summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--install_config/group_vars/server_as_tun_mode.yml64
-rw-r--r--install_config/hosts45
-rw-r--r--roles/firewall/files/dns-2.0.9.b639626-2.el7.x86_64.rpmbin0 -> 25508 bytes
-rw-r--r--roles/firewall/files/ftp-1.0.8.13d5fda-2.el7.x86_64.rpmbin0 -> 28356 bytes
-rw-r--r--roles/firewall/files/http-2.0.5.c61ad9a-2.el7.x86_64.rpmbin0 -> 51356 bytes
-rw-r--r--roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpmbin0 -> 42796 bytes
-rw-r--r--roles/firewall/files/quic-1.1.17.8c22b4d-2.el7.x86_64.rpmbin0 -> 21408 bytes
-rw-r--r--roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpmbin0 -> 30288 bytes
-rw-r--r--roles/firewall/tasks/main.yml21
-rw-r--r--roles/framework/files/framework.conf1
-rw-r--r--roles/framework/files/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpmbin0 -> 6568 bytes
-rw-r--r--roles/framework/files/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpmbin0 -> 81564 bytes
-rw-r--r--roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpmbin0 -> 152240 bytes
-rw-r--r--roles/framework/files/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpmbin0 -> 21424 bytes
-rw-r--r--roles/framework/files/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpmbin0 -> 19808 bytes
-rw-r--r--roles/framework/files/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpmbin0 -> 85920 bytes
-rw-r--r--roles/framework/files/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpmbin0 -> 343244 bytes
-rw-r--r--roles/framework/files/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpmbin0 -> 15804 bytes
-rw-r--r--roles/framework/files/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpmbin0 -> 97620 bytes
-rw-r--r--roles/framework/files/libmaatframe-3.1.10.653727e-2.el7.x86_64.rpmbin0 -> 510864 bytes
-rw-r--r--roles/framework/files/librdkafka-0.11.4-1.el7.x86_64.rpmbin0 -> 345280 bytes
-rw-r--r--roles/framework/files/librulescan-2.2.2.e5a4457-2.el7.x86_64.rpmbin0 -> 158872 bytes
-rw-r--r--roles/framework/files/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpmbin0 -> 258240 bytes
-rw-r--r--roles/framework/files/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpmbin0 -> 24364 bytes
-rw-r--r--roles/framework/files/lz4-1.7.5-3.el7.x86_64.rpmbin0 -> 100896 bytes
-rw-r--r--roles/framework/tasks/main.yml40
-rw-r--r--roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpmbin0 -> 76956 bytes
-rw-r--r--roles/kernel-ml/files/elfutils-libelf-devel-0.168-8.el7.x86_64.rpmbin0 -> 38060 bytes
-rw-r--r--roles/kernel-ml/files/grub8
-rw-r--r--roles/kernel-ml/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpmbin0 -> 49649456 bytes
-rw-r--r--roles/kernel-ml/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpmbin0 -> 13079596 bytes
-rw-r--r--roles/kernel-ml/files/pkgconfig-0.27.1-4.el7.x86_64.rpmbin0 -> 54928 bytes
-rw-r--r--roles/kernel-ml/files/zlib-devel-1.2.7-17.el7.x86_64.rpmbin0 -> 51044 bytes
-rw-r--r--roles/kernel-ml/tasks/main.yml45
-rw-r--r--roles/mrzcpd/files/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpmbin0 -> 34242584 bytes
-rw-r--r--roles/mrzcpd/tasks/main.yml192
-rw-r--r--roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j257
-rw-r--r--roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j220
-rw-r--r--roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j260
-rw-r--r--roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j223
-rw-r--r--roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j267
-rw-r--r--roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j221
-rw-r--r--roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j268
-rw-r--r--roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j224
-rw-r--r--roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j269
-rw-r--r--roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j225
-rw-r--r--roles/mrzcpd/templates/mrapp.sapp4.conf2
-rw-r--r--roles/mrzcpd/templates/mrzcpd.j23
-rw-r--r--roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j247
-rw-r--r--roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j218
-rw-r--r--roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j227
-rw-r--r--roles/sapp/files/maat_redis_toolbin0 -> 1099912 bytes
-rw-r--r--roles/sapp/files/memory.conf3
-rw-r--r--roles/sapp/files/sapp-4.2.25.893d15d-2.el7.x86_64.rpmbin0 -> 463644 bytes
-rw-r--r--roles/sapp/files/tcpdump_mesa-1.0.2.0c5a950-2.el7.x86_64.rpmbin0 -> 360120 bytes
-rw-r--r--roles/sapp/files/tera_fake_promisc_setup.conf2
-rw-r--r--roles/sapp/files/tera_fake_promisc_setup.sh4
-rw-r--r--roles/sapp/tasks/main.yml104
-rw-r--r--roles/sapp/templates/conflist.inf.j212
-rw-r--r--roles/sapp/templates/gdev.conf.j211
-rw-r--r--roles/sapp/templates/project_list.conf.j220
-rw-r--r--roles/sapp/templates/sapp.service.j222
-rw-r--r--roles/sapp/templates/sapp.toml.j2225
-rw-r--r--roles/sapp/templates/sapp_log.conf.j214
-rw-r--r--roles/sapp/templates/sapp_tmpfile.conf.j21
-rw-r--r--roles/sapp/templates/vlan_flipping_map.conf.j211
-rw-r--r--server_deploy.yml10
67 files changed, 1386 insertions, 0 deletions
diff --git a/install_config/group_vars/server_as_tun_mode.yml b/install_config/group_vars/server_as_tun_mode.yml
new file mode 100644
index 0000000..93466ad
--- /dev/null
+++ b/install_config/group_vars/server_as_tun_mode.yml
@@ -0,0 +1,64 @@
+#########################################
+#####0: Pcap; 1: Inline_device; 5:ATCA_VXLAN;
+tsg_access_type: 0
+#####0: Tun_mode; 1: normal;
+tsg_running_type: 0
+
+
+#########################################
+#Sapp Performance Config
+#如果tsg_access_type=0,sapp跑在pcap模式,则以下配置可忽略
+sapp:
+ worker_threads: 23
+ send_only_threads_max: 1
+ bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
+ inbound_route_dir: 1
+
+#########################################
+#Sapp Double-Arm Config
+packet_io:
+ internal_interface: eth2
+ external_interface: eth3
+
+
+#########################################
+#Marsio Config
+mrzcpd:
+ iocore: 39
+
+mrtunnat:
+ lcore_id: 38
+
+
+#########################################
+#ATCA Config
+#下列配置只在tsg_access_type=4时生效
+ATCA_data_incoming:
+ ethname: enp1s0
+ vf0_name: enp1s2
+ vf1_name: enp1s2f1
+ vf2_name: enp1s2f2
+
+ATCA_VlanFlipping:
+ vlanID_1: 100
+ vlanID_2: 101
+ vlanID_3: 103
+ vlanID_4: 104
+
+#下列配置只在tsg_access_type=5时生效
+ATCA_VXLAN:
+ keepalive_ip: "10.254.19.1"
+ keepalive_mask: "255.255.255.252"
+
+#########################################
+#Inline Device Config
+inline_device_config:
+ keepalive_ip: 192.168.1.30
+ keepalive_mask: 255.255.255.252
+ data_incoming: eth5
+
+#########################################
+
+sapp_prometheus_enable: 1
+sapp_prometheus_port: 9273
+sapp_prometheus_url_path: "/metrics"
diff --git a/install_config/hosts b/install_config/hosts
new file mode 100644
index 0000000..0fe8b50
--- /dev/null
+++ b/install_config/hosts
@@ -0,0 +1,45 @@
+###################
+# For example #
+###################
+#变量device_id根据设备序号设置即可
+#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置,其他环境可不填或直接删除变量
+#
+#20.09版本新增APP部署
+#[app_global]
+#0.0.0.0
+
+#[server_as_tun_mode]
+#1.1.1.1 device_id=device_1
+#
+#[adc_mxn]
+#10.3.72.1
+#10.3.72.2
+#
+#[adc_mcn0]
+#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
+#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
+#
+#[adc_mcn1]
+#10.3.74.1 device_id=device_1
+#10.3.74.2 device_id=device_2
+#
+#[adc_mcn2]
+#10.3.75.1 device_id=device_1
+#10.3.75.2 device_id=device_2
+#
+#[adc_mcn3]
+#10.3.76.1 device_id=device_1
+#10.3.76.2 device_id=device_2
+
+#[app_global]
+#[server_as_tun_mode]
+#broken warning:
+#10.4.52.71
+[adc_mcn0]
+[adc_mcn1]
+[adc_mcn2]
+[adc_mcn3]
+[app_global]
+[server_as_tun_mode]
+
+
diff --git a/roles/firewall/files/dns-2.0.9.b639626-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.9.b639626-2.el7.x86_64.rpm
new file mode 100644
index 0000000..38b04dc
--- /dev/null
+++ b/roles/firewall/files/dns-2.0.9.b639626-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm b/roles/firewall/files/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
new file mode 100644
index 0000000..8e8a92f
--- /dev/null
+++ b/roles/firewall/files/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/http-2.0.5.c61ad9a-2.el7.x86_64.rpm b/roles/firewall/files/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
new file mode 100644
index 0000000..2b6a7cf
--- /dev/null
+++ b/roles/firewall/files/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
new file mode 100644
index 0000000..1eace4e
--- /dev/null
+++ b/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm b/roles/firewall/files/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
new file mode 100644
index 0000000..8284196
--- /dev/null
+++ b/roles/firewall/files/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
new file mode 100644
index 0000000..7d92f28
--- /dev/null
+++ b/roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..054a1c2
--- /dev/null
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: "copy firewall rpms to destination server"
+ copy:
+ src: "{{ role_path }}/files/"
+ dest: /tmp/ansible_deploy/
+
+- name: "install firewall packages"
+ yum:
+ name: "{{ fw_packages }}"
+ state: present
+ skip_broken: yes
+ vars:
+ fw_packages:
+ - /tmp/ansible_deploy/dns-2.0.9.b639626-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
+
+
diff --git a/roles/framework/files/framework.conf b/roles/framework/files/framework.conf
new file mode 100644
index 0000000..446277c
--- /dev/null
+++ b/roles/framework/files/framework.conf
@@ -0,0 +1 @@
+/opt/MESA/lib/
diff --git a/roles/framework/files/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm b/roles/framework/files/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
new file mode 100644
index 0000000..e217ac8
--- /dev/null
+++ b/roles/framework/files/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm b/roles/framework/files/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
new file mode 100644
index 0000000..badbcb5
--- /dev/null
+++ b/roles/framework/files/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm b/roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
new file mode 100644
index 0000000..dd04541
--- /dev/null
+++ b/roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm b/roles/framework/files/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
new file mode 100644
index 0000000..5a45e4e
--- /dev/null
+++ b/roles/framework/files/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm b/roles/framework/files/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
new file mode 100644
index 0000000..8ffff2b
--- /dev/null
+++ b/roles/framework/files/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm b/roles/framework/files/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
new file mode 100644
index 0000000..8681621
--- /dev/null
+++ b/roles/framework/files/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm b/roles/framework/files/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
new file mode 100644
index 0000000..448184a
--- /dev/null
+++ b/roles/framework/files/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm b/roles/framework/files/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
new file mode 100644
index 0000000..7c3ee89
--- /dev/null
+++ b/roles/framework/files/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm b/roles/framework/files/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
new file mode 100644
index 0000000..7620c25
--- /dev/null
+++ b/roles/framework/files/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libmaatframe-3.1.10.653727e-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-3.1.10.653727e-2.el7.x86_64.rpm
new file mode 100644
index 0000000..8c6b2e6
--- /dev/null
+++ b/roles/framework/files/libmaatframe-3.1.10.653727e-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/librdkafka-0.11.4-1.el7.x86_64.rpm b/roles/framework/files/librdkafka-0.11.4-1.el7.x86_64.rpm
new file mode 100644
index 0000000..dd12e43
--- /dev/null
+++ b/roles/framework/files/librdkafka-0.11.4-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/librulescan-2.2.2.e5a4457-2.el7.x86_64.rpm b/roles/framework/files/librulescan-2.2.2.e5a4457-2.el7.x86_64.rpm
new file mode 100644
index 0000000..d3d13db
--- /dev/null
+++ b/roles/framework/files/librulescan-2.2.2.e5a4457-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm b/roles/framework/files/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm
new file mode 100644
index 0000000..3ab7428
--- /dev/null
+++ b/roles/framework/files/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm b/roles/framework/files/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
new file mode 100644
index 0000000..7b5a44b
--- /dev/null
+++ b/roles/framework/files/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/files/lz4-1.7.5-3.el7.x86_64.rpm b/roles/framework/files/lz4-1.7.5-3.el7.x86_64.rpm
new file mode 100644
index 0000000..07035f1
--- /dev/null
+++ b/roles/framework/files/lz4-1.7.5-3.el7.x86_64.rpm
Binary files differ
diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml
new file mode 100644
index 0000000..2735b5d
--- /dev/null
+++ b/roles/framework/tasks/main.yml
@@ -0,0 +1,40 @@
+- name: "copy framework rpms to destination server"
+ synchronize:
+ src: "{{ role_path }}/files/"
+ dest: "/tmp/ansible_deploy/"
+
+- name: "install framework packages"
+ yum:
+ name: "{{ packages }}"
+ state: present
+ skip_broken: yes
+ vars:
+ packages:
+ - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libmaatframe-3.1.10.653727e-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
+ - /tmp/ansible_deploy/librulescan-2.2.2.e5a4457-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
+ - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
+ - /tmp/ansible_deploy/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
+
+- name: "mkdir /etc/ld.so.conf.d/"
+ file:
+ path: /etc/ld.so.conf.d/
+ state: directory
+
+- name: "copy framework.conf to destination server"
+ copy:
+ src: "{{ role_path }}/files/framework.conf"
+ dest: /etc/ld.so.conf.d/
+
+- name: "update ld"
+ command: ldconfig
diff --git a/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm b/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm
new file mode 100644
index 0000000..e5a68ba
--- /dev/null
+++ b/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm
Binary files differ
diff --git a/roles/kernel-ml/files/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm b/roles/kernel-ml/files/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm
new file mode 100644
index 0000000..b31fff6
--- /dev/null
+++ b/roles/kernel-ml/files/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm
Binary files differ
diff --git a/roles/kernel-ml/files/grub b/roles/kernel-ml/files/grub
new file mode 100644
index 0000000..0bb60ad
--- /dev/null
+++ b/roles/kernel-ml/files/grub
@@ -0,0 +1,8 @@
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
+GRUB_DEFAULT=saved
+GRUB_DISABLE_SUBMENU=true
+GRUB_TERMINAL="serial console"
+GRUB_SERIAL_COMMAND="serial --speed=115200"
+GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200 intel_iommu=on iommu=pt pci=realloc,assign-busses"
+GRUB_DISABLE_RECOVERY="true"
diff --git a/roles/kernel-ml/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm b/roles/kernel-ml/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
new file mode 100644
index 0000000..6fefdec
--- /dev/null
+++ b/roles/kernel-ml/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
Binary files differ
diff --git a/roles/kernel-ml/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm b/roles/kernel-ml/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
new file mode 100644
index 0000000..1dd97ca
--- /dev/null
+++ b/roles/kernel-ml/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
Binary files differ
diff --git a/roles/kernel-ml/files/pkgconfig-0.27.1-4.el7.x86_64.rpm b/roles/kernel-ml/files/pkgconfig-0.27.1-4.el7.x86_64.rpm
new file mode 100644
index 0000000..d37c601
--- /dev/null
+++ b/roles/kernel-ml/files/pkgconfig-0.27.1-4.el7.x86_64.rpm
Binary files differ
diff --git a/roles/kernel-ml/files/zlib-devel-1.2.7-17.el7.x86_64.rpm b/roles/kernel-ml/files/zlib-devel-1.2.7-17.el7.x86_64.rpm
new file mode 100644
index 0000000..fb29222
--- /dev/null
+++ b/roles/kernel-ml/files/zlib-devel-1.2.7-17.el7.x86_64.rpm
Binary files differ
diff --git a/roles/kernel-ml/tasks/main.yml b/roles/kernel-ml/tasks/main.yml
new file mode 100644
index 0000000..1f13b0f
--- /dev/null
+++ b/roles/kernel-ml/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: "copy framework rpms to destination server"
+ synchronize:
+ src: "{{ role_path }}/files/"
+ dest: "/tmp/ansible_deploy/"
+
+- name: "install kernels-ml"
+ yum:
+ name:
+ - /tmp/ansible_deploy/pkgconfig-0.27.1-4.el7.x86_64.rpm
+ - /tmp/ansible_deploy/zlib-devel-1.2.7-17.el7.x86_64.rpm
+ - /tmp/ansible_deploy/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm
+ - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
+ - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
+ - /tmp/ansible_deploy/dkms-2.7.1-1.el7.noarch.rpm
+ state: present
+ register: t_kernel_ml
+
+- name: "set kernel-ml as default kernel"
+ command: /usr/sbin/grub2-set-default 0
+ when: t_kernel_ml.changed
+
+- name: "copy /etc/default/grub"
+ copy:
+ src: "{{ role_path }}/files/grub"
+ dest: "/etc/default"
+ when:
+ - tsg_access_type == 4
+ - t_kernel_ml.changed
+
+- name: "BIOS:grub2-mkconfig"
+ shell: grub2-mkconfig -o /boot/grub2/grub.cfg
+ when:
+ - tsg_access_type == 4
+ - t_kernel_ml.changed
+
+- name: "UEFI:grub2-mkconfig"
+ shell: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
+ when:
+ - tsg_access_type == 4
+ - t_kernel_ml.changed
+
+- name: "reboot"
+ reboot:
+ when: t_kernel_ml.changed
diff --git a/roles/mrzcpd/files/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm
new file mode 100644
index 0000000..9d2dd37
--- /dev/null
+++ b/roles/mrzcpd/files/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm
Binary files differ
diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml
new file mode 100644
index 0000000..0b3f708
--- /dev/null
+++ b/roles/mrzcpd/tasks/main.yml
@@ -0,0 +1,192 @@
+---
+- name: "copy mrzcpd to destination server"
+ synchronize:
+ src: "{{ role_path }}/files/"
+ dest: "/tmp/ansible_deploy/"
+
+- name: "install mrzcpd"
+ yum:
+ name: /tmp/ansible_deploy/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm
+ state: present
+
+- name: "update sysconfig/mrzcpd"
+ template:
+ src: "{{ role_path }}/templates/mrzcpd.j2"
+ dest: /etc/sysconfig/mrzcpd
+
+- name: "update mrglobal.conf - traffic_mirror"
+ template:
+ src: "{{ role_path }}/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2"
+ dest: /opt/mrzcpd/etc/mrglobal.conf
+ when: nic_traffic_mirror is defined
+
+
+- name: "copy mrapp.sapp4.conf to destination server"
+ template:
+ src: "{{ role_path }}/templates/mrapp.sapp4.conf "
+ dest: /opt/mrzcpd/etc/mrapp.sapp4.conf
+ when:
+ - tsg_access_type == 4
+
+- name: "update mrglobal.conf.adc_inline"
+ template:
+ src: "{{ role_path }}/templates/adc_inline/mrglobal.conf.adc_inline.j2"
+ dest: /opt/mrzcpd/etc/mrglobal.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 1
+ - tsg_running_type == 2
+
+- name: "update mrglobal.conf.server_inline"
+ template:
+ src: "{{ role_path }}/templates/server_inline/mrglobal.conf.server_inline.j2"
+ dest: /opt/mrzcpd/etc/mrglobal.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 1
+ - tsg_running_type != 2
+
+- name: "update mrglobal.conf.allot - mcn0"
+ template:
+ src: "{{ role_path }}/templates/allot_access/mrglobal.conf.allot_access.j2"
+ dest: /opt/mrzcpd/etc/mrglobal.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 2
+
+- name: "update mrglobal.conf.adc_tun_mode - mcn0"
+ template:
+ src: "{{ role_path }}/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2"
+ dest: /opt/mrzcpd/etc/mrglobal.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 3
+
+
+- name: "update mrglobal.conf.ATCA_Vlan_Flipping"
+ template:
+ src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2"
+ dest: /opt/mrzcpd/etc/mrglobal.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 4
+
+- name: "update mrglobal.conf.ATCA_VXLAN"
+ template:
+ src: "{{ role_path }}/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2"
+ dest: /opt/mrzcpd/etc/mrglobal.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 5
+
+- name: "update mrtunnat.conf.adc_inline"
+ template:
+ src: "{{ role_path }}/templates/adc_inline/mrtunnat.conf.adc_inline.j2"
+ dest: /opt/mrzcpd/etc/mrtunnat.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 1
+ - tsg_running_type == 2
+
+- name: "update mrtunnat.conf.server_inline"
+ template:
+ src: "{{ role_path }}/templates/server_inline/mrtunnat.conf.server_inline.j2"
+ dest: /opt/mrzcpd/etc/mrtunnat.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 1
+ - tsg_running_type != 2
+
+- name: "update mrtunnat.conf.allot_access - mcn0"
+ template:
+ src: "{{ role_path }}/templates/allot_access/mrtunnat.conf.allot_access.j2"
+ dest: /opt/mrzcpd/etc/mrtunnat.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 2
+
+- name: "update mrtunnat.conf.adc_tun_mode - mcn0"
+ template:
+ src: "{{ role_path }}/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2"
+ dest: /opt/mrzcpd/etc/mrtunnat.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 3
+
+- name: "update mrtunnat.conf.ATCA_Vlan_Flipping"
+ template:
+ src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2"
+ dest: /opt/mrzcpd/etc/mrtunnat.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 4
+
+- name: "update mrtunnat.conf.ATCA_VXLAN"
+ template:
+ src: "{{ role_path }}/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2"
+ dest: /opt/mrzcpd/etc/mrtunnat.conf
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type == 5
+
+- name: "enable mrenv"
+ systemd:
+ name: mrenv
+ enabled: yes
+ daemon_reload: yes
+ when:
+ - tsg_access_type != 0
+
+- name: "enable mrzcpd"
+ systemd:
+ name: mrzcpd
+ enabled: yes
+ daemon_reload: yes
+ when:
+ - tsg_access_type != 0
+
+- name: "enable prometheus output - monit_device"
+ systemd:
+ name: mrapm_device
+ enabled: yes
+ daemon_reload: yes
+
+- name: "enable prometheus output - monit_stream"
+ systemd:
+ name: mrapm_stream
+ enabled: yes
+ daemon_reload: yes
+
+- name: "enable mrtunnat on master"
+ systemd:
+ name: mrtunnat
+ enabled: no
+ daemon_reload: yes
+ when:
+ - nic_traffic_mirror is not defined
+ - tsg_access_type != 0
+
+- name: "disable mrtunnat on slave"
+ systemd:
+ name: mrtunnat
+ enabled: no
+ daemon_reload: yes
+ when: nic_traffic_mirror is defined
+
+- name: "mask mrzcpd on server_tun_mode"
+ systemd:
+ name: mrzcpd
+ enabled: no
+ masked: yes
+ daemon_reload: yes
+ when:
+ - tsg_access_type == 0
+
+- name: "mask mrtunnat on server_tun_mode"
+ systemd:
+ name: mrtunnat
+ enabled: no
+ masked: yes
+ daemon_reload: yes
+ when:
+ - tsg_access_type == 0
diff --git a/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2 b/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2
new file mode 100644
index 0000000..f012661
--- /dev/null
+++ b/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2
@@ -0,0 +1,57 @@
+[device]
+device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=32
+
+[device:{{ATCA_data_incoming.vf0_name}}]
+mtu=4096
+clear_tx_flags=1
+hw_strip_crc=1
+in_addr={{ ATCA_VXLAN.keepalive_ip }}
+in_mask={{ ATCA_VXLAN.keepalive_mask }}
+#rssmode=3
+
+[device:{{ ATCA_data_incoming.vf1_name }}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow=4095
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+sz_tunnel=8192
+sz_buffer=0
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=1
+hashmode=0
+idle_threshold=10000
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=6
+forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
+forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
+forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
diff --git a/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2 b/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2
new file mode 100644
index 0000000..ac710dd
--- /dev/null
+++ b/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2
@@ -0,0 +1,20 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{ATCA_data_incoming.vf0_name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_link_info_table=1
+use_tuple4_as_sskey=0
+ctrlzone_addr_info_type=2
+idle_threshold=10000
+
+[vlan_flipping]
+enable=0
+c_router_vlan_id_0=1000
+i_router_vlan_id_0=1001
+en_mac_flipping_0=0
diff --git a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2 b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2
new file mode 100644
index 0000000..01e6543
--- /dev/null
+++ b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2
@@ -0,0 +1,60 @@
+[device]
+device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=32
+
+[device:{{ATCA_data_incoming.vf0_name}}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow={{ ATCA_VlanFlipping.vlanID_1 }},{{ ATCA_VlanFlipping.vlanID_2 }},{{ ATCA_VlanFlipping.vlanID_3 }},{{ ATCA_VlanFlipping.vlanID_4 }}
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+#rssmode=3
+
+[device:{{ ATCA_data_incoming.vf1_name }}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow=4095
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+sz_tunnel=8192
+sz_buffer=0
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=1
+hashmode=0
+idle_threshold=10000
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=6
+forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
+forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
+forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
diff --git a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2 b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2
new file mode 100644
index 0000000..95f1734
--- /dev/null
+++ b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2
@@ -0,0 +1,23 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{ATCA_data_incoming.vf0_name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_link_info_table=1
+use_tuple4_as_sskey=0
+ctrlzone_addr_info_type=2
+idle_threshold=10000
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_1 }}
+i_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_2 }}
+en_mac_flipping_0=0
+c_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_3 }}
+i_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_4 }}
+en_mac_flipping_1=0
diff --git a/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2 b/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2
new file mode 100644
index 0000000..a80a483
--- /dev/null
+++ b/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2
@@ -0,0 +1,67 @@
+[device]
+device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_data_incoming.name}}]
+in_addr={{inline_device_config.keepalive_ip}}
+in_mask={{inline_device_config.keepalive_mask}}
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+vlan-filter=1
+vlan-id-allow=1000,1001,4000,4001
+
+[device:{{nic_to_tfe.tfe0.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe1.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe2.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mcn0_mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
+forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
diff --git a/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2 b/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2
new file mode 100644
index 0000000..6c8f5be
--- /dev/null
+++ b/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2
@@ -0,0 +1,21 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{nic_data_incoming.name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0=1000
+i_router_vlan_id_0=1001
+en_mac_flipping_0=0
+c_router_vlan_id_1=4000
+i_router_vlan_id_1=4001
+en_mac_flipping_1=0
diff --git a/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2
new file mode 100644
index 0000000..032a1c4
--- /dev/null
+++ b/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2
@@ -0,0 +1,68 @@
+[device]
+device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_data_incoming.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+vlan-filter=1
+vlan-id-allow=1000,1001,2000,2001,4000,4001
+vlan-pvid=0
+vlan-pvid-mode=2
+promisc=1
+
+[device:{{nic_to_tfe.tfe0.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe1.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe2.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
+forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
diff --git a/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2
new file mode 100644
index 0000000..19971c6
--- /dev/null
+++ b/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2
@@ -0,0 +1,24 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{nic_data_incoming.name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0=1000
+i_router_vlan_id_0=1001
+en_mac_flipping_0=0
+c_router_vlan_id_1=2000
+i_router_vlan_id_1=2001
+en_mac_flipping_1=0
+c_router_vlan_id_2=4000
+i_router_vlan_id_2=4001
+en_mac_flipping_2=0
diff --git a/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2 b/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2
new file mode 100644
index 0000000..245aecc
--- /dev/null
+++ b/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2
@@ -0,0 +1,69 @@
+[device]
+device=ens1f4,ens1f5,ens1f6,ens1f7,vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:ens1f4]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+vlan-filter=1
+vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},{{ AllotAccess.virturlID_3 }},{{ AllotAccess.virturlID_4 }},4000,4001
+vlan-pvid=0
+vlan-pvid-mode=2
+promisc=1
+
+[device:ens1f5]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:ens1f6]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:ens1f7]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mcn0_mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,ens1f4,ens1f4
+forward_rule_1=vp,ens1f4,ens1f4
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,ens1f5,ens1f5
+forward_rule_5=vp,ens1f5,ens1f5
+forward_rule_6=pv,ens1f6,ens1f6
+forward_rule_7=vp,ens1f6,ens1f6
+forward_rule_8=pv,ens1f7,ens1f7
+forward_rule_9=vp,ens1f7,ens1f7
+
diff --git a/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2 b/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2
new file mode 100644
index 0000000..a0841d6
--- /dev/null
+++ b/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2
@@ -0,0 +1,25 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev=ens1f4
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0={{ AllotAccess.virturlID_1 }}
+i_router_vlan_id_0={{ AllotAccess.virturlID_2 }}
+en_mac_flipping_0=1
+c_router_vlan_id_1={{ AllotAccess.virturlID_3 }}
+i_router_vlan_id_1={{ AllotAccess.virturlID_4 }}
+en_mac_flipping_1=1
+c_router_vlan_id_2=4000
+i_router_vlan_id_2=4001
+en_mac_flipping_2=0
+
diff --git a/roles/mrzcpd/templates/mrapp.sapp4.conf b/roles/mrzcpd/templates/mrapp.sapp4.conf
new file mode 100644
index 0000000..6f6c944
--- /dev/null
+++ b/roles/mrzcpd/templates/mrapp.sapp4.conf
@@ -0,0 +1,2 @@
+[bpfdump:vxlan_user]
+enable=1
diff --git a/roles/mrzcpd/templates/mrzcpd.j2 b/roles/mrzcpd/templates/mrzcpd.j2
new file mode 100644
index 0000000..192a400
--- /dev/null
+++ b/roles/mrzcpd/templates/mrzcpd.j2
@@ -0,0 +1,3 @@
+MRZCPD_ROOT=/opt/mrzcpd
+HUGEPAGE_NUM_2M=16384
+DEFAULT_UIO_MODULE="igb_uio" \ No newline at end of file
diff --git a/roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2 b/roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2
new file mode 100644
index 0000000..b5cef2d
--- /dev/null
+++ b/roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2
@@ -0,0 +1,47 @@
+[device]
+device={{inline_device_config.data_incoming}},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{inline_device_config.data_incoming}}]
+in_addr={{inline_device_config.keepalive_ip}}
+in_mask={{inline_device_config.keepalive_mask}}
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+
+#[device:]
+#jumbo_frame=1
+#max_rx_pkt_len=15360
+#clear_tx_flags=1
+#promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=4
+forward_rule_0=pv,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}}
+forward_rule_1=vp,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
diff --git a/roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2 b/roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2
new file mode 100644
index 0000000..7f09bae
--- /dev/null
+++ b/roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2
@@ -0,0 +1,18 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{inline_device_config.data_incoming}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=0
+c_router_vlan_id_0=1000
+i_router_vlan_id_0=1001
+en_mac_flipping_0=0
diff --git a/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2 b/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2
new file mode 100644
index 0000000..00e70ab
--- /dev/null
+++ b/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2
@@ -0,0 +1,27 @@
+[device]
+device={{nic_traffic_mirror.name}}
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_traffic_mirror.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+iocore={{ mcn123_mrzcpd.iocore }}
+
+[eal]
+virtaddr=0x7d0000000000
+loglevel=7
+
+[keepalive]
+check_spinlock=1
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
diff --git a/roles/sapp/files/maat_redis_tool b/roles/sapp/files/maat_redis_tool
new file mode 100644
index 0000000..9e797bb
--- /dev/null
+++ b/roles/sapp/files/maat_redis_tool
Binary files differ
diff --git a/roles/sapp/files/memory.conf b/roles/sapp/files/memory.conf
new file mode 100644
index 0000000..c0255fc
--- /dev/null
+++ b/roles/sapp/files/memory.conf
@@ -0,0 +1,3 @@
+[Service]
+MemoryLimit=80G
+ExecStartPost=/bin/bash -c "echo 80G > /sys/fs/cgroup/memory/system.slice/sapp.service/memory.memsw.limit_in_bytes"
diff --git a/roles/sapp/files/sapp-4.2.25.893d15d-2.el7.x86_64.rpm b/roles/sapp/files/sapp-4.2.25.893d15d-2.el7.x86_64.rpm
new file mode 100644
index 0000000..ca045ab
--- /dev/null
+++ b/roles/sapp/files/sapp-4.2.25.893d15d-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/sapp/files/tcpdump_mesa-1.0.2.0c5a950-2.el7.x86_64.rpm b/roles/sapp/files/tcpdump_mesa-1.0.2.0c5a950-2.el7.x86_64.rpm
new file mode 100644
index 0000000..c5cb8cf
--- /dev/null
+++ b/roles/sapp/files/tcpdump_mesa-1.0.2.0c5a950-2.el7.x86_64.rpm
Binary files differ
diff --git a/roles/sapp/files/tera_fake_promisc_setup.conf b/roles/sapp/files/tera_fake_promisc_setup.conf
new file mode 100644
index 0000000..f505012
--- /dev/null
+++ b/roles/sapp/files/tera_fake_promisc_setup.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPre=/bin/bash tera_fake_promisc_setup.sh
diff --git a/roles/sapp/files/tera_fake_promisc_setup.sh b/roles/sapp/files/tera_fake_promisc_setup.sh
new file mode 100644
index 0000000..4e8665a
--- /dev/null
+++ b/roles/sapp/files/tera_fake_promisc_setup.sh
@@ -0,0 +1,4 @@
+set -ex
+dp_adapter_ether_addr=$(ifconfig ens1f2 | grep ether | awk '{print $2}')
+bpf_rule="ether dst $dp_adapter_ether_addr or ether dst 02:42:c0:a8:fd:03 or ether dst 02:42:c0:a8:fd:83 or ether dst 02:42:c0:a8:fd:82"
+sed -i "/BSD_packet_filter=/s/=.*/=\"$bpf_rule\"/" etc/sapp.toml
diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml
new file mode 100644
index 0000000..3b7dd38
--- /dev/null
+++ b/roles/sapp/tasks/main.yml
@@ -0,0 +1,104 @@
+---
+- name: "copy sapp to destination server"
+ copy:
+ src: "{{ role_path }}/files/"
+ dest: /tmp/ansible_deploy/
+
+- name: "copy maat_redis_tool to destination server"
+ copy:
+ src: "{{ role_path }}/files/maat_redis_tool"
+ dest: /usr/local/bin
+ mode: 0755
+
+- name: "install sapp rpms from localhost"
+ yum:
+ name:
+ - /tmp/ansible_deploy/sapp-4.2.25.893d15d-2.el7.x86_64.rpm
+ state: present
+
+- name: "install tcpdump_mesa rpms from localhost"
+ yum:
+ name:
+ - /tmp/ansible_deploy/tcpdump_mesa-1.0.2.0c5a950-2.el7.x86_64.rpm
+ state: present
+ skip_broken: yes
+
+- name: "mkdir tsgconf"
+ file:
+ path: /home/mesasoft/sapp_run/tsgconf
+ state: directory
+
+- name: Template the sapp.toml
+ template:
+ src: "{{ role_path }}/templates/sapp.toml.j2"
+ dest: /home/mesasoft/sapp_run/etc/sapp.toml
+ tags: template
+
+- name: Template the project_list.conf
+ template:
+ src: "{{ role_path }}/templates/project_list.conf.j2"
+ dest: /home/mesasoft/sapp_run/etc/project_list.conf
+ tags: template
+
+- name: Template the conflist.inf
+ template:
+ src: "{{ role_path }}/templates/conflist.inf.j2"
+ dest: /home/mesasoft/sapp_run/plug/conflist.inf
+ tags: template
+
+- name: Template the sapp_log.conf
+ template:
+ src: "{{ role_path }}/templates/sapp_log.conf.j2"
+ dest: /home/mesasoft/sapp_run/etc/sapp_log.conf
+ tags: template
+
+- name: Template the sapp_tmpfile.conf
+ template:
+ src: "{{ role_path }}/templates/sapp_tmpfile.conf.j2"
+ dest: /etc/tmpfiles.d/sapp_tmpfile.conf
+ tags: template
+
+- name: Template the gdev.conf
+ template:
+ src: "{{ role_path }}/templates/gdev.conf.j2"
+ dest: /home/mesasoft/sapp_run/etc/gdev.conf
+ when: tsg_access_type == 1
+
+- name: Template the vlan_flipping_map.conf
+ template:
+ src: "{{ role_path }}/templates/vlan_flipping_map.conf.j2"
+ dest: /home/mesasoft/sapp_run/etc/vlan_flipping_map.conf
+ when: tsg_access_type == 2
+
+
+- name: "Template sapp.service destination server"
+ template:
+ src: "{{ role_path }}/templates/sapp.service.j2"
+ dest: /usr/lib/systemd/system/sapp.service
+ mode: 0755
+
+- name: "copy memory limit file to sapp.service.d"
+ copy:
+ src: "{{ role_path }}/files/memory.conf"
+ dest: /etc/systemd/system/sapp.service.d/
+ mode: 0644
+
+- name: "copy fake promisc tools for tera mode - service file"
+ copy:
+ src: "{{ role_path }}/files/tera_fake_promisc_setup.conf"
+ dest: /etc/systemd/system/sapp.service.d/
+ mode: 0644
+ when: tsg_access_type == 2
+
+- name: "copy fake promisc tools for tera mode - scripts"
+ copy:
+ src: "{{ role_path }}/files/tera_fake_promisc_setup.sh"
+ dest: /home/mesasoft/sapp_run/tera_fake_promisc_setup.sh
+ mode: 0755
+ when: tsg_access_type == 2
+
+- name: "enable sapp"
+ systemd:
+ name: sapp
+ enabled: yes
+ daemon_reload: yes
diff --git a/roles/sapp/templates/conflist.inf.j2 b/roles/sapp/templates/conflist.inf.j2
new file mode 100644
index 0000000..dd5f99c
--- /dev/null
+++ b/roles/sapp/templates/conflist.inf.j2
@@ -0,0 +1,12 @@
+[platform]
+
+[protocol]
+./plug/protocol/ssl/ssl.inf
+./plug/protocol/http/http.inf
+./plug/protocol/dns/dns.inf
+./plug/protocol/mail/mail.inf
+./plug/protocol/ftp/ftp.inf
+./plug/protocol/quic/quic.inf
+./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf
+
+[business]
diff --git a/roles/sapp/templates/gdev.conf.j2 b/roles/sapp/templates/gdev.conf.j2
new file mode 100644
index 0000000..0ce756a
--- /dev/null
+++ b/roles/sapp/templates/gdev.conf.j2
@@ -0,0 +1,11 @@
+[Module]
+{% if tsg_running_type == 2 %}
+pcapdevice={{ nic_data_incoming.name }}
+sendto_gdev_card={{ nic_data_incoming.name }}
+sendto_gdev_ip={{ inline_device_config.keepalive_ip }}
+{% else %}
+pcapdevice={{ inline_device_config.data_incoming }}
+sendto_gdev_card={{ inline_device_config.data_incoming }}
+sendto_gdev_ip={{ inline_device_config.keepalive_ip }}
+{% endif %}
+gdev_status_switch=1
diff --git a/roles/sapp/templates/project_list.conf.j2 b/roles/sapp/templates/project_list.conf.j2
new file mode 100644
index 0000000..ce5e9a3
--- /dev/null
+++ b/roles/sapp/templates/project_list.conf.j2
@@ -0,0 +1,20 @@
+tcp_flow_stat struct
+udp_flow_stat struct
+tcp_deduce_flow_stat struct
+POLICY_PRIORITY struct
+ESTABLISH_LATENCY long
+MAIL_IDENTIFY int
+TSG_MASTER_INTERNAL_LABEL struct
+APP_ID_LABEL struct
+BASIC_PROTO_LABEL struct
+USER_DEFINED_ATTRIBUTE struct
+SKETCH_TRANS_LAYER_CTX_LABEL struct
+SKETCH_PROTO_CTX_LABEL struct
+common_link_info_c2s struct
+common_link_info_s2c struct
+common_link_info struct
+JA3_FINGERPRINT_LABEL struct
+DKPT_PRO_V2 struct
+DPKT_PROJECT_V2 struct
+PPROJECT_PRO_V2 struct
+DPKT_BHSTAT_PROJECT struct
diff --git a/roles/sapp/templates/sapp.service.j2 b/roles/sapp/templates/sapp.service.j2
new file mode 100644
index 0000000..fc91415
--- /dev/null
+++ b/roles/sapp/templates/sapp.service.j2
@@ -0,0 +1,22 @@
+[Unit]
+Description=sapp service
+{% if tsg_running_type != 0 %}
+Requires=mrzcpd.service
+After=mrzcpd.service
+{% endif %}
+[Service]
+Type=notify
+WorkingDirectory=/home/mesasoft/sapp_run
+ExecStart=/home/mesasoft/sapp_run/sapp
+TimeoutSec=900s
+RestartSec=10s
+Restart=always
+LimitNOFILE=524288
+LimitNPROC=infinity
+LimitCORE=0
+TasksMax=infinity
+Delegate=yes
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2
new file mode 100644
index 0000000..2fc5896
--- /dev/null
+++ b/roles/sapp/templates/sapp.toml.j2
@@ -0,0 +1,225 @@
+###################################################################################################
+# NOTE:
+# The format of this file is toml (https://github.com/cktan/tomlc99)
+# to make vim editor display colorful and human readable,
+# you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini
+###################################################################################################
+
+[SYSTEM]
+instance_name = "sapp4"
+
+[CPU]
+{% if tsg_access_type == 0 %}
+worker_threads=1
+{% else %}
+worker_threads={{ sapp.worker_threads }}
+{% endif %}
+send_only_threads_max={{ sapp.send_only_threads_max }}
+### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
+{% if tsg_access_type == 0 %}
+bind_mask=[]
+{% else %}
+bind_mask=[{{ sapp.bind_mask }}]
+{% endif %}
+
+[MEM]
+dictator_enable=0
+
+[PACKET_IO]
+
+ [overlay_tunnel_definition]
+### note, since 2020-10-01, L2-L3 tunnel(VLAN,MPLS,PPPOE,etc.) is process and offload by mrtunnat,
+### after 2020-10-01, sapp support L2-L3 tunnel(VLAN,MPLS,PPPOE,etc.) without mrtunnat.
+ l2_l3_tunnel_support=1
+
+### note, optional value is [none, vxlan]
+ overlay_mode=none
+ stream_compare_layer_cfg_file="etc/stream_compare_layer.conf"
+ vlan_flipping_cfg_file="etc/vlan_flipping_map.conf"
+ asymmetric_presence_layer_cfg_file="etc/asymmetric_presence_layer.conf"
+ asymmetric_addr_layer_cfg_file="etc/asymmetric_addr_layer.conf"
+ prune_inject_layer_cfg_file="etc/prune_inject_layer.conf"
+
+ [packet_io.feature]
+
+ {% if tsg_access_type == 4 %}
+ ### note, used to represent inbound or outbound direction value,
+ ### because it comes from Third party device, so it needs to be specified manually,
+ ### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
+ ### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
+ inbound_route_dir={{ sapp.inbound_route_dir }}
+ {% endif %}
+
+### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
+ BSD_packet_filter=""
+
+### note, same as tcpdump -Q/-P arg, possible values are `in', `out' and `inout', default is "in"
+ pcap_capture_direction="in"
+
+
+### note, depolyment.mode options: [sys_route, vxlan_by_inline_device, raw_ethernet_single_gateway, raw_ethernet_multi_gateway]
+### sys_route: send ip(ipv6) packet by system route table, this is default mode in mirror mode;
+### vxlan_by_inline_device: encapsulation inject packet with vxlan, and then send to inline device by udp socket.
+### raw_ethernet_single_gateway: send layer2 ethernet packet to specific gateway in same broadcast domain.
+### raw_ethernet_multi_gateway: send layer2 ethernet packet to multiple gateway in same broadcast domain.
+ inject_pkt_mode=sys_route
+
+### note, this config is valid if inject_pkt_mode==vxlan_by_inline_device, means udp socket src port.
+ inject_mode_inline_device_sport=54789
+
+### note, this config is valid if inject_pkt_mode==raw_ethernet_single_gateway.
+ inject_mode_single_gateway_device="eth1"
+### inject_mode_single_gateway_src_mac has lower priority than get smac from inject_mode_single_gateway_device
+ inject_mode_single_gateway_src_mac="00:11:22:77:88:99"
+ inject_mode_single_gateway_dst_mac="00:11:22:33:44:55"
+ dumpfile_sleep_time_before_exit=3
+
+### note, depolyment.mode options: [mirror, inline, transparent]
+ [packet_io.depolyment]
+ {% if tsg_access_type == 0 %}
+ mode=transparent
+ {% else %}
+ mode=inline
+ {% endif %}
+
+### note, interface.type options: [pag,pcap,marsio]
+ [packet_io.internal.interface]
+ {% if tsg_access_type == 0 %}
+ type=pcap
+ name={{packet_io.internal_interface}}
+ {% else %}
+ type=marsio
+ name={{nic_data_incoming.name}}
+ {% endif %}
+
+ [packet_io.external.interface]
+ {% if tsg_access_type == 0 %}
+ type=pcap
+ name={{packet_io.external_interface}}
+ {% else %}
+ type=pcap
+ name=lo
+ {% endif %}
+
+ [packet_io.polling]
+### note, polling_priority = call sapp_recv_pkt every call polling_entry times,
+ polling_priority=1
+
+[PROTOCOL_FEATURE]
+ ipv6_decapsulation_enabled=1
+ ipv6_send_packet_enabled=1
+ tcp_drop_pure_ack_pkt=0
+ tcp_syn_option_parse_enabled=1
+ skip_not_ip_layer_over_eth=0
+ treat_vlan_as_mac_in_mac=0
+ reverse_ethernet_addr=1
+
+
+[STREAM]
+### note, stream_id_base_time format is "%Y-%m-%d %H:%M:%S"
+ stream_id_base_time="2018-08-08 08:00:00"
+ [stream.tcp]
+ max=100000
+ timeout=30
+ syn_mandatory=1
+ reorder_pkt_max=128
+ analyse_option_enabled=1
+ tuple4_reuse_time_interval=30
+
+ meaningful_statistics_minimum_pkt=3
+ meaningful_statistics_minimum_byte=5
+
+ [stream.tcp.inject]
+ link_mss=1460
+
+ [stream.tcp.inject.rst]
+ auto_remedy=0
+ number=3
+ signature_enabled=1
+ signature_seed1=65535
+ signature_seed2=13
+ remedy_kill_tcp_by_inline_device=0
+
+ [stream.udp]
+ max=100000
+ timeout=60
+ meaningful_statistics_minimum_pkt=3
+ meaningful_statistics_minimum_byte=5
+
+
+[PROFILING]
+ [profiling.pkt_latency]
+ enabled=0
+### note, threshold unit is microseconds (us)
+ threshold=1000000
+
+ [profiling.sanity_check]
+ raw_pkt_broken_enabled=0
+ symbol_conflict_enabled=0
+
+ [profiling.log]
+ level=10
+ interval=5
+
+ [profiling.log.local]
+ enabled=1
+### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending.
+ file_truncate_enabled = 1
+ log_file_name = "fs2_sysinfo.log"
+ log_conf_name = "etc/sapp_log.conf"
+ [profiling.log.remote]
+ enabled=1
+ server_ip=127.0.0.1
+ server_port=8100
+
+ [profiling.log.remote.field_stat2]
+### note, is valid when "remote_send_out_type=field_stat2"
+### note, metric_type option value: [default, json]
+ metric_type = default
+ app_name=sapp
+
+ [profiling.log.prometheus]
+ prometheus_enabled={{ sapp_prometheus_enable }}
+ prometheus_port={{ sapp_prometheus_port }}
+ prometheus_url_path="{{ sapp_prometheus_url_path }}"
+
+[TOOLS]
+ [tools.pkt_dump]
+ enabled=1
+### note, mode options value:[storage, udp_socket]
+ mode=udp_socket
+ BSD_packet_filter=""
+
+ [tools.pkt_dump.threads]
+### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=1, then 'dump_thread_id' is obsoleted.
+### if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index.
+ all_threads_enabled=1
+
+### note, dump_thread_id start from 0, max is CPU.worker_threads-1
+ dump_thread_id=[0,1,2,3,4]
+
+ [tools.pkt_dump.udp]
+ command_port=9345
+
+ [tools.pkt_dump.storage]
+### note, file path must be double quotation mark extension, for example, path="/dev/shm/pkt_dump"
+ path="/dev/shm/pkt_dump"
+### note, file size unit: MB
+ file_size_max_per_thread=10000
+
+### note:
+### These configurations format is complex and difficult to describe with toml grammar,
+### so, create a Independent config file to description specific information.
+[SPECIAL_CONFIG_LINK]
+ project_list_path="./etc/project_list.conf"
+ plugin_path="./etc/plugin.conf"
+ entrylist_path="./etc/entrylist.conf"
+ send_raw_pkt_path="./etc/send_raw_pkt.conf"
+ vxlan_sport_service_map_path="./etc/vxlan_sport_service_map.conf"
+
+[breakpad]
+ disable_coredump=1
+ enable_breakpad=1
+ breakpad_minidump_dir="/tmp/crashreport"
+ enable_breakpad_upload=1
+ breakpad_upload_url="{{ breakpad_upload_url }}"
diff --git a/roles/sapp/templates/sapp_log.conf.j2 b/roles/sapp/templates/sapp_log.conf.j2
new file mode 100644
index 0000000..8ec2230
--- /dev/null
+++ b/roles/sapp/templates/sapp_log.conf.j2
@@ -0,0 +1,14 @@
+[global]
+default format = "%d(%c), %V, %U, %m%n"
+[levels]
+DEBUG=10
+INFO=20
+FATAL=30
+[formats]
+other = "%d(%c), %V, %F, %U, %m%n"
+plugin = "%d(%c), %m%n"
+[rules]
+__log_runtimelog.info "./log/runtimelog.%d(%F)"
+__log_runtimelog_plugin.fatal >stdout; plugin
+__log_runtimelog_plugin.info "./log/plugin.log"; plugin
+!.fatal "./log/%c.%d(%F)"; other
diff --git a/roles/sapp/templates/sapp_tmpfile.conf.j2 b/roles/sapp/templates/sapp_tmpfile.conf.j2
new file mode 100644
index 0000000..485725b
--- /dev/null
+++ b/roles/sapp/templates/sapp_tmpfile.conf.j2
@@ -0,0 +1 @@
+d /home/mesasoft/sapp_run/log 0755 - - 2d -
diff --git a/roles/sapp/templates/vlan_flipping_map.conf.j2 b/roles/sapp/templates/vlan_flipping_map.conf.j2
new file mode 100644
index 0000000..599e8f8
--- /dev/null
+++ b/roles/sapp/templates/vlan_flipping_map.conf.j2
@@ -0,0 +1,11 @@
+#for inline a device vlan flipping
+#数据包来自C路由器端, 即C2I(I2E)方向,
+#数据包来自I路由器端, 即I2C(E2I)方向,
+#平台会根据vlan_id,设置当前包route_dir的值, 以便上层业务插件做两个方向的流量统计,
+#如果一对vlan_id写反了, 网络是通的, 但是I2E,E2I的流量统计就颠倒了.
+#配置文件格式, pattern:
+#来自C路由器vlan_id 来自I路由器vlan_id 是否开启mac地址翻转
+#C_router_vlan_id I_router_vlan_id mac_flipping_enable
+1301 1302 1
+1201 1202 1
+4000 4001 0
diff --git a/server_deploy.yml b/server_deploy.yml
new file mode 100644
index 0000000..548630b
--- /dev/null
+++ b/server_deploy.yml
@@ -0,0 +1,10 @@
+- hosts: server_as_tun_mode
+ remote_user: root
+ vars_files:
+ - install_config/group_vars/server_as_tun_mode.yml
+ roles:
+ - {role: framework, tags: framework}
+ - {role: kernel-ml, tags: kernel-ml}
+ - {role: mrzcpd, tags: mrzcpd}
+ - {role: sapp, tags: sapp}
+ - {role: firewall, tags: firewall}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 11:47:30 +0000