兼容Firewall版本, sapp和kni拆开

6 files changed, 204 insertions, 0 deletions

diff --git a/roles/sapp/files/sapp-4.0.5.3385992-1.el7.x86_64.rpm b/roles/sapp/files/sapp-4.0.5.3385992-1.el7.x86_64.rpm
new file mode 100644
index 0000000..1c10718
--- /dev/null
+++ b/roles/sapp/files/sapp-4.0.5.3385992-1.el7.x86_64.rpm
diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml
new file mode 100644
index 0000000..4e4224c
--- /dev/null
+++ b/roles/sapp/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: "copy sapp to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install sapp rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/sapp-4.0.5.3385992-1.el7.x86_64.rpm
+    state: present
+
+- name: Template the sapp.toml
+  template:
+    src: "{{ role_path }}/templates/sapp.toml.j2"
+    dest: /home/mesasoft/sapp_run/etc/sapp.toml
+  tags: template
+
+- name: Template the project_list.conf
+  template:
+    src: "{{ role_path }}/templates/project_list.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/project_list.conf
+  tags: template
+
+- name: Template the conflist.inf
+  template:
+    src: "{{ role_path }}/templates/conflist.inf.j2"
+    dest: /home/mesasoft/sapp_run/plug/conflist.inf
+  tags: template
+
+- name: Template the gdev.conf
+  template:
+    src: "{{ role_path }}/templates/gdev.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/gdev.conf
+  tags: template
+  
+- name: "enable sapp"
+  systemd:
+    name: sapp
+    enabled: yes
+    daemon_reload: yes
diff --git a/roles/sapp/templates/conflist.inf.j2 b/roles/sapp/templates/conflist.inf.j2
new file mode 100644
index 0000000..34f8339
--- /dev/null
+++ b/roles/sapp/templates/conflist.inf.j2
@@ -0,0 +1,19 @@
+[platform]
+./plug/platform/g_device_plug/g_device_plug.inf
+./plug/platform/tsg_master/tsg_master.inf
+
+[protocol]
+./plug/protocol/ssl/ssl.inf
+./plug/protocol/http/http.inf
+./plug/protocol/dns/dns.inf
+./plug/protocol/mail/mail.inf
+./plug/protocol/ftp/ftp.inf
+
+[business]
+./plug/business/kni/kni.inf
+./plug/business/fw_ssl/fw_ssl.inf
+./plug/business/fw_http_plug/fw_http_plug.inf
+./plug/business/fw_dns_plug/fw_dns_plug.inf
+./plug/business/fw_mail_plug/fw_mail_plug.inf
+./plug/business/fw_ftp_plug/fw_ftp_plug.inf
+./plug/business/tsg_conn_record/tsg_conn_record.inf
\ No newline at end of file
diff --git a/roles/sapp/templates/gdev.conf.j2 b/roles/sapp/templates/gdev.conf.j2
new file mode 100644
index 0000000..bb1bd30
--- /dev/null
+++ b/roles/sapp/templates/gdev.conf.j2
@@ -0,0 +1,5 @@
+[Module]
+pcapdevice={{ nic_data_incoming.name }}
+sendto_gdev_card={{ nic_data_incoming.name }}
+sendto_gdev_ip={{ nic_data_incoming.address }}
+gdev_status_switch=1
\ No newline at end of file
diff --git a/roles/sapp/templates/project_list.conf.j2 b/roles/sapp/templates/project_list.conf.j2
new file mode 100644
index 0000000..c712a15
--- /dev/null
+++ b/roles/sapp/templates/project_list.conf.j2
@@ -0,0 +1,4 @@
+tcp_flow_stat           struct
+udp_flow_stat           struct
+tcp_deduce_flow_stat    struct
+POLICY_PRIORITY	struct
\ No newline at end of file
diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2
new file mode 100644
index 0000000..6548df4
--- /dev/null
+++ b/roles/sapp/templates/sapp.toml.j2
@@ -0,0 +1,135 @@
+###################################################################################################
+# NOTE:
+#    The format of this file is toml (https://github.com/cktan/tomlc99)
+#    to make vim editor display colorful and human readable, 
+#    you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini
+###################################################################################################
+
+[SYSTEM]
+instance_name = "sapp4"
+
+[CPU]
+worker_threads=16
+### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
+bind_mask=[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]
+#bind_mask=[]
+
+[PACKET_IO]
+### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
+BSD_packet_filter=""
+   
+### note, depolyment.mode options: [mirror, inline, transparent]
+    [packet_io.depolyment]
+    {% if nic_transparent_mode.enable %}
+    mode=transparent
+    {% else %}
+    mode=inline
+    {% endif %}
+
+### note, interface.type options: [pag,pcap,marsio]
+    [packet_io.internal.interface]
+    {% if nic_transparent_mode.enable %}
+    type={{nic_transparent_mode.mode}}
+    name={{nic_transparent_mode.internel_interface}}
+    {% else %}
+    type=marsio
+    name=vxlan_user
+    {% endif %}
+
+    [packet_io.external.interface]
+    {% if nic_transparent_mode.enable %}
+    type={{nic_transparent_mode.mode}}
+    name={{nic_transparent_mode.external_interface}}
+    {% else %}
+    type=pcap
+    name=lo
+    {% endif %}
+
+    [packet_io.polling]
+### note, polling_priority = call sapp_recv_pkt every call polling_entry times,     
+    polling_priority=1
+
+[STREAM]
+    [stream.tcp]
+    max=200000
+    timeout=30
+    syn_mandatory=1
+    reorder_pkt_max=5
+    analyse_option_enabled=1
+        [stream.tcp.inject]
+        link_mss=1460
+	  
+        [stream.tcp.inject.rst]
+        number=3
+        signature_enabled=1
+        signature_seed1=65535
+        signature_seed2=13
+	
+    [stream.udp]
+    max=10000
+    timeout=60
+
+[PROFILING]
+    [profiling.pkt_latency]
+    enabled=0
+### note, threshold unit is microseconds (us)
+    threshold=1000000
+	
+    [profiling.sanity_check]
+    raw_pkt_broken_enabled=0
+    symbol_conflict_enabled=0
+  
+    [profiling.log]
+    level=20
+    interval=5
+    
+        [profiling.log.local]
+        enabled=1
+### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending.	 
+        file_truncate_enabled = 1
+        log_file_name = "fs2_sysinfo.log"
+     
+        [profiling.log.remote]
+        enabled=1
+        server_ip={{ fs_remote.address }}
+        server_port={{ fs_remote.port }}
+
+        [profiling.log.remote.field_stat2]
+### note, is valid when "remote_send_out_type=field_stat2"	 
+### note, metric_type option value: [default, json]
+        metric_type = default
+        app_name=sapp
+     
+[TOOLS]
+    [tools.pkt_dump]
+    enabled=0
+### note, mode options value:[storage, udp_socket]
+    mode=udp_socket
+    BSD_packet_filter=""
+   
+        [tools.pkt_dump.threads]
+### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=1, then 'dump_thread_id' is obsoleted.
+###       if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index.
+        all_threads_enabled=1
+   
+### note, dump_thread_id start from 0, max is CPU.worker_threads-1
+        dump_thread_id=[0,1,2,3,4]
+   
+        [tools.pkt_dump.udp]
+        command_port=12345
+
+        [tools.pkt_dump.storage]
+### note, file path must be double quotation mark extension, for example,  path="/dev/shm/pkt_dump"
+        path="/dev/shm/pkt_dump"
+### note, file size unit: MB
+        file_size_max_per_thread=10000 
+
+### note:
+### These configurations format is complex and difficult to describe with toml grammar,
+### so, create a Independent config file to description specific information.
+[SPECIAL_CONFIG_LINK]	 
+    project_list_path="./etc/project_list.conf"
+    plugin_path="./etc/plugin.conf"
+    entrylist_path="./etc/entrylist.conf"
+    send_raw_pkt_path="./etc/send_raw_pkt.conf"
+    vxlan_sport_service_map_path="./etc/vxlan_sport_service_map.conf"