summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzhangzhihan <[email protected]>2020-04-26 02:09:50 +0800
committerzhangzhihan <[email protected]>2020-04-26 02:09:50 +0800
commitf8ba0f2019101146a20c4b9b2aa4f482af87d296 (patch)
tree6a1acba88555a4284038841eff0a8fd191205630
parent633624c5a5b33fb4ab02944315bcc50f14afca55 (diff)
功能端部署剧本升级,适配20.4版本
Diffstat
-rw-r--r--install_config/group_vars/all.yml87
-rw-r--r--install_config/group_vars/blade-00.yml23
-rw-r--r--install_config/group_vars/blade-01.yml11
-rw-r--r--install_config/group_vars/blade-02.yml10
-rw-r--r--install_config/group_vars/blade-03.yml10
-rw-r--r--install_config/hosts26
-rw-r--r--roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpmbin0 -> 2122592 bytes
-rw-r--r--roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpmbin0 -> 20280 bytes
-rw-r--r--roles/clotho/files/clotho.service13
-rw-r--r--roles/clotho/tasks/main.yml30
-rw-r--r--roles/clotho/templates/clotho.conf.j27
-rw-r--r--roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpmbin0 -> 20608 bytes
-rw-r--r--roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpmbin0 -> 20280 bytes
-rw-r--r--roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpmbin0 -> 19624 bytes
-rw-r--r--roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpmbin0 -> 16576 bytes
-rw-r--r--roles/firewall/files/fw_http_plug-debug-1.0.6.7b34485-1.el7.centos.x86_64.rpmbin0 -> 220276 bytes
-rw-r--r--roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpmbin0 -> 18592 bytes
-rw-r--r--roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpmbin0 -> 19652 bytes
-rw-r--r--roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpmbin0 -> 18232 bytes
-rw-r--r--roles/firewall/templates/capture_packet_plug.conf.j225
-rwxr-xr-xroles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpmbin0 -> 2011028 bytes
-rw-r--r--roles/framework/files/framework.conf1
-rw-r--r--roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpmbin0 -> 490652 bytes
-rw-r--r--roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpmbin0 -> 115960 bytes
-rw-r--r--roles/http_healthcheck/tasks/main.yml10
-rw-r--r--roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpmbin0 -> 76956 bytes
-rw-r--r--roles/kni/files/kni-20.04-1.el7.x86_64.rpmbin0 -> 88732 bytes
-rw-r--r--roles/mrzcpd/files/mrzcpd-4.3.17.f543325-1.el7.x86_64.rpmbin0 -> 33279784 bytes
-rw-r--r--roles/mrzcpd/templates/mrglobal.conf.allot_access.j268
-rw-r--r--roles/mrzcpd/templates/mrtunnat.conf.allot_access.j219
-rw-r--r--roles/sapp/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpmbin0 -> 49652 bytes
-rwxr-xr-xroles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpmbin0 -> 3882928 bytes
-rwxr-xr-xroles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpmbin0 -> 18436 bytes
-rw-r--r--roles/tsg-env-mcn0/templates/setup.AllotAccess.j2144
-rwxr-xr-xroles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup148
-rw-r--r--roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup347
-rw-r--r--roles/tsg_master/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpmbin0 -> 49652 bytes
-rw-r--r--roles/tsg_master/tasks/main.yml10
38 files changed, 989 insertions, 0 deletions
diff --git a/install_config/group_vars/all.yml b/install_config/group_vars/all.yml
new file mode 100644
index 0000000..5c65e0c
--- /dev/null
+++ b/install_config/group_vars/all.yml
@@ -0,0 +1,87 @@
+########################################
+tsg_access_type: 0
+
+########################################
+maat_redis_server:
+ address: "192.168.40.168"
+ port: 7002
+ db: 0
+
+dynamic_maat_redis_server:
+ address: "192.168.40.168"
+ port: 7002
+ db: 0
+
+cert_store_server:
+ address: "127.0.0.1"
+ port: 9991
+
+log_kafkabrokers:
+ address: "192.168.40.169:9092"
+
+log_minio:
+ address: "192.168.40.168;"
+ port: 9090
+
+fs_remote:
+ switch: 1
+ address: "127.0.0.1"
+ port: 8125
+
+########################################
+sapp:
+ worker_threads: 16
+ bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+
+########################################
+kni:
+ global:
+ log_level: 30
+ tfe_node_count: 3
+ watch_dog:
+ switch: 1
+ maat:
+ readconf_mode: 2
+ send_logger:
+ switch: 1
+ tfe_nodes:
+ - tfe0:
+ enabled: 1
+ - tfe1:
+ enabled: 1
+ - tfe2:
+ enabled: 1
+
+########################################
+tfe:
+ nr_threads: 32
+ mc_cache_eth: lo
+ keykeeper:
+ mode: "normal"
+ no_cache: 0
+
+########################################
+mrzcpd:
+ iocore: 39
+
+mrtunnat:
+ lcore_id: 38
+
+########################################
+nic_mgr:
+ name: eth0
+nic_data_incoming:
+ name: tun_kni
+ address: 127.0.0.1
+nic_inner_ctrl:
+ name: eth0.100
+nic_traffic_mirror:
+ name: lo
+ use_mrzcpd: 0
+
+nic_transparent_mode:
+ enable: 1
+ mode: pcap
+ internel_interface: "eth2"
+ external_interface: "eth3"
+
diff --git a/install_config/group_vars/blade-00.yml b/install_config/group_vars/blade-00.yml
new file mode 100644
index 0000000..d236c2b
--- /dev/null
+++ b/install_config/group_vars/blade-00.yml
@@ -0,0 +1,23 @@
+nic_mgr:
+ name: enp6s0
+nic_data_incoming:
+ name: ens1f4
+ ip: 192.168.1.30
+ mask: 255.255.255.252
+nic_inner_ctrl:
+ name: ens1.100
+nic_to_tfe:
+ tfe0:
+ name: ens1f5
+ tfe1:
+ name: ens1f6
+ tfe2:
+ name: ens1f7
+
+AllotAccess:
+ virturlInterface_1: ens1f2.103
+ virturlInterface_2: ens1f2.104
+ virturlID_1: 103
+ virturlID_2: 104
+ vvipv4_mask: 24
+ vvipv6_mask: 64
diff --git a/install_config/group_vars/blade-01.yml b/install_config/group_vars/blade-01.yml
new file mode 100644
index 0000000..baec084
--- /dev/null
+++ b/install_config/group_vars/blade-01.yml
@@ -0,0 +1,11 @@
+nic_mgr:
+ name: enp6s0
+nic_data_incoming:
+ name: ens1f1
+ mac: AA:BB:CC:DD:EE:FF
+ address: 127.0.0.1
+nic_inner_ctrl:
+ name: ens1.100
+nic_traffic_mirror:
+ name: ens1f2
+ use_mrzcpd: 1
diff --git a/install_config/group_vars/blade-02.yml b/install_config/group_vars/blade-02.yml
new file mode 100644
index 0000000..0d98ac5
--- /dev/null
+++ b/install_config/group_vars/blade-02.yml
@@ -0,0 +1,10 @@
+nic_mgr:
+ name: enp6s0
+nic_data_incoming:
+ name: ens8f1
+ mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+ name: ens8.100
+nic_traffic_mirror:
+ name: ens8f2
+ use_mrzcpd: 1
diff --git a/install_config/group_vars/blade-03.yml b/install_config/group_vars/blade-03.yml
new file mode 100644
index 0000000..0d98ac5
--- /dev/null
+++ b/install_config/group_vars/blade-03.yml
@@ -0,0 +1,10 @@
+nic_mgr:
+ name: enp6s0
+nic_data_incoming:
+ name: ens8f1
+ mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+ name: ens8.100
+nic_traffic_mirror:
+ name: ens8f2
+ use_mrzcpd: 1
diff --git a/install_config/hosts b/install_config/hosts
new file mode 100644
index 0000000..2ee4e69
--- /dev/null
+++ b/install_config/hosts
@@ -0,0 +1,26 @@
+[all:vars]
+ansible_user=root
+package_source=local
+
+[pc-as-tun-mode]
+
+[blade-mxn]
+192.168.40.170
+
+[blade-00]
+192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
+
+[blade-01]
+192.168.40.167
+
+[blade-02]
+192.168.40.168
+
+[blade-03]
+192.168.40.169
+
+[Functional_Host:children]
+blade-00
+blade-01
+blade-02
+blade-03
diff --git a/roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm b/roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm
new file mode 100644
index 0000000..9061d15
--- /dev/null
+++ b/roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm b/roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm
new file mode 100644
index 0000000..6601627
--- /dev/null
+++ b/roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/clotho/files/clotho.service b/roles/clotho/files/clotho.service
new file mode 100644
index 0000000..860fe46
--- /dev/null
+++ b/roles/clotho/files/clotho.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=clotho
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/home/mesasoft/clotho/clotho
+ExecStop=killall clotho
+Type=forking
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clotho/tasks/main.yml b/roles/clotho/tasks/main.yml
new file mode 100644
index 0000000..30f7b28
--- /dev/null
+++ b/roles/clotho/tasks/main.yml
@@ -0,0 +1,30 @@
+- name: "copy clotho rpm to destination server"
+ copy:
+ src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
+ dest: /tmp/ansible_deploy/
+
+- name: "copy clotho.service to destination server"
+ copy:
+ src: "{{ role_path }}/files/clotho.service"
+ dest: /usr/lib/systemd/system
+ mode: 0755
+
+- name: "install clotho rpm from localhost"
+ yum:
+ name:
+ - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+ state: present
+
+- name: "Template the clotho.conf"
+ template:
+ src: "{{ role_path }}/templates/clotho.conf.j2"
+ dest: /home/mesasoft/clotho/conf/clotho.conf
+ tags: template
+
+- name: "start clotho"
+ systemd:
+ name: clotho.service
+ enabled: yes
+ state: started
+ daemon_reload: yes
+
diff --git a/roles/clotho/templates/clotho.conf.j2 b/roles/clotho/templates/clotho.conf.j2
new file mode 100644
index 0000000..b85c316
--- /dev/null
+++ b/roles/clotho/templates/clotho.conf.j2
@@ -0,0 +1,7 @@
+[KAFKA]
+BROKER_LIST={{ log_kafkabrokers.address }}
+
+[SYSTEM]
+NIC_NAME={{ nic_mgr.name }}
+LOG_LEVEL=10
+LOG_PATH=log/clotho
diff --git a/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
new file mode 100644
index 0000000..0876b5d
--- /dev/null
+++ b/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm
new file mode 100644
index 0000000..6601627
--- /dev/null
+++ b/roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..73504d3
--- /dev/null
+++ b/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..de29362
--- /dev/null
+++ b/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/fw_http_plug-debug-1.0.6.7b34485-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_http_plug-debug-1.0.6.7b34485-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..d25be26
--- /dev/null
+++ b/roles/firewall/files/fw_http_plug-debug-1.0.6.7b34485-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..9e9cf56
--- /dev/null
+++ b/roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..38df0fc
--- /dev/null
+++ b/roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm b/roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..37745d0
--- /dev/null
+++ b/roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/templates/capture_packet_plug.conf.j2 b/roles/firewall/templates/capture_packet_plug.conf.j2
new file mode 100644
index 0000000..aa9e6c5
--- /dev/null
+++ b/roles/firewall/templates/capture_packet_plug.conf.j2
@@ -0,0 +1,25 @@
+[MAAT]
+MAAT_MODE=2
+#EFFECTIVE_FLAG=
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=conf/capture_packet_tableinfo.conf
+STAT_FILE=capture_packet_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX=0
+JSON_CFG_FILE=conf/capture_packet_maat.json
+INC_CFG_DIR=capture_packet_rule/inc/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
+
+[LOG]
+NIC_NAME={{ nic_mgr.name }}
+BROKER_LIST={{ log_kafkabrokers.address }}
+FIELD_FILE=conf/capture_packet_log_field.conf
+
+[SYSTEM]
+LOG_LEVEL=10
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+
diff --git a/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm b/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
new file mode 100755
index 0000000..ec80489
--- /dev/null
+++ b/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/framework.conf b/roles/framework/files/framework.conf
new file mode 100644
index 0000000..446277c
--- /dev/null
+++ b/roles/framework/files/framework.conf
@@ -0,0 +1 @@
+/opt/MESA/lib/
diff --git a/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm b/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm
new file mode 100644
index 0000000..372f30d
--- /dev/null
+++ b/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm b/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm
new file mode 100644
index 0000000..eff24ad
--- /dev/null
+++ b/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/http_healthcheck/tasks/main.yml b/roles/http_healthcheck/tasks/main.yml
new file mode 100644
index 0000000..82f34c4
--- /dev/null
+++ b/roles/http_healthcheck/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: "copy http_healthcheck rpm to destination server"
+ copy:
+ src: "{{ role_path }}/files/"
+ dest: /tmp/ansible_deploy/
+
+- name: "install http_healthcheck from localhost"
+ yum:
+ name:
+ - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
+ state: present
diff --git a/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm b/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm
new file mode 100644
index 0000000..e5a68ba
--- /dev/null
+++ b/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm
Binary files differ
diff --git a/roles/kni/files/kni-20.04-1.el7.x86_64.rpm b/roles/kni/files/kni-20.04-1.el7.x86_64.rpm
new file mode 100644
index 0000000..197bebe
--- /dev/null
+++ b/roles/kni/files/kni-20.04-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/mrzcpd/files/mrzcpd-4.3.17.f543325-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.17.f543325-1.el7.x86_64.rpm
new file mode 100644
index 0000000..caa34c1
--- /dev/null
+++ b/roles/mrzcpd/files/mrzcpd-4.3.17.f543325-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/mrzcpd/templates/mrglobal.conf.allot_access.j2 b/roles/mrzcpd/templates/mrglobal.conf.allot_access.j2
new file mode 100644
index 0000000..a4ab0ad
--- /dev/null
+++ b/roles/mrzcpd/templates/mrglobal.conf.allot_access.j2
@@ -0,0 +1,68 @@
+[device]
+device=ens1f4,ens1f5,ens1f6,ens1f7,vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:ens1f4]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+vlan-filter=0
+vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }}
+vlan-pvid=0
+vlan-pvid-mode=2
+
+[device:ens1f5]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:ens1f6]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:ens1f7]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,ens1f4,ens1f4
+forward_rule_1=vp,ens1f4,ens1f4
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,ens1f5,ens1f5
+forward_rule_5=vp,ens1f5,ens1f5
+forward_rule_6=pv,ens1f6,ens1f6
+forward_rule_7=vp,ens1f6,ens1f6
+forward_rule_8=pv,ens1f7,ens1f7
+forward_rule_9=vp,ens1f7,ens1f7
+
diff --git a/roles/mrzcpd/templates/mrtunnat.conf.allot_access.j2 b/roles/mrzcpd/templates/mrtunnat.conf.allot_access.j2
new file mode 100644
index 0000000..8e6f9cb
--- /dev/null
+++ b/roles/mrzcpd/templates/mrtunnat.conf.allot_access.j2
@@ -0,0 +1,19 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev=ens1f4
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0={{ AllotAccess.virturlID_1 }}
+i_router_vlan_id_0={{ AllotAccess.virturlID_2 }}
+en_mac_flipping_0=1
+
diff --git a/roles/sapp/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm b/roles/sapp/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..b81cfd6
--- /dev/null
+++ b/roles/sapp/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm
new file mode 100755
index 0000000..7f8410d
--- /dev/null
+++ b/roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm b/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
new file mode 100755
index 0000000..bae4165
--- /dev/null
+++ b/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
Binary files differ
diff --git a/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2 b/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2
new file mode 100644
index 0000000..c07c2ca
--- /dev/null
+++ b/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2
@@ -0,0 +1,144 @@
+#!/bin/bash
+# set -x
+
+CURRENT_PATH=`dirname $0`
+TP_SVR=192.168.100.5
+TP_PORT=10000
+REMOTE_CONTROL_BIN=switch_control_client_non_block
+
+function get_netdev_by_pci()
+{
+ DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'`
+ for i in ${DEV_LIST}
+ do
+ ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1
+ if [ $? -eq 0 ];then
+ TARGET=${i}
+ break
+ fi
+ done
+
+ echo ${TARGET}
+}
+
+function pf_setup()
+{
+ ifconfig ens1 up
+
+ modprobe 8021q
+ vconfig add ens1 100
+ vconfig set_flag ens1.100 1 1
+ ifconfig ens1.100 192.168.100.1 netmask 255.255.255.0 up
+ sleep 1
+}
+
+function vf_setup()
+{
+ echo 8 > /sys/class/net/ens1/device/sriov_numvfs
+ sleep 5
+
+ ifconfig ens1f3 up
+ ip link set ens1 vf 2 vlan 200
+ ifconfig ens1f3 192.168.200.1 netmask 255.255.255.0
+
+ ifconfig ens1f1 up
+ ifconfig ens1f2 up
+ ifconfig ens1f3 up
+ ifconfig ens1f4 up
+ ifconfig ens1f5 up
+ ifconfig ens1f6 up
+ ifconfig ens1f7 up
+ ifconfig enp1s1 up
+
+ sleep 5
+}
+
+function bring_down_pfvf()
+{
+ echo 0 > /sys/class/net/ens1/device/sriov_numvfs
+ ifconfig ens1 down
+ sleep 3
+}
+
+function AllotAccessNetworkModel()
+{
+ ip link add link ens1f2 name {{ AllotAccess.virturlInterface_1 }} type vlan id {{ AllotAccess.virturlID_1 }}
+ ip link add link ens1f2 name {{ AllotAccess.virturlInterface_2 }} type vlan id {{ AllotAccess.virturlID_2 }}
+ ip addr add {{ vvipv4_1 }}/{{ AllotAccess.vvipv4_mask }} dev {{ AllotAccess.virturlInterface_1 }}
+ ip addr add {{ vvipv4_2 }}/{{ AllotAccess.vvipv4_mask }} dev {{ AllotAccess.virturlInterface_2 }}
+ ip -6addr add {{ vvipv6_1 }}/{{ AllotAccess.vvipv6_mask }} dev {{ AllotAccess.virturlInterface_1 }}
+ ip -6addr add {{ vvipv6_2 }}/{{ AllotAccess.vvipv6_mask }} dev {{ AllotAccess.virturlInterface_2 }}
+}
+
+# Main loop
+while :
+do
+ FAIL_FLAG=0
+
+ # Make sure PF is valid
+ ping ${TP_SVR} -c 1
+ if [ $? -ne 0 ];then
+ echo "Please make sure switch board is up."
+ bring_down_pfvf
+ pf_setup
+ continue
+ fi
+
+ # Make sure TestPoint is up.
+ ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version"
+ if [ $? -ne 0 ];then
+ echo "Cannot reach TestPoint!"
+ echo "Please make sure TestPoint is up and in remote-listen mode."
+ sleep 5
+ continue
+ fi
+
+ # Create VFs and get MAC addresses
+ vf_setup
+
+ PF=`get_netdev_by_pci 01:00.0`
+ VF1=`get_netdev_by_pci 01:00.1`
+ VF2=`get_netdev_by_pci 01:00.2`
+ VF3=`get_netdev_by_pci 01:00.3`
+ VF4=`get_netdev_by_pci 01:00.4`
+ VF5=`get_netdev_by_pci 01:00.5`
+ VF6=`get_netdev_by_pci 01:00.6`
+ VF7=`get_netdev_by_pci 01:00.7`
+ VF8=`get_netdev_by_pci 01:01.0`
+
+ MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'`
+ MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'`
+ MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'`
+ MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'`
+ MAC5=`ifconfig ${VF5} |grep ether |awk -F' ' '{print $2}'`
+ MAC6=`ifconfig ${VF6} |grep ether |awk -F' ' '{print $2}'`
+ MAC7=`ifconfig ${VF7} |grep ether |awk -F' ' '{print $2}'`
+ MAC8=`ifconfig ${VF8} |grep ether |awk -F' ' '{print $2}'`
+ MAC9=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'`
+
+ # Make sure VFs are valid
+ MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"`
+
+ for i in ${MAC1} ${MAC2} ${MAC3} ${MAC4} ${MAC5} ${MAC6} ${MAC7} ${MAC8} ${MAC9}
+ do
+ echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1
+ if [ $? -ne 0 ];then
+ echo "MAC ${i} is not in table!"
+ FAIL_FLAG=1
+ break
+ fi
+ done
+
+ if [ ${FAIL_FLAG} -eq 1 ];then
+ bring_down_pfvf
+ continue
+ fi
+
+ # Set_AllotAccessNetworkModel
+ AllotAccessNetworkModel
+
+ echo "PF/VF setup successful."
+ exit 0
+done
+
+
diff --git a/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup b/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup
new file mode 100755
index 0000000..c143a6e
--- /dev/null
+++ b/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup
@@ -0,0 +1,148 @@
+# TestPoint History
+load ./Config/libertyTrail/testpoint_startup
+
+add vlan port 1 0
+
+create vlan 100
+add vlan port 100 0,11,37,39,41,43
+set port config 11 pvid 100
+set port config 11 mask 0,37,39,41,43
+set port config 0,11,39,37,41,43 learning on
+
+create vlan 200
+add vlan port 200 0,37,39,9,10,41,43
+set port config 0 mask 9..44
+set port config 37 mask 0..36,38..44
+set port config 39 mask 0..38,40..44
+set port config 41 mask 0..40,42..44
+set port config 43 mask 0..44
+set port config 0,39,37,41,43 learning on
+
+create vlan 1000
+add vlan port 1000 43
+create vlan 1001
+add vlan port 1001 43
+
+create lag
+add lag 9261 9,10
+add vlan port 200 9261
+set port config 9261 pvid 200
+set port config 9261 parser_cfg L4
+set port config 9261 learning on
+set port config 9261 mask 0,11..44
+
+create vlan all
+create lag
+add vlan port all 43
+add lag 9293 1,2,3,4
+add vlan port all 9293
+set port config 9293 parser_cfg L4
+set port config 9293 learning on
+set port config 9293 mask 0,5..44
+set vlan tagging all 1,2,3,4 tag
+set vlan tagging 1 1,2,3,4 untag
+
+create lag
+add lag 9325 5,6,7,8
+add vlan port all 9325
+set port config 9325 parser_cfg L4
+set port config 9325 learning on
+set port config 9325 mask 0..4,9..44
+set vlan tagging all 5,6,7,8 tag
+set vlan tagging 1 5,6,7,8 untag
+
+set port 37,39,41,43 powerdown
+set port 37,39,41,43 up
+set port 1..36 up
+
+set port config 11 parser_cfg L4
+set port config 37..44 parser_cfg L4
+
+set port config 11..36 max_frame_size 15360
+set switch reserved_mac all switch
+
+set switch config hashing l234 use_smac on
+set switch config hashing l234 use_dmac on
+set switch config hashing l234 use_l34 on
+set switch config hashing l34 use_dip on
+set switch config hashing l34 use_sip on
+set switch config hashing l234 symmetric on
+set switch config hashing l34 symmetric on
+
+
+set port config 9261,9293,9325 max_frame_size 15360
+create acl 1
+
+create acl-rule 1 61
+add acl-rule condition 1 61 src-glort 0x5803
+add acl-rule condition 1 61 vlan 1000
+add acl-rule action 1 61 redirect 7220
+add acl-rule action 1 61 vlan 1
+
+create acl-rule 1 62
+add acl-rule condition 1 62 src-glort 0x5803
+add acl-rule condition 1 62 vlan 1001
+add acl-rule action 1 62 redirect 7213
+add acl-rule action 1 62 vlan 1
+
+create acl-rule 1 100
+add acl-rule condition 1 100 src-glort 0x5803
+add acl-rule action 1 100 redirect 9293
+
+create acl-rule 1 101
+add acl-rule condition 1 101 src-port 1
+add acl-rule action 1 101 redirect 7216
+create acl-rule 1 102
+add acl-rule condition 1 102 src-port 2
+add acl-rule action 1 102 redirect 7216
+create acl-rule 1 103
+add acl-rule condition 1 103 src-port 3
+add acl-rule action 1 103 redirect 7216
+create acl-rule 1 104
+add acl-rule condition 1 104 src-port 4
+add acl-rule action 1 104 redirect 7216
+
+create acl-rule 1 200
+add acl-rule condition 1 200 src-glort 0x5804
+add acl-rule action 1 200 redirect 6189
+create acl-rule 1 201
+add acl-rule condition 1 201 src-glort 0x5805
+add acl-rule action 1 201 redirect 5165
+create acl-rule 1 202
+add acl-rule condition 1 202 src-glort 0x5806
+add acl-rule action 1 202 redirect 4141
+create acl-rule 1 203
+add acl-rule condition 1 203 src-glort 0x5000
+add acl-rule action 1 203 redirect 7217
+create acl-rule 1 204
+add acl-rule condition 1 204 src-glort 0x4800
+add acl-rule action 1 204 redirect 7218
+create acl-rule 1 205
+add acl-rule condition 1 205 src-glort 0x4000
+add acl-rule action 1 205 redirect 7219
+
+create acl-rule 1 301
+add acl-rule condition 1 301 src-glort 0x5807
+add acl-rule action 1 301 redirect 7216
+add acl-rule action 1 301 vlan 1000
+
+create acl-rule 1 302
+add acl-rule condition 1 302 src-glort 0x5800
+add acl-rule action 1 302 redirect 7216
+add acl-rule action 1 302 vlan 1001
+
+create acl-rule 1 401
+add acl-rule condition 1 401 src-glort 0x5001
+add acl-rule action 1 401 redirect 9325
+create acl-rule 1 402
+add acl-rule condition 1 402 src-glort 0x4801
+add acl-rule action 1 402 redirect 9325
+create acl-rule 1 403
+add acl-rule condition 1 403 src-glort 0x4001
+add acl-rule action 1 403 redirect 9325
+create acl-rule 1 404
+add acl-rule condition 1 404 src-glort 0x5801
+add acl-rule action 1 404 redirect 9325
+
+apply acl
+remote listen
diff --git a/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup b/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup
new file mode 100644
index 0000000..18e5429
--- /dev/null
+++ b/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup
@@ -0,0 +1,347 @@
+# TestPoint History
+load ./Config/libertyTrail/testpoint_startup
+
+add vlan port 1 0
+
+create vlan 100
+add vlan port 100 0,11,37,39,41,43
+set port config 11 pvid 100
+set port config 11 mask 0,37,39,41,43
+set port config 0,11,39,37,41,43 learning on
+
+create vlan 200
+add vlan port 200 0,37,39,9,10,41,43
+set port config 0 mask 9..44
+set port config 37 mask 0..36,38..44
+set port config 39 mask 0..38,40..44
+set port config 41 mask 0..40,42..44
+set port config 43 mask 0..44
+set port config 0,39,37,41,43 learning on
+
+create vlan 4000
+add vlan port 4000 43
+create vlan 4001
+add vlan port 4001 43
+
+create lag
+add lag 9261 9,10
+add vlan port 200 9261
+set port config 9261 pvid 200
+set port config 9261 parser_cfg L4
+set port config 9261 learning on
+set port config 9261 mask 0,11..44
+
+create vlan all
+create lag
+add vlan port all 43
+add lag 9293 1,2,3,4
+add vlan port all 9293
+set port config 9293 parser_cfg L4
+set port config 9293 learning on
+set port config 9293 mask 0,5..44
+set vlan tagging all 1,2,3,4 tag
+set vlan tagging 1 1,2,3,4 untag
+
+create lag
+add lag 9325 5,6,7,8
+add vlan port all 9325
+set port config 9325 parser_cfg L4
+set port config 9325 learning on
+set port config 9325 mask 0..4,9..44
+set vlan tagging all 5,6,7,8 tag
+set vlan tagging 1 5,6,7,8 untag
+
+set port 37,39,41,43 powerdown
+set port 37,39,41,43 up
+set port 1..36 up
+
+set port config 11 parser_cfg L4
+set port config 37..44 parser_cfg L4
+
+set port config 11..36 max_frame_size 15360
+set switch reserved_mac all switch
+
+set switch config hashing l234 use_smac on
+set switch config hashing l234 use_dmac on
+set switch config hashing l234 use_l34 on
+set switch config hashing l34 use_dip on
+set switch config hashing l34 use_sip on
+set switch config hashing l234 symmetric on
+set switch config hashing l34 symmetric on
+
+
+set port config 9261,9293,9325 max_frame_size 15360
+create acl 1
+
+# Redirect all ARP request to ens1f2
+create acl-rule 1 40
+add acl-rule condition 1 40 src-port 1
+add acl-rule condition 1 40 ethtype 0x0806
+add acl-rule action 1 40 redirect 7214
+
+create acl-rule 1 41
+add acl-rule condition 1 41 src-port 2
+add acl-rule condition 1 41 ethtype 0x0806
+add acl-rule action 1 41 redirect 7214
+
+create acl-rule 1 42
+add acl-rule condition 1 42 src-port 3
+add acl-rule condition 1 42 ethtype 0x0806
+add acl-rule action 1 42 redirect 7214
+
+create acl-rule 1 43
+add acl-rule condition 1 43 src-port 4
+add acl-rule condition 1 43 ethtype 0x0806
+add acl-rule action 1 43 redirect 7214
+
+# Redirect all ICMPv4 to ens1f2 -- 10.0.0.0/8
+create acl-rule 1 44
+add acl-rule condition 1 44 src-port 1
+add acl-rule condition 1 44 protocol 0x1/0xff
+add acl-rule condition 1 44 sip 10.0.0.0/8
+add acl-rule condition 1 44 dip 10.0.0.0/8
+add acl-rule action 1 44 redirect 7214
+
+create acl-rule 1 45
+add acl-rule condition 1 45 src-port 2
+add acl-rule condition 1 45 protocol 0x1/0xff3
+add acl-rule condition 1 45 sip 10.0.0.0/8
+add acl-rule condition 1 45 dip 10.0.0.0/8
+add acl-rule action 1 45 redirect 7214
+
+create acl-rule 1 46
+add acl-rule condition 1 46 src-port 3
+add acl-rule condition 1 46 protocol 0x1/0xff
+add acl-rule condition 1 46 sip 10.0.0.0/8
+add acl-rule condition 1 46 dip 10.0.0.0/8
+add acl-rule action 1 46 redirect 7214
+
+create acl-rule 1 47
+add acl-rule condition 1 47 src-port 4
+add acl-rule condition 1 47 protocol 0x1/0xff
+add acl-rule condition 1 47 sip 10.0.0.0/8
+add acl-rule condition 1 47 dip 10.0.0.0/8
+add acl-rule action 1 47 redirect 7214
+
+# Redirect all ICMPv4 to ens1f2 -- 192.168.0.0/16
+create acl-rule 1 48
+add acl-rule condition 1 48 src-port 1
+add acl-rule condition 1 48 protocol 0x1/0xff
+add acl-rule condition 1 48 sip 192.168.0.0/16
+add acl-rule condition 1 48 dip 192.168.0.0/16
+add acl-rule action 1 48 redirect 7214
+
+create acl-rule 1 49
+add acl-rule condition 1 49 src-port 2
+add acl-rule condition 1 49 protocol 0x1/0xff3
+add acl-rule condition 1 49 sip 192.168.0.0/16
+add acl-rule condition 1 49 dip 192.168.0.0/16
+add acl-rule action 1 49 redirect 7214
+
+create acl-rule 1 50
+add acl-rule condition 1 50 src-port 3
+add acl-rule condition 1 50 protocol 0x1/0xff
+add acl-rule condition 1 50 sip 192.168.0.0/16
+add acl-rule condition 1 50 dip 192.168.0.0/16
+add acl-rule action 1 50 redirect 7214
+
+create acl-rule 1 51
+add acl-rule condition 1 51 src-port 4
+add acl-rule condition 1 51 protocol 0x1/0xff
+add acl-rule condition 1 51 sip 192.168.0.0/16
+add acl-rule condition 1 51 dip 192.168.0.0/16
+add acl-rule action 1 51 redirect 7214
+
+# Redirect all TCP with port 51218, for health check - 192.168.0.0/24
+create acl-rule 1 60
+add acl-rule condition 1 60 src-port 1
+add acl-rule condition 1 60 protocol 0x6/0xff
+add acl-rule condition 1 60 sip 192.168.0.0/16
+add acl-rule condition 1 60 dip 192.168.0.0/16
+add acl-rule condition 1 60 l4-dst-port 51218/0xffff
+add acl-rule action 1 60 redirect 7214
+
+create acl-rule 1 61
+add acl-rule condition 1 61 src-port 2
+add acl-rule condition 1 61 protocol 0x6/0xff
+add acl-rule condition 1 61 sip 192.168.0.0/16
+add acl-rule condition 1 61 dip 192.168.0.0/16
+add acl-rule condition 1 61 l4-dst-port 51218/0xffff
+add acl-rule action 1 61 redirect 7214
+
+create acl-rule 1 62
+add acl-rule condition 1 62 src-port 3
+add acl-rule condition 1 62 protocol 0x6/0xff
+add acl-rule condition 1 62 sip 192.168.0.0/16
+add acl-rule condition 1 62 dip 192.168.0.0/16
+add acl-rule condition 1 62 l4-dst-port 51218/0xffff
+add acl-rule action 1 62 redirect 7214
+
+create acl-rule 1 63
+add acl-rule condition 1 63 src-port 4
+add acl-rule condition 1 63 protocol 0x6/0xff
+add acl-rule condition 1 63 sip 192.168.0.0/16
+add acl-rule condition 1 63 dip 192.168.0.0/16
+add acl-rule condition 1 63 l4-dst-port 51218/0xffff
+add acl-rule action 1 63 redirect 7214
+
+# Redirect all TCP with port 51218, for health check - 10.0.0.0/8
+create acl-rule 1 64
+add acl-rule condition 1 64 src-port 1
+add acl-rule condition 1 64 protocol 0x6/0xff
+add acl-rule condition 1 64 sip 10.0.0.0/8
+add acl-rule condition 1 64 dip 10.0.0.0/8
+add acl-rule condition 1 64 l4-dst-port 51218/0xffff
+add acl-rule action 1 64 redirect 7214
+
+create acl-rule 1 65
+add acl-rule condition 1 65 src-port 2
+add acl-rule condition 1 65 protocol 0x6/0xff
+add acl-rule condition 1 65 sip 10.0.0.0/8
+add acl-rule condition 1 65 dip 10.0.0.0/8
+add acl-rule condition 1 65 l4-dst-port 51218/0xffff
+add acl-rule action 1 65 redirect 7214
+
+create acl-rule 1 66
+add acl-rule condition 1 66 src-port 3
+add acl-rule condition 1 66 protocol 0x6/0xff
+add acl-rule condition 1 66 sip 10.0.0.0/8
+add acl-rule condition 1 66 dip 10.0.0.0/8
+add acl-rule condition 1 66 l4-dst-port 51218/0xffff
+add acl-rule action 1 66 redirect 7214
+
+create acl-rule 1 67
+add acl-rule condition 1 67 src-port 4
+add acl-rule condition 1 67 protocol 0x6/0xff
+add acl-rule condition 1 67 sip 10.0.0.0/8
+add acl-rule condition 1 67 dip 10.0.0.0/8
+add acl-rule condition 1 67 l4-dst-port 51218/0xffff
+add acl-rule action 1 67 redirect 7214
+
+# Redirect all ICMPv6 link-scope packets
+create acl-rule 1 70
+add acl-rule condition 1 70 src-port 1
+add acl-rule condition 1 70 frame-type ipv6
+add acl-rule condition 1 70 ttl 255
+add acl-rule action 1 70 redirect 7214
+
+create acl-rule 1 71
+add acl-rule condition 1 71 src-port 2
+add acl-rule condition 1 71 frame-type ipv6
+add acl-rule condition 1 71 ttl 255
+add acl-rule action 1 71 redirect 7214
+
+create acl-rule 1 72
+add acl-rule condition 1 72 src-port 3
+add acl-rule condition 1 72 frame-type ipv6
+add acl-rule condition 1 72 ttl 255
+add acl-rule action 1 72 redirect 7214
+
+create acl-rule 1 73
+add acl-rule condition 1 73 src-port 4
+add acl-rule condition 1 73 frame-type ipv6
+add acl-rule condition 1 73 ttl 255
+add acl-rule action 1 73 redirect 7214
+
+create acl-rule 1 74
+add acl-rule condition 1 74 src-port 1
+add acl-rule condition 1 74 frame-type ipv6
+add acl-rule condition 1 74 sip fc00::/7
+add acl-rule condition 1 74 dip fc00::/7
+add acl-rule action 1 74 redirect 7214
+
+create acl-rule 1 75
+add acl-rule condition 1 75 src-port 2
+add acl-rule condition 1 75 frame-type ipv6
+add acl-rule condition 1 75 sip fc00::/7
+add acl-rule condition 1 75 dip fc00::/7
+add acl-rule action 1 75 redirect 7214
+
+create acl-rule 1 76
+add acl-rule condition 1 76 src-port 3
+add acl-rule condition 1 76 frame-type ipv6
+add acl-rule condition 1 76 sip fc00::/7
+add acl-rule condition 1 76 dip fc00::/7
+add acl-rule action 1 76 redirect 7214
+
+create acl-rule 1 77
+add acl-rule condition 1 77 src-port 4
+add acl-rule condition 1 77 frame-type ipv6
+add acl-rule condition 1 77 sip fc00::/7
+add acl-rule condition 1 77 dip fc00::/7
+add acl-rule action 1 77 redirect 7214
+
+create acl-rule 1 80
+add acl-rule condition 1 80 src-glort 0x5801
+add acl-rule action 1 80 redirect 9293
+
+create acl-rule 1 90
+add acl-rule condition 1 90 src-glort 0x5803
+add acl-rule condition 1 90 vlan 4000
+add acl-rule action 1 90 redirect 7220
+add acl-rule action 1 90 vlan 1
+
+create acl-rule 1 91
+add acl-rule condition 1 91 src-glort 0x5803
+add acl-rule condition 1 91 vlan 4001
+add acl-rule action 1 91 redirect 7213
+add acl-rule action 1 91 vlan 1
+
+create acl-rule 1 100
+add acl-rule condition 1 100 src-glort 0x5803
+add acl-rule action 1 100 redirect 9293
+
+create acl-rule 1 101
+add acl-rule condition 1 101 src-port 1
+add acl-rule action 1 101 redirect 7216
+create acl-rule 1 102
+add acl-rule condition 1 102 src-port 2
+add acl-rule action 1 102 redirect 7216
+create acl-rule 1 103
+add acl-rule condition 1 103 src-port 3
+add acl-rule action 1 103 redirect 7216
+create acl-rule 1 104
+add acl-rule condition 1 104 src-port 4
+add acl-rule action 1 104 redirect 7216
+
+create acl-rule 1 200
+add acl-rule condition 1 200 src-glort 0x5804
+add acl-rule action 1 200 redirect 6189
+create acl-rule 1 201
+add acl-rule condition 1 201 src-glort 0x5805
+add acl-rule action 1 201 redirect 5165
+create acl-rule 1 202
+add acl-rule condition 1 202 src-glort 0x5806
+add acl-rule action 1 202 redirect 4141
+create acl-rule 1 203
+add acl-rule condition 1 203 src-glort 0x5000
+add acl-rule action 1 203 redirect 7217
+create acl-rule 1 204
+add acl-rule condition 1 204 src-glort 0x4800
+add acl-rule action 1 204 redirect 7218
+create acl-rule 1 205
+add acl-rule condition 1 205 src-glort 0x4000
+add acl-rule action 1 205 redirect 7219
+
+create acl-rule 1 301
+add acl-rule condition 1 301 src-glort 0x5807
+add acl-rule action 1 301 redirect 7216
+add acl-rule action 1 301 vlan 4000
+
+create acl-rule 1 302
+add acl-rule condition 1 302 src-glort 0x5800
+add acl-rule action 1 302 redirect 7216
+add acl-rule action 1 302 vlan 4001
+
+create acl-rule 1 401
+add acl-rule condition 1 401 src-glort 0x5001
+add acl-rule action 1 401 redirect 9325
+create acl-rule 1 402
+add acl-rule condition 1 402 src-glort 0x4801
+add acl-rule action 1 402 redirect 9325
+create acl-rule 1 403
+add acl-rule condition 1 403 src-glort 0x4001
+add acl-rule action 1 403 redirect 9325
+
+apply acl
+remote listen
diff --git a/roles/tsg_master/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm b/roles/tsg_master/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..b81cfd6
--- /dev/null
+++ b/roles/tsg_master/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
Binary files differ
diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml
new file mode 100644
index 0000000..5c57052
--- /dev/null
+++ b/roles/tsg_master/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: "copy tsg_master rpm to destination server"
+ copy:
+ src: "{{ role_path }}/files/"
+ dest: /tmp/ansible_deploy/
+
+- name: "install tsg_master from localhost"
+ yum:
+ name:
+ - /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
+ state: present
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 16:25:15 +0000