23 files changed, 83 insertions, 71 deletions

diff --git a/.DS_Store b/.DS_Store
deleted file mode 100644
index f27c20a..0000000
--- a/.DS_Store
+++ /dev/null
diff --git a/install_config/group_vars/all.yml b/install_config/group_vars/all.yml
index 295a37d..442e8be 100644
--- a/install_config/group_vars/all.yml
+++ b/install_config/group_vars/all.yml
@@ -1,9 +1,9 @@
 #########################################
 #####0: Pcap; 1: Inline_device;  2: Allot;  3: ADC_Tun_mode;  4: ATCA;
-tsg_access_type: 0
+tsg_access_type: 4
 
-#####0: Tun_mode;  1: ADC;
-tsg_running_type: 0 
+#####0: Tun_mode;  1: normal; 2: ADC;
+tsg_running_type: 1 
 
 ########################################
 maat_redis_server:
@@ -21,7 +21,7 @@ cert_store_server:
   port: 9991
 
 log_kafkabrokers:
-  address: "192.168.40.169:9092"
+  address: "1.1.1.1:9092,2.2.2.2:9092"
 
 log_minio:
   address: "192.168.40.168;"
@@ -35,7 +35,9 @@ fs_remote:
 ########################################
 sapp:
   worker_threads: 16
+  send_only_threads_max: 8
   bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+  inbound_route_dir: 1
 
 ########################################
 kni:
@@ -49,12 +51,9 @@ kni:
   send_logger:
     switch: 1
   tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
 
 ########################################
 tfe:
@@ -72,7 +71,7 @@ mrtunnat:
   lcore_id: 38
 
 nic_data_incoming:
-  name: enp1s0
+  ethname: enp1s0
   vf0_name: enp1s2
   vf1_name: enp1s2f1
   vf2_name: enp1s2f2
@@ -80,8 +79,10 @@ nic_data_incoming:
 VlanFlipping:
   vlanID_1: 100
   vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
 ########################################
-tsg_tun_mode:
+server:
   ethname: eth0
   tun_name: eth0.100
   internal_interface: "eth2"
diff --git a/roles/.DS_Store b/roles/.DS_Store
deleted file mode 100644
index b3d2c07..0000000
--- a/roles/.DS_Store
+++ /dev/null
diff --git a/roles/clotho/templates/clotho.conf.j2 b/roles/clotho/templates/clotho.conf.j2
index 399d0a3..3644367 100644
--- a/roles/clotho/templates/clotho.conf.j2
+++ b/roles/clotho/templates/clotho.conf.j2
@@ -2,8 +2,8 @@
 BROKER_LIST={{ log_kafkabrokers.address }}
 
 [SYSTEM]
-{% if tsg_running_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
 {% else %}
 NIC_NAME={{ nic_mgr.name }}
 {% endif %}
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index 6668dab..a6c4c00 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -8,6 +8,7 @@
   yum:
     name: "{{ fw_packages }}"
     state: present
+    skip_broken: yes
   vars:
     fw_packages:
       - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
diff --git a/roles/firewall/templates/capture_packet_plug.conf.j2 b/roles/firewall/templates/capture_packet_plug.conf.j2
index 9cd6d10..6da4c3c 100644
--- a/roles/firewall/templates/capture_packet_plug.conf.j2
+++ b/roles/firewall/templates/capture_packet_plug.conf.j2
@@ -15,8 +15,8 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/

 

 [LOG]

-{% if tsg_running_type == 0 %}

-NIC_NAME={{ tsg_tun_mode.ethname }}

+{% if tsg_running_type == 0 or 1 %}

+NIC_NAME={{ server.ethname }}

 {% else %}

 NIC_NAME={{ nic_mgr.name }}

 {% endif %}

diff --git a/roles/firewall/templates/main.conf.j2 b/roles/firewall/templates/main.conf.j2
index 9077021..9cbaec8 100644
--- a/roles/firewall/templates/main.conf.j2
+++ b/roles/firewall/templates/main.conf.j2
@@ -24,8 +24,8 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
-{% if tsg_running_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
 {% else %}
 NIC_NAME={{ nic_mgr.name }}
 {% endif %}
diff --git a/roles/framework/.DS_Store b/roles/framework/.DS_Store
deleted file mode 100644
index 0070367..0000000
--- a/roles/framework/.DS_Store
+++ /dev/null
diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml
index f1ac7f8..ed8fb4b 100644
--- a/roles/framework/tasks/main.yml
+++ b/roles/framework/tasks/main.yml
@@ -4,11 +4,10 @@
     dest: "/tmp/ansible_deploy/"
 
 - name: "install framework packages"
-#  yum:
-#    name: "{{ packages }}"
-#    state: present
-#    skip_broken: yes
-  shell: "rpm -ivh /tmp/ansible_deploy/{{ packages }}"
+  yum:
+    name: "{{ packages }}"
+    state: present
+    skip_broken: yes
   vars:
     packages:
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
diff --git a/roles/kni/templates/kni.conf.j2 b/roles/kni/templates/kni.conf.j2
index a48cfc9..0c84c50 100644
--- a/roles/kni/templates/kni.conf.j2
+++ b/roles/kni/templates/kni.conf.j2
@@ -2,8 +2,8 @@
 log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
-{% if tsg_running_type == 0 %}
-manage_eth = {{ tsg_tun_mode.ethname }}
+{% if tsg_running_type == 0 or 1 %}
+manage_eth = {{ server.ethname }}
 {% else %}
 manage_eth = {{ nic_mgr.name }}
 {% endif %}
@@ -20,26 +20,26 @@ dst_mac_addr = fe:65:b7:03:50:bd
 enabled = 1
 dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
 ip_addr = 192.168.100.1
-{% elif tsg_running_type == 1 %}
+{% elif tsg_running_type == 2 %}
 [tfe0]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe0_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
 ip_addr = 192.168.100.2
 
 [tfe1]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe1_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
 ip_addr = 192.168.100.3
 
 [tfe2]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe2_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
 ip_addr = 192.168.100.4
 {% endif %}
 
 [tfe_cmsg_receiver]
-{% if tsg_running_type == 0 %}
-listen_eth = {{ tsg_tun_mode.tun_name }}
+{% if tsg_running_type == 0 or 1%}
+listen_eth = {{ server.tun_name }}
 {% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
 {% endif %}
@@ -47,8 +47,8 @@ listen_port = 2475
 
 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
-{% if tsg_running_type == 0 %}
-listen_eth = {{ tsg_tun_mode.tun_name }}
+{% if tsg_running_type == 0 or 1 %}
+listen_eth = {{ server.tun_name }}
 {% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
 {% endif %}
diff --git a/roles/mrzcpd/.DS_Store b/roles/mrzcpd/.DS_Store
deleted file mode 100644
index 9c4f059..0000000
--- a/roles/mrzcpd/.DS_Store
+++ /dev/null
diff --git a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
index 995aead..c5f5b4e 100644
--- a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
+++ b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
@@ -8,7 +8,7 @@ mtu=4096
 clear_tx_flags=1
 vlan-filter=1
 vlan-strip=1
-vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }}
+vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }}
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1
diff --git a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2
index 220eb46..c2f658c 100644
--- a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2
+++ b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2
@@ -8,6 +8,7 @@ nr_slots=1048576
 expire_time=60
 reverse_tunnel=0
 use_recent_tunnel=0
+use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
 
@@ -16,4 +17,7 @@ enable=1
 c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }}
 i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }}
 en_mac_flipping_0=0
-
+en_mac_flipping_0=0
+c_router_vlan_id_1={{ VlanFlipping.vlanID_3 }}
+i_router_vlan_id_1={{ VlanFlipping.vlanID_4 }}
+en_mac_flipping_1=0
diff --git a/roles/proxy_status/.DS_Store b/roles/proxy_status/.DS_Store
deleted file mode 100644
index 5008ddf..0000000
--- a/roles/proxy_status/.DS_Store
+++ /dev/null
diff --git a/roles/proxy_status/tasks/main.yml b/roles/proxy_status/tasks/main.yml
index 0b6fe9f..8403fa9 100644
--- a/roles/proxy_status/tasks/main.yml
+++ b/roles/proxy_status/tasks/main.yml
@@ -6,10 +6,7 @@
 
 - name: "copy files"
   copy:
-    src: 
-      - "{{ role_path }}/files/proxy_start"
-      - "{{ role_path }}/files/proxy_status"
-      - "{{ role_path }}/files/proxy_stop"
+    src: "{{ role_path }}/files/" 
     dest: /opt/proxy_status
     mode: 0755
 
diff --git a/roles/sapp/.DS_Store b/roles/sapp/.DS_Store
deleted file mode 100644
index 9c4f059..0000000
--- a/roles/sapp/.DS_Store
+++ /dev/null
diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2
index d8c18e4..f7febdf 100644
--- a/roles/sapp/templates/sapp.toml.j2
+++ b/roles/sapp/templates/sapp.toml.j2
@@ -14,6 +14,9 @@ worker_threads=1
 {% else %}
 worker_threads={{ sapp.worker_threads }}
 {% endif %}
+{% if tsg_access_type == 4 %}
+send_only_threads_max={{ sapp.send_only_threads_max }}
+{% endif %}
 ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
 {% if tsg_access_type == 0 %}
 bind_mask=[]
@@ -22,6 +25,13 @@ bind_mask=[{{ sapp.bind_mask }}]
 {% endif %}
 
 [PACKET_IO]
+{% if tsg_access_type == 4 %}
+### note, used to represent inbound or outbound direction value,
+##### because it comes from other device, so it needs to be specified manually,
+##### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
+##### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
+inbound_route_dir={{ sapp.inbound_route_dir }}
+{% endif %}
 ### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
 BSD_packet_filter=""
    
@@ -37,7 +47,7 @@ BSD_packet_filter=""
     [packet_io.internal.interface]
     {% if tsg_access_type == 0 %}
     type=pcap
-    name={{tsg_tun_mode.internal_interface}}
+    name={{server.internal_interface}}
     {% else %}
     type=marsio
     name=vxlan_user
@@ -46,7 +56,7 @@ BSD_packet_filter=""
     [packet_io.external.interface]
     {% if tsg_access_type == 0 %}
     type=pcap
-    name={{tsg_tun_mode.external_interface}}
+    name={{server.external_interface}}
     {% else %}
     type=pcap
     name=lo
diff --git a/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 b/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
index c89150b..6585bf2 100755
--- a/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
+++ b/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
@@ -17,7 +17,7 @@
     files = ["stdout", "/tmp/metrics.out"]
        data_format = "json"
  [[outputs.kafka]]
-   brokers = ["{{ log_kafkabrokers.address }}"]
+   brokers = ["192.168.40.186:9092"]
    topic = "TRAFFIC-METRICS-LOG"
     data_format = "json"
  [[outputs.prometheus_client]]
diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2
index 1e442f9..8790677 100644
--- a/roles/tfe/templates/pangu_pxy.conf.j2
+++ b/roles/tfe/templates/pangu_pxy.conf.j2
@@ -2,8 +2,8 @@
 log_level=30

 

 [log]

-{% if tsg_running_type == 0 %}

-nic_name={{ tsg_tun_mode.ethname }}

+{% if tsg_running_type == 0 or 1 %}

+nic_name={{ server.ethname }}

 {% else %}

 nic_name={{ nic_mgr.name }}

 {% endif %}

diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2
index 9712e35..172ef12 100644
--- a/roles/tfe/templates/tfe-env-config.j2
+++ b/roles/tfe/templates/tfe-env-config.j2
@@ -14,7 +14,7 @@ TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
 
-{% if tsg_running_type == 0 %}
-TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }}
+{% if tsg_running_type == 0 or 1 %}
+TFE_WATCHDOG_DEVICE={{ server.tun_name }}
 TFE_WATCHDOG_IP=192.168.100.1
 {% endif %}
diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2
index a6bb455..02beb08 100644
--- a/roles/tfe/templates/tfe.conf.j2
+++ b/roles/tfe/templates/tfe.conf.j2
@@ -31,8 +31,8 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
-{% if tsg_running_type == 0 %}
-mc_cache_eth={{ tsg_tun_mode.tun_name }}
+{% if tsg_running_type == 0 or 1 %}
+mc_cache_eth={{ server.tun_name }}
 {% else %}
 mc_cache_eth={{ nic_inner_ctrl.name }}
 {% endif %}
@@ -56,7 +56,7 @@ enable_health_check=0
 passthrough_all_tcp=0
 
 [traffic_mirror]
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
 device=lo
 {% else %}
 device={{ nic_traffic_mirror.name }}
diff --git a/roles/tsg-env-tun-mode/templates/setup.j2 b/roles/tsg-env-tun-mode/templates/setup.j2
index d0e6b63..f5aa26f 100644
--- a/roles/tsg-env-tun-mode/templates/setup.j2
+++ b/roles/tsg-env-tun-mode/templates/setup.j2
@@ -1,25 +1,25 @@
 #!/bin/bash
 modprobe 8021q
-vconfig add {{ tsg_tun_mode.ethname }} 100
-vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1
-ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
+vconfig add {{ server.ethname }} 100
+vconfig set_flag {{ server.ethname }}.100 1 1
+ifconfig {{ server.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
 {% if tsg_access_type == 0 %}
-ethtool -K {{ tsg_tun_mode.internal_interface }} tso off
-ethtool -K {{ tsg_tun_mode.internal_interface }} gso off
-ethtool -K {{ tsg_tun_mode.internal_interface }} gro off
-ethtool -K {{ tsg_tun_mode.external_interface }} tso off
-ethtool -K {{ tsg_tun_mode.external_interface }} gso off
-ethtool -K {{ tsg_tun_mode.external_interface }} gro off
+ethtool -K {{ server.internal_interface }} tso off
+ethtool -K {{ server.internal_interface }} gso off
+ethtool -K {{ server.internal_interface }} gro off
+ethtool -K {{ server.external_interface }} tso off
+ethtool -K {{ server.external_interface }} gso off
+ethtool -K {{ server.external_interface }} gro off
 {% elif tsg_access_type == 4 %}
-echo 3 > /sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs
-ip link set {{ nic_data_incoming.name }} vf 1 vlan 4095
-ip link set {{ nic_data_incoming.name }} vf 2 vlan 4095
-ip link set {{ nic_data_incoming.name }} vf 0 trust on
-ip link set {{ nic_data_incoming.name }} vf 1 trust on
-ip link set {{ nic_data_incoming.name }} vf 2 trust on
-ip link set {{ nic_data_incoming.name }} vf 1 mac 00:0e:c6:d6:72:c1
-ip link set {{ nic_data_incoming.name }} vf 2 mac fe:65:b7:03:50:bd
-ip link set {{ nic_data_incoming.name }} vf 0 spoofchk off
+echo 3 > /sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
+ip link set {{ nic_data_incoming.ethname }} vf 1 vlan 4095
+ip link set {{ nic_data_incoming.ethname }} vf 2 vlan 4095
+ip link set {{ nic_data_incoming.ethname }} vf 0 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 1 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 2 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1
+ip link set {{ nic_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd
+ip link set {{ nic_data_incoming.ethname }} vf 0 spoofchk off
 ip link set {{ nic_data_incoming.vf0_name }} up
 ip link set {{ nic_data_incoming.vf1_name }} up
 ip link set {{ nic_data_incoming.vf2_name }} up
diff --git a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
index 7393749..8d7a9ce 100644
--- a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
+++ b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
@@ -1,8 +1,8 @@
 #!/bin/bash
 #
-echo 0 >/sys/class/net/{{ tsg_tun_mode.ethname }}/device/sriov_numvfs
-ifconfig {{ tsg_tun_mode.ethname }}.100 down
-vconfig rem {{ tsg_tun_mode.ethname }}.100
+echo 0 >/sys/class/net/{{ server.ethname }}/device/sriov_numvfs
+ifconfig {{ server.ethname }}.100 down
+vconfig rem {{ server.ethname }}.100
 {% if tsg_access_type == 4 %}
-echo 0 >/sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs
+echo 0 >/sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
 {% endif %}