514 (diff)
update
Diffstat
-rw-r--r--deploy.yml9
-rw-r--r--install_config/group_vars/adc_global.yml12
-rw-r--r--install_config/group_vars/app_global.yml10
-rw-r--r--install_config/group_vars/server_as_tun_mode.yml13
-rw-r--r--install_config/hosts5
-rw-r--r--roles/app_global/files/app-sketch-global-1.0.2.20200907.81a5ea4-1.el7.x86_64.rpmbin0 -> 104988 bytes
-rwxr-xr-xroles/app_global/files/emqx-centos7-v4.1.2.x86_64.rpmbin0 -> 21330640 bytes
-rw-r--r--roles/app_global/tasks/main.yml28
-rw-r--r--roles/app_global/templates/app_sketch_global.conf.j236
-rw-r--r--roles/firewall/files/tsg_conn_sketch-2.0.5.63c1e51-2.el7.x86_64.rpmbin0 -> 21916 bytes
-rw-r--r--roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpmbin13124 -> 0 bytes
-rw-r--r--roles/firewall/tasks/main.yml3
-rw-r--r--roles/sapp/tasks/main.yml1
-rw-r--r--roles/sapp/templates/conflist.inf.j25
-rw-r--r--roles/tfe/templates/tfe.conf.j27
-rw-r--r--roles/tsg-app/files/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpmbin11664 -> 0 bytes
-rw-r--r--roles/tsg-app/files/app_master-1.0.4.d189dee-2.el7.x86_64.rpmbin104648 -> 0 bytes
-rw-r--r--roles/tsg-app/files/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpmbin22360 -> 0 bytes
-rw-r--r--roles/tsg-app/tasks/main.yml17
-rw-r--r--roles/tsg-diagnose_sync_ca/tasks/main.yml2
-rw-r--r--roles/tsg_app/files/app_control_plug-1.0.3.447fc53-2.el7.x86_64.rpmbin0 -> 12032 bytes
-rw-r--r--roles/tsg_app/files/app_master-1.0.5.5a4fb22-2.el7.x86_64.rpmbin0 -> 105496 bytes
-rw-r--r--roles/tsg_app/files/app_proto_identify-1.0.3.6c893f2-2.el7.x86_64.rpmbin0 -> 216112 bytes
-rw-r--r--roles/tsg_app/files/app_sketch_local-1.0.4.0edaf58-2.el7.x86_64.rpmbin0 -> 24764 bytes
-rw-r--r--roles/tsg_app/tasks/main.yml32
-rw-r--r--roles/tsg_app/templates/maat.conf.j234
-rw-r--r--roles/tsg_app/templates/main.conf.j239
-rw-r--r--roles/tsg_master/files/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpmbin66340 -> 0 bytes
-rw-r--r--roles/tsg_master/files/tsg_master-3.2.9.d1a6f00-2.el7.x86_64.rpmbin0 -> 65672 bytes
-rw-r--r--roles/tsg_master/tasks/main.yml2
-rw-r--r--uninstall/roles/package_list/20.09.yml1
-rwxr-xr-xuninstall/rpm_list.sh130
32 files changed, 340 insertions, 46 deletions
diff --git a/deploy.yml b/deploy.yml
index ab5c520..de27269 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -17,6 +17,7 @@
- tsg_master
- kni
- firewall
+ - tsg_app
- http_healthcheck
- clotho
- certstore
@@ -91,6 +92,7 @@
- tsg_master
- kni
- firewall
+ - tsg_app
- http_healthcheck
- clotho
- certstore
@@ -99,3 +101,10 @@
- telegraf_statistic
- proxy_status
# - tsg_device_tag
+
+- hosts: app_global
+ remote_user: root
+ vars_files:
+ - install_config/group_vars/app_global.yml
+ roles:
+ - app_global
diff --git a/install_config/group_vars/adc_global.yml b/install_config/group_vars/adc_global.yml
index 30feb6c..f49b963 100644
--- a/install_config/group_vars/adc_global.yml
+++ b/install_config/group_vars/adc_global.yml
@@ -50,9 +50,9 @@ clotho_log_level: 10
#Sapp Performance Config
#Sapp工作在ADC计算板0时,建议使用如下30+8的配置,以保证更高的处理性能
sapp:
- worker_threads: 30
- send_only_threads_max: 8
- bind_mask: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37
+ worker_threads: 37
+ send_only_threads_max: 1
+ bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
inbound_route_dir: 1
########################################
@@ -75,9 +75,6 @@ kni:
#Tfe Config
tfe:
nr_threads: 32
- mc_cache_eth: lo
- keykeeper:
- no_cache: 0
mirror_enable: 1
########################################
@@ -91,6 +88,5 @@ mrtunnat:
#########################################
#Tsg_app
-#0: Disable tsg_app 1: Enable tsg_app
tsg_app_enable: 1
-
+app_global_ip: "1.1.1.1"
diff --git a/install_config/group_vars/app_global.yml b/install_config/group_vars/app_global.yml
new file mode 100644
index 0000000..4a10d21
--- /dev/null
+++ b/install_config/group_vars/app_global.yml
@@ -0,0 +1,10 @@
+#########################################
+app_sketch_global_log_level: 10
+
+maat_redis_server:
+ address: "192.168.40.168"
+ port: 7002
+ db: 0
+
+file_stat_ip: "1.1.1.1"
+
diff --git a/install_config/group_vars/server_as_tun_mode.yml b/install_config/group_vars/server_as_tun_mode.yml
index 5b192f7..c3b40cb 100644
--- a/install_config/group_vars/server_as_tun_mode.yml
+++ b/install_config/group_vars/server_as_tun_mode.yml
@@ -58,9 +58,9 @@ clotho_log_level: 10
#Sapp Performance Config
#如果tsg_access_type=0,sapp跑在pcap模式,则以下配置可忽略
sapp:
- worker_threads: 16
- send_only_threads_max: 8
- bind_mask: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
+ worker_threads: 23
+ send_only_threads_max: 1
+ bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
inbound_route_dir: 1
#########################################
@@ -90,9 +90,6 @@ kni:
#Tfe Config
tfe:
nr_threads: 32
- mc_cache_eth: lo
- keykeeper:
- no_cache: 0
mirror_enable: 1
#########################################
@@ -105,8 +102,8 @@ mrtunnat:
#########################################
#Tsg_app
-#0: Disable tsg_app 1: Enable tsg_app
-tsg_app_enable: 0
+tsg_app_enable: 1
+app_global_ip: "1.1.1.1"
#########################################
#ATCA Config
diff --git a/install_config/hosts b/install_config/hosts
index 61d8650..13aea25 100644
--- a/install_config/hosts
+++ b/install_config/hosts
@@ -4,6 +4,10 @@
#变量device_id根据设备序号设置即可
#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置,其他环境可不填或直接删除变量
#
+#20.09版本新增APP部署
+#[app_global]
+#0.0.0.0
+
#[server-as-tun-mode]
#1.1.1.1 device_id=device_1
#
@@ -27,6 +31,7 @@
#10.3.76.1 device_id=device_1
#10.3.76.2 device_id=device_2
+[app_global]
[server-as-tun-mode]
[adc_mxn]
[adc_mcn0]
diff --git a/roles/app_global/files/app-sketch-global-1.0.2.20200907.81a5ea4-1.el7.x86_64.rpm b/roles/app_global/files/app-sketch-global-1.0.2.20200907.81a5ea4-1.el7.x86_64.rpm
new file mode 100644
index 0000000..391b51f
--- /dev/null
+++ b/roles/app_global/files/app-sketch-global-1.0.2.20200907.81a5ea4-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/app_global/files/emqx-centos7-v4.1.2.x86_64.rpm b/roles/app_global/files/emqx-centos7-v4.1.2.x86_64.rpm
new file mode 100755
index 0000000..cb690d9
--- /dev/null
+++ b/roles/app_global/files/emqx-centos7-v4.1.2.x86_64.rpm
Binary files differ
diff --git a/roles/app_global/tasks/main.yml b/roles/app_global/tasks/main.yml
new file mode 100644
index 0000000..a265197
--- /dev/null
+++ b/roles/app_global/tasks/main.yml
@@ -0,0 +1,28 @@
+- name: "copy app_global rpm to destination server"
+ copy:
+ src: "{{ role_path }}/files/"
+ dest: /tmp/ansible_deploy/
+
+- name: "install app rpms from localhost"
+ yum:
+ name:
+ - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
+ - /tmp/ansible_deploy/app-sketch-global-1.0.2.20200907.81a5ea4-1.el7.x86_64.rpm
+ state: present
+
+- name: "template the app_sketch_global.conf"
+ template:
+ src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
+ dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
+
+- name: "Start emqx"
+ systemd:
+ name: emqx.service
+ state: started
+ enabled: yes
+
+- name: "Start app-sketch-global"
+ systemd:
+ name: app-sketch-global.service
+ state: started
+ enabled: yes
diff --git a/roles/app_global/templates/app_sketch_global.conf.j2 b/roles/app_global/templates/app_sketch_global.conf.j2
new file mode 100644
index 0000000..7e64847
--- /dev/null
+++ b/roles/app_global/templates/app_sketch_global.conf.j2
@@ -0,0 +1,36 @@
+[SYSTEM]
+#1:print on screen, 0:don't
+DEBUG_SWITCH = 1
+#10:DEBUG, 20:INFO, 30:FATAL
+RUN_LOG_LEVEL = {{ app_sketch_global_log_level }}
+RUN_LOG_PATH = ./logs
+
+[CONFIG]
+#Number of running threads
+thread-nu = 1
+timeout = 3600
+address="tcp://127.0.0.1:1883"
+topic_name="APP_SIGNATURE_ID"
+client_name="ExampleClientSub"
+
+[maat]
+# 0:json 1: redis 2: iris
+maat_input_mode=1
+table_info=./resource/table_info.conf
+json_cfg_file=./resource/gtest.json
+stat_file=logs/verify-policy.status
+full_cfg_dir=verify-policy/
+inc_cfg_dir=verify-policy/
+
+maat_redis_server={{ maat_redis_server.address }}
+maat_redis_port_range={{ maat_redis_server.port }}
+maat_redis_db_index={{ maat_redis_server.db }}
+effect_interval_s=1
+accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
+
+[stat]
+statsd_server={{ file_stat_ip }}
+statsd_port=8100
+statsd_cycle=5
+# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
+statsd_format=2
diff --git a/roles/firewall/files/tsg_conn_sketch-2.0.5.63c1e51-2.el7.x86_64.rpm b/roles/firewall/files/tsg_conn_sketch-2.0.5.63c1e51-2.el7.x86_64.rpm
new file mode 100644
index 0000000..2d4cba4
--- /dev/null
+++ b/roles/firewall/files/tsg_conn_sketch-2.0.5.63c1e51-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm b/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
deleted file mode 100644
index af3776f..0000000
--- a/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
+++ /dev/null
Binary files differ
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index 4abeabb..908acb1 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -25,8 +25,7 @@
- /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
- /tmp/ansible_deploy/quic-1.1.9.810857d-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ssl-1.0.8.0068bd9-2.el7.x86_64.rpm
- - /tmp/ansible_deploy/tsg_conn_record-1.0.2.2afb19a-2.el7.x86_64.rpm
- - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/tsg_conn_sketch-2.0.5.63c1e51-2.el7.x86_64.rpm
- name: "Template the tsgconf/main.conf"
template:
diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml
index ba53c0c..b0e5f32 100644
--- a/roles/sapp/tasks/main.yml
+++ b/roles/sapp/tasks/main.yml
@@ -8,6 +8,7 @@
copy:
src: "{{ role_path }}/files/maat_redis_tool"
dest: /usr/local/bin
+ mode: 0755
- name: "install sapp rpms from localhost"
yum:
diff --git a/roles/sapp/templates/conflist.inf.j2 b/roles/sapp/templates/conflist.inf.j2
index 8a02354..aaa4219 100644
--- a/roles/sapp/templates/conflist.inf.j2
+++ b/roles/sapp/templates/conflist.inf.j2
@@ -10,9 +10,7 @@
#./plug/platform/http_healthcheck/http_healthcheck.inf
{% endif %}
./plug/platform/tsg_master/tsg_master.inf
-{% if tsg_app_enable == 1 %}
./plug/platform/app_master/app_master.inf
-{% endif %}
[protocol]
./plug/protocol/ssl/ssl.inf
@@ -30,10 +28,7 @@
./plug/business/fw_mail_plug/fw_mail_plug.inf
./plug/business/fw_ftp_plug/fw_ftp_plug.inf
./plug/business/fw_quic_plug/fw_quic_plug.inf
-./plug/business/tsg_conn_record/tsg_conn_record.inf
./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
./plug/business/capture_packet_plug/capture_packet_plug.inf
-{% if tsg_app_enable == 1 %}
./plug/business/app_sketch_local/app_sketch_local.inf
./plug/business/app_control_plug/app_control_plug.inf
-{% endif %}
diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2
index fffc9cc..b0e2077 100644
--- a/roles/tfe/templates/tfe.conf.j2
+++ b/roles/tfe/templates/tfe.conf.j2
@@ -14,7 +14,7 @@ breakpad_minidump_dir=/run/tfe/crashreport
# ask for at least (1 + nr_worker_threads) masks
# the first mask for acceptor thread
# the others mask for worker thread
-enable_cpu_affinity=1
+enable_cpu_affinity=0
cpu_affinity_mask=1-9
# LEAST_CONN = 0; ROUND_ROBIN = 1
load_balance=1
@@ -67,7 +67,8 @@ service_cache_fail_time_window=30
# cert
check_cert_crl=0
trusted_cert_load_local=1
-trusted_cert_file=resource/tfe/tls-ca-bundle.pem
+#trusted_cert_file=resource/tfe/tls-ca-bundle.pem
+trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem
trusted_cert_dir=resource/tfe/trusted_storage
# master key
@@ -76,7 +77,7 @@ key_log_file=log/sslkeylog.log
# mid cert cache
mc_cache_enable=1
-mc_cache_eth={{ nic_inner_ctrl.name }}
+mc_cache_eth={{ nic_mgr.name }}
mc_cache_broker_list={{ log_kafkabrokers.address }}
mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
diff --git a/roles/tsg-app/files/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm b/roles/tsg-app/files/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm
deleted file mode 100644
index ab9886f..0000000
--- a/roles/tsg-app/files/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm
+++ /dev/null
Binary files differ
diff --git a/roles/tsg-app/files/app_master-1.0.4.d189dee-2.el7.x86_64.rpm b/roles/tsg-app/files/app_master-1.0.4.d189dee-2.el7.x86_64.rpm
deleted file mode 100644
index 712d511..0000000
--- a/roles/tsg-app/files/app_master-1.0.4.d189dee-2.el7.x86_64.rpm
+++ /dev/null
Binary files differ
diff --git a/roles/tsg-app/files/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm b/roles/tsg-app/files/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm
deleted file mode 100644
index 0c29244..0000000
--- a/roles/tsg-app/files/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm
+++ /dev/null
Binary files differ
diff --git a/roles/tsg-app/tasks/main.yml b/roles/tsg-app/tasks/main.yml
deleted file mode 100644
index 73e2900..0000000
--- a/roles/tsg-app/tasks/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-- name: "copy tsg-app rpms to destination server"
- copy:
- src: "{{ role_path }}/files/"
- dest: /tmp/ansible_deploy/
-
-- name: "install tsg-app packages"
- yum:
- name: "{{ app_packages }}"
- state: present
- skip_broken: yes
- vars:
- app_packages:
- - /tmp/ansible_deploy/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm
- - /tmp/ansible_deploy/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm
- - /tmp/ansible_deploy/app_master-1.0.4.d189dee-2.el7.x86_64.rpm
- when: tsg-app_enable == 1
diff --git a/roles/tsg-diagnose_sync_ca/tasks/main.yml b/roles/tsg-diagnose_sync_ca/tasks/main.yml
index cc13196..8c52b32 100644
--- a/roles/tsg-diagnose_sync_ca/tasks/main.yml
+++ b/roles/tsg-diagnose_sync_ca/tasks/main.yml
@@ -2,5 +2,5 @@
shell: rsync -avzP --delete 192.168.100.1::blade0toother /tmp/sync/
- name: "tsg-diagnose: add badssl ca file to tfe tls-ca-bundle"
- shell: cat /tmp/sync/ca-root.crt >> /opt/tsg/tfe/resource/tfe/tls-ca-bundle.pem
+ shell: cat /tmp/sync/ca-root.crt >> /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem
diff --git a/roles/tsg_app/files/app_control_plug-1.0.3.447fc53-2.el7.x86_64.rpm b/roles/tsg_app/files/app_control_plug-1.0.3.447fc53-2.el7.x86_64.rpm
new file mode 100644
index 0000000..ad7245b
--- /dev/null
+++ b/roles/tsg_app/files/app_control_plug-1.0.3.447fc53-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/tsg_app/files/app_master-1.0.5.5a4fb22-2.el7.x86_64.rpm b/roles/tsg_app/files/app_master-1.0.5.5a4fb22-2.el7.x86_64.rpm
new file mode 100644
index 0000000..ac66184
--- /dev/null
+++ b/roles/tsg_app/files/app_master-1.0.5.5a4fb22-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/tsg_app/files/app_proto_identify-1.0.3.6c893f2-2.el7.x86_64.rpm b/roles/tsg_app/files/app_proto_identify-1.0.3.6c893f2-2.el7.x86_64.rpm
new file mode 100644
index 0000000..11284ff
--- /dev/null
+++ b/roles/tsg_app/files/app_proto_identify-1.0.3.6c893f2-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/tsg_app/files/app_sketch_local-1.0.4.0edaf58-2.el7.x86_64.rpm b/roles/tsg_app/files/app_sketch_local-1.0.4.0edaf58-2.el7.x86_64.rpm
new file mode 100644
index 0000000..e7cda10
--- /dev/null
+++ b/roles/tsg_app/files/app_sketch_local-1.0.4.0edaf58-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/tsg_app/tasks/main.yml b/roles/tsg_app/tasks/main.yml
new file mode 100644
index 0000000..2855b53
--- /dev/null
+++ b/roles/tsg_app/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: "copy tsg_app rpms to destination server"
+ copy:
+ src: "{{ role_path }}/files/"
+ dest: /tmp/ansible_deploy/
+
+- name: "install tsg_app packages"
+ yum:
+ name: "{{ app_packages }}"
+ state: present
+ skip_broken: yes
+ vars:
+ app_packages:
+ - /tmp/ansible_deploy/app_master-1.0.5.5a4fb22-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/app_control_plug-1.0.3.447fc53-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/app_proto_identify-1.0.3.6c893f2-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/app_sketch_local-1.0.4.0edaf58-2.el7.x86_64.rpm
+ when: tsg_app_enable == 1
+
+- name: "Template the appconf/main.conf"
+ template:
+ src: "{{ role_path }}/templates/main.conf.j2"
+ dest: /home/mesasoft/sapp_run/appconf/main.conf
+ tags: template
+ when: tsg_app_enable == 1
+
+- name: "Template the appconf/maat.conf"
+ template:
+ src: "{{ role_path }}/templates/maat.conf.j2"
+ dest: /home/mesasoft/sapp_run/appconf/maat.conf
+ tags: template
+ when: tsg_app_enable == 1
diff --git a/roles/tsg_app/templates/maat.conf.j2 b/roles/tsg_app/templates/maat.conf.j2
new file mode 100644
index 0000000..7e33b6f
--- /dev/null
+++ b/roles/tsg_app/templates/maat.conf.j2
@@ -0,0 +1,34 @@
+[APP_SIGNATURE_MAAT]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=appconf/app_id_tableinfo.conf
+STAT_FILE=app_id_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=appconf/app_id_maat.json
+INC_CFG_DIR=apprule/inc/index/
+FULL_CFG_DIR=apprule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/app/etc/app_device_tag.json
+
+[APP_ACTION_MAAT]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=appconf/app_action_tableinfo.conf
+STAT_FILE=app_action_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=appconf/app_action_maat.json
+INC_CFG_DIR=apprule/inc/index/
+FULL_CFG_DIR=apprule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+[MAAT]
+ACCEPT_TAGS={"tags":[{"tag":"device_id","value":"device_1"}]}
diff --git a/roles/tsg_app/templates/main.conf.j2 b/roles/tsg_app/templates/main.conf.j2
new file mode 100644
index 0000000..df77ffe
--- /dev/null
+++ b/roles/tsg_app/templates/main.conf.j2
@@ -0,0 +1,39 @@
+[FEEDBACK]
+QOS=1
+PUBLISH_TOPIC=APP_SIGNATURE_ID
+#CLIENT_ID=
+BROKER_LIST=tcp://192.168.40.161:1883
+
+[LUA]
+ENABLE=1
+
+[MAAT]
+PROFILE=./appconf/maat.conf
+
+[APP_LOG]
+MODE=1
+LOG_LEVEL={{ applog_level }}
+LOG_PATH=./applog/applog
+BROKER_LIST={{ log_kafkabrokers.address }}
+COMMON_FIELD_FILE=appconf/app_log_field.conf
+
+[FIELD_STAT]
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./app_stat.log
+APP_NAME=app_master
+
+[SYSTEM]
+LOG_LEVEL={{ app_master_log_level }}
+LOG_PATH=./applog/app_master
+NIC_NAME={{ nic_mgr.name }}
+
+[APP_SKETCH_LOCAL]
+LOG_LEVEL={{ app_sketch_local_log_level }}
+LOG_PATH=./applog/app_sketch_local/app_sketch_local
+
+[CONTROL_PLUG]
+LOG_LEVEL={{ app_control_plug_log_level }}
+LOG_PATH=./applog/app_control_plug/app_control_plug
+
diff --git a/roles/tsg_master/files/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm
deleted file mode 100644
index e23c375..0000000
--- a/roles/tsg_master/files/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm
+++ /dev/null
Binary files differ
diff --git a/roles/tsg_master/files/tsg_master-3.2.9.d1a6f00-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-3.2.9.d1a6f00-2.el7.x86_64.rpm
new file mode 100644
index 0000000..38a4f6d
--- /dev/null
+++ b/roles/tsg_master/files/tsg_master-3.2.9.d1a6f00-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml
index c0c6d41..1ff87ab 100644
--- a/roles/tsg_master/tasks/main.yml
+++ b/roles/tsg_master/tasks/main.yml
@@ -6,6 +6,6 @@
- name: "install tsg_master from localhost"
yum:
name:
- - /tmp/ansible_deploy/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/tsg_master-3.2.9.d1a6f00-2.el7.x86_64.rpm
state: present
skip_broken: yes
diff --git a/uninstall/roles/package_list/20.09.yml b/uninstall/roles/package_list/20.09.yml
index 8c275c1..61da56a 100644
--- a/uninstall/roles/package_list/20.09.yml
+++ b/uninstall/roles/package_list/20.09.yml
@@ -58,7 +58,6 @@ fw_http: fw_http_plug-3.0.0.1ca1c65-1.x86_64
fw_quic: fw_quic_plug-3.0.0.b06d39c-1.x86_64
fw_ssl: fw_ssl_plug-3.0.1.7ea9976-1.x86_64
fw_mail: fw_mail_plug-3.0.0.3b4e481-1.x86_64
-tsg_conn_record: tsg_conn_record-1.0.2.2afb19a-1.x86_64
tsg_conn_sketch: tsg_conn_sketch-2.0.v2.0_alpha.af621ca-1.x86_64
####################
diff --git a/uninstall/rpm_list.sh b/uninstall/rpm_list.sh
new file mode 100755
index 0000000..30492a5
--- /dev/null
+++ b/uninstall/rpm_list.sh
@@ -0,0 +1,130 @@
+#!/bin/bash
+#
+mrzcpd=`rpm -qa |grep ^mrzcpd`
+libcjson=`rpm -qa |grep ^libcjson`
+libdocument=`rpm -qa |grep ^libdocument`
+libmaatframe=`rpm -qa |grep ^libmaatframe`
+libMESA_field_stat=`rpm -qa |grep ^libMESA_field_stat-`
+libMESA_field_stat2=`rpm -qa |grep ^libMESA_field_stat2`
+libMESA_handle_logger=`rpm -qa |grep ^libMESA_handle_logger`
+libMESA_htable=`rpm -qa |grep ^libMESA_htable`
+libMESA_prof_load=`rpm -qa |grep ^libMESA_prof_load`
+librdkafka=`rpm -qa |grep ^librdkafka`
+librulescan=`rpm -qa |grep ^librulescan`
+libwiredcfg=`rpm -qa |grep ^libwiredcfg`
+libWiredLB=`rpm -qa |grep ^libWiredLB`
+lz4=`rpm -qa |grep ^lz4`
+libtsglua=`rpm -qa |grep ^libtsglua`
+sapp=`rpm -qa |grep ^sapp`
+tsg_master=`rpm -qa |grep ^tsg_master`
+kni=`rpm -qa |grep ^kni`
+capture_packet_plug=`rpm -qa |grep ^capture_packet_plug`
+dns=`rpm -qa |grep ^dns-`
+ftp=`rpm -qa |grep ^ftp-`
+mail=`rpm -qa |grep ^mail-`
+ssl=`rpm -qa |grep ^ssl-`
+quic=`rpm -qa |grep ^quic-`
+http=`rpm -qa |grep ^http-2`
+fw_dns=`rpm -qa |grep ^fw_dns`
+fw_ftp=`rpm -qa |grep ^fw_ftp`
+fw_http=`rpm -qa |grep ^fw_http`
+fw_quic=`rpm -qa |grep ^fw_quic`
+fw_ssl=`rpm -qa |grep ^fw_ssl`
+fw_mail=`rpm -qa |grep ^fw_mail`
+tsg_conn_sketch=`rpm -qa |grep ^tsg_conn_sketch`
+tsg_conn_record=`rpm -qa |grep ^tsg_conn_record`
+app_sketch_local=`rpm -qa |grep ^app_sketch_local`
+app_control_plug=`rpm -qa |grep ^app_control_plug`
+app_master=`rpm -qa |grep ^app_master`
+tfe=`rpm -qa |grep ^tfe-4`
+tfe_kmod=`rpm -qa |grep ^tfe-kmod`
+http_healthcheck=`rpm -qa |grep ^http_healthcheck`
+clotho=`rpm -qa |grep ^clotho`
+certstore=`rpm -qa |grep ^certstore`
+
+
+cat > ./tsg_version.yml <<EOF
+####################
+#marsio
+mrzcpd: $mrzcpd
+
+####################
+#kernel
+kernel_ml: kernel-ml-5.1.8-1.el7.elrepo.x86_64
+kernel_ml_devel: kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64
+dkms: dkms-2.7.1-1.el7.noarch
+elfutils_libelf_devel: elfutils-libelf-devel-0.168-8.el7.x86_64
+pkgconfig: pkgconfig-0.27.1-4.el7.x86_64
+zlib_devel: zlib-devel-1.2.7-17.el7.x86_64
+
+####################
+#framework
+libcjson: $libcjson
+libdocument: $libdocument
+libmaatframe: $libmaatframe
+libMESA_field_stat: $libMESA_field_stat
+libMESA_field_stat2: $libMESA_field_stat2
+libMESA_handle_logger: $libMESA_handle_logger
+libMESA_htable: $libMESA_htable
+libMESA_prof_load: $libMESA_prof_load
+librdkafka: $librdkafka
+librulescan: $librulescan
+libwiredcfg: $libwiredcfg
+libWiredLB: $libWiredLB
+lz4: $lz4
+libtsglua: $libtsglua
+
+####################
+#sapp
+sapp: $sapp
+
+####################
+#tsg_master
+tsg_master: $tsg_master
+
+####################
+#kni
+kni: $kni
+
+####################
+#firewall
+capture_packet_plug: $capture_packet_plug
+dns: $dns
+ftp: $ftp
+http: $http
+quic: $quic
+ssl: $ssl
+mail: $mail
+fw_dns: $fw_dns
+fw_ftp: $fw_ftp
+fw_http: $fw_http
+fw_quic: $fw_quic
+fw_ssl: $fw_ssl
+fw_mail: $fw_mail
+tsg_conn_sketch: $tsg_conn_sketch
+tsg_conn_record: $tsg_conn_record
+
+####################
+#Tsg_app
+app_sketch_local: $app_sketch_local
+app_control_plug: $app_control_plug
+app_master: $app_master
+
+####################
+#tfe
+tfe: $tfe
+tfe_kmod: $tfe_kmod
+
+####################
+#http_healthcheck
+http_healthcheck: $http_healthcheck
+
+#####################
+#clotho
+clotho: $clotho
+
+#####################
+#certstore
+certstore: $certstore
+
+EOF
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:12:30 +0000