feature:TLS版本支持虚拟机安装

author: fumingwei <[email protected]> 2023-04-17 21:08:32 +0800
committer: 付明卫 <[email protected]> 2023-04-18 09:28:26 +0000
commit: 9e7087fdbd3f77bccee43fbe645f574a0e7df555 (patch)
tree: 9a06dfd7c7cea588b5f0addccc371f995fb10c7b
parent: fb156c997a289916a07367565a9b257ee9bf571f (diff)
10 files changed, 137 insertions, 11 deletions
diff --git a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml
index 70e08dce..e4621c5c 100644
--- a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml
+++ b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0804.yml
@@ -23,7 +23,7 @@ dp_steering_firewall:
   #deloyment value: mirror,inline, transparent. mirror = one arm + mirror, inline = one arm + series, transparent = two arm + series 
   deployment: inline
   #encapsulation value: vlan, vxlan, raw, provision
-  encapsulation: vxlan 
+  encapsulation: provision 
   # capture_packet value: pcap, driver
   capture_packet: driver
   nic_internal: "{% raw %}{{ network_setting.nic_raw.name }}{% endraw %}"
diff --git a/ansible/roles/mrzcpd/tasks/main.yml b/ansible/roles/mrzcpd/tasks/main.yml
index de52cd8d..7cb8f35e 100644
--- a/ansible/roles/mrzcpd/tasks/main.yml
+++ b/ansible/roles/mrzcpd/tasks/main.yml
@@ -17,7 +17,7 @@
     src: "{{ role_path }}/templates/mrzcpd.conf.j2"
     dest: /etc/ld.so.conf.d/mrzcpd.conf
 
-- name: "update sysconfig/mrzcpd"
+- name: "update sysconfig/mrzcpd NOT P0804"
   template:
     src: "{{ role_path }}/templates/mrzcpd.j2"
     dest: /etc/sysconfig/mrzcpd
diff --git a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804
index 57221364..38aad6ed 100644
--- a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804
+++ b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804
@@ -1,15 +1,38 @@
 [device]
-device={{ dp_steering_firewall.nic_internal }},{{ dp_traffic_mirror.nic_name }}
+{% raw %}{% if connectivity == 'etherfabric' %}
+device={{ network_setting.nic_raw.name }},{{ network_setting.nic_mirror.name }}
+{% endif %}
+{% if connectivity == 'virtual_wire' %}
+device={{ network_setting.nic_raw.name }},{{ network_setting.nic_mirror.name }},{{ network_setting.nic_external.name }}
+{% endif %}
+{% endraw %}
 virtio_user={{ diagnose.virtual_client_nic }},{{ diagnose.virtual_server_nic }},{{ dp_steering_proxy.node_list[0].nic_name }}
 sz_tunnel=8192
 sz_buffer=0
 
 [vlan_base_fwd]
-device={{ dp_steering_firewall.nic_internal }},{{ diagnose.virtual_client_nic }},{{ diagnose.virtual_server_nic }}
+{% raw %}{% if connectivity == 'etherfabric' %}
+device={{ network_setting.nic_raw.name }},virtio_dign_c,virtio_dign_s
+{% endif %}
+{% if connectivity == 'virtual_wire' %}
+device={{ network_setting.nic_raw.name }},{{ network_setting.nic_external.name }},virtio_dign_c,virtio_dign_s
+{% endif %}
 
-[vlan_base_fwd:{{ dp_steering_firewall.nic_internal }}]
+{% if connectivity == 'etherfabric' %}
+[vlan_base_fwd:{{ network_setting.nic_raw.name }}]
 vdev_vlan=0,4000,4001
 phydev_vlan=0
+{% endif %}
+
+{% if connectivity == 'virtual_wire' %}
+[vlan_base_fwd:{{ network_setting.nic_raw.name }}]
+vdev_vlan=1000,1001,4000,4001
+phydev_vlan=1000
+
+[vlan_base_fwd:{{ network_setting.nic_external.name }}]
+phydev_vlan=1001
+{% endif %}
+{% endraw %}
 
 [vlan_base_fwd:{{ diagnose.virtual_client_nic }}]
 phydev_vlan=4000
@@ -17,11 +40,11 @@ phydev_vlan=4000
 [vlan_base_fwd:{{ diagnose.virtual_server_nic }}]
 phydev_vlan=4001
 
-
-[device:{{ dp_steering_firewall.nic_internal }}]
-{% raw %}in_addr={{etherfabric_settings.keepalive.ip}}
+{% raw %}
+{% if connectivity == 'etherfabric' %}
+[device:={{ network_setting.nic_raw.name }}]
+in_addr={{etherfabric_settings.keepalive.ip}}
 in_mask={{etherfabric_settings.keepalive.mask}}
-{% endraw %}
 vlan-filter=1
 vlan-pvid=0
 vlan-pvid-mode=2
@@ -30,11 +53,27 @@ allmulticast=1
 rssmode=3
 mtu=2048
 
-[device:{{ dp_traffic_mirror.nic_name }}]
+[device:{{ network_setting.nic_mirror.name }}]
 mtu=2048
 hw_strip_crc=1
 rssmode=2
 vlan-strip=1
+{% endif %}
+
+{% if connectivity == 'virtual_wire' %}
+[device:{{ network_setting.nic_raw.name }}]
+rssmode=3
+mtu=1500
+
+[device:{{ network_setting.nic_external.name }}]
+rssmode=3
+mtu=1500
+
+[device:{{ network_setting.nic_mirror.name }}]
+rssmode=3
+mtu=1500
+{% endif %}
+{% endraw %}
 
 [service]
 # lcore id for i/o service, use comma to split
diff --git a/ansible/roles/sapp/tasks/main.yml b/ansible/roles/sapp/tasks/main.yml
index 0df10cb8..037e89c5 100644
--- a/ansible/roles/sapp/tasks/main.yml
+++ b/ansible/roles/sapp/tasks/main.yml
@@ -121,7 +121,16 @@
     dest: /opt/tsg/sapp/etc/vlan_flipping_map.conf
   tags: template
   when:
-    - runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804'
+    - runtime_env == 'TSG-X-P1403'
+
+- name: Template the vlan_flipping_map.conf - tsg-x-p0804
+  template:
+    src: "{{ role_path }}/templates/vlan_flipping_map.conf.j2.j2.TSGXNXR620G40R01P0804"
+    dest: /opt/tsg/tsg-os-provision/templates/vlan_flipping_map.conf.j2
+  tags: template
+  when:
+    - runtime_env == 'TSG-X-P0804'
+
 - name: Template the sapp_log.conf
   template:
     src: "{{ role_path }}/templates/sapp_log.conf.j2"
diff --git a/ansible/roles/sapp/templates/vlan_flipping_map.conf.j2.j2.TSGXNXR620G40R01P0804 b/ansible/roles/sapp/templates/vlan_flipping_map.conf.j2.j2.TSGXNXR620G40R01P0804
new file mode 100644
index 00000000..dda2f6b7
--- /dev/null
+++ b/ansible/roles/sapp/templates/vlan_flipping_map.conf.j2.j2.TSGXNXR620G40R01P0804
@@ -0,0 +1,13 @@
+#for inline a device vlan flipping 
+#数据包来自C路由器端, 即C2I(I2E)方向, 
+#数据包来自I路由器端, 即I2C(E2I)方向, 
+#平台会根据vlan_id,设置当前包route_dir的值, 以便上层业务插件做两个方向的流量统计,
+#如果一对vlan_id写反了, 网络是通的, 但是I2E,E2I的流量统计就颠倒了.
+#配置文件格式, pattern:
+#来自C路由器vlan_id	  	来自I路由器vlan_id   	是否开启mac地址翻转
+#C_router_vlan_id  I_router_vlan_id mac_flipping_enable
+{% raw %}{% if npb_device == 'virtual_wire' %}
+1000	1001	0
+{% endif %}
+{% endraw %}
+4000	4001	0
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
index d3e426ff..59b7bd42 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
@@ -93,3 +93,6 @@ olap:
     token: "c21f969b5f03d33d43e04f8f136e7682"
 
 vsys_id: 1
+
+###### connectivity value in [virtual_wire, etherfabric]
+connectivity: etherfabric
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804
index 3edf66dc..6abb7134 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804
@@ -73,6 +73,8 @@ network_setting:
     name: eth0
   nic_raw:
     name: eth0
+  nic_external:
+    name: eth0
   nic_mirror:
     name: eth0
 
diff --git a/ansible/roles/tsg-os-provision/files/script/set_mbuf_and_hugepage.sh b/ansible/roles/tsg-os-provision/files/script/set_mbuf_and_hugepage.sh
new file mode 100644
index 00000000..d63db218
--- /dev/null
+++ b/ansible/roles/tsg-os-provision/files/script/set_mbuf_and_hugepage.sh
@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+total_mem=$(free -g | grep Mem | awk '{print $2}')
+
+if [ $total_mem -le 32 ]; then
+	n_hugepages_1G=4
+	mrzcpd_direct_pktmbuf=262144
+fi
+
+if [ $total_mem -gt 32 ] && [ $total_mem -le 64 ]; then
+        n_hugepages_1G=8
+        mrzcpd_direct_pktmbuf=1048576
+fi
+
+if [ $total_mem -gt 64 ]; then
+        n_hugepages_1G=16
+        mrzcpd_direct_pktmbuf=2097152
+fi
+
+
+sed -i "s/^HUGEPAGE_NUM_1G=.*$/HUGEPAGE_NUM_1G=$n_hugepages_1G/g" /etc/sysconfig/mrzcpd
+sed -i "s/^sz_direct_pktmbuf=.*$/sz_direct_pktmbuf=$mrzcpd_direct_pktmbuf/g" /opt/tsg/mrzcpd/etc/mrglobal.conf
+
+if grep -q "hugepages=$n_hugepages_1G" /proc/cmdline
+then
+	echo "Not set hugepages!"
+else
+	sed  -i "s/hugepages=[0-9]*/hugepages=$n_hugepages_1G/g" /boot/grub/grub.cfg
+	sed  -i "s/hugepages=[0-9]*/hugepages=$n_hugepages_1G/g" /etc/grub.d/40_onie_grub
+	echo "Detected that the configuration of hugepages has changed, please run command \"provision-config-apply --reboot\" to reboot the machine that make the configuration take effect!"
+fi
diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804
index 8f85b6cc..f0fe7ede 100644
--- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804
+++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804
@@ -70,6 +70,16 @@
 
 ######setting nic cpu affinity mask end######
 
+    - name: "set sapp_overlay_mode var when connectivity = virtual_wire"
+      set_fact:
+        sapp_overlay_mode: "none"
+      when: connectivity == 'virtual_wire'
+
+    - name: "set sapp_overlay_mode var when connectivity = etherfabric"
+      set_fact:
+        sapp_overlay_mode: "vxlan"
+      when: npb_device == 'etherfabric'
+
 ######get isolate cpu core start######
     - name: redirect proxy config to config .proxy.json
       copy:
@@ -105,6 +115,9 @@
         - result_exec_cat_cmdline is not search(grub_cpu_isolate)
         - enable_config_apply != '2'
 
+    - name: set hugepages and mrzcpd mbuf
+      shell: /opt/tsg/tsg-os-provision/scripts/set_mbuf_and_hugepage.sh
+
     - name: "set keep_alive_ip"
       set_fact:
         gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}"
@@ -135,6 +148,12 @@
         dest: /opt/tsg/sapp/etc/gdev.conf
       tags: sapp
 
+    - name: "tsg-os-provision: vlan_flipping_map.conf"
+      template:
+        src: ../templates/vlan_flipping_map.conf.j2
+        dest: /opt/tsg/sapp/etc/vlan_flipping_map.conf
+      tags: sapp
+
     - name: "tsg-os-provision: template mrglobal.conf file"
       template:
         src: "../templates/mrglobal.conf.j2"
@@ -267,6 +286,15 @@
         src: /dev/sda4
         fstype: ext4
         state: mounted
+      when: connectivity == "etherfabric"
+
+    - name: "tsg-os-provision: disable enable service step 1:mount partition to mnt_tmp"
+      mount:
+        path: /tmp/mnt_tmp
+        src: /dev/vda4
+        fstype: ext4
+        state: mounted
+      when: connectivity == "virtual_wire"
 
     - name: "tsg-os-provision: disable service step 2:disable tfe service"
       shell: "{{ item }}"
diff --git a/ansible/roles/tsg-os-provision/tasks/main.yml b/ansible/roles/tsg-os-provision/tasks/main.yml
index 067671b3..b80b7bd5 100644
--- a/ansible/roles/tsg-os-provision/tasks/main.yml
+++ b/ansible/roles/tsg-os-provision/tasks/main.yml
@@ -274,6 +274,7 @@
   with_items:
     - obtain_rps_mask.py 
     - obtain_isolate_cpu_range.py
+    - set_mbuf_and_hugepage.sh
   when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906'
 
 ######TSG-X-P1403 end######
author	fumingwei <[email protected]>	2023-04-17 21:08:32 +0800
committer	付明卫 <[email protected]>	2023-04-18 09:28:26 +0000
commit	9e7087fdbd3f77bccee43fbe645f574a0e7df555 (patch)
tree	9a06dfd7c7cea588b5f0addccc371f995fb10c7b
parent	fb156c997a289916a07367565a9b257ee9bf571f (diff)