feature:构建server ansible安装包,适配poc设备v21.12-poc

author: fumingwei <[email protected]> 2021-11-03 15:45:54 +0800
committer: fumingwei <[email protected]> 2021-12-30 17:38:30 +0800
commit: bddbebb6f3e48429b0783d72c572d65234db153b (patch)
tree: 08c220e9c2b3ddb893aebdbd09747e159ba9391a
parent: 3ba9652efa22142e718c15e727832c7716e28caf (diff)
70 files changed, 1783 insertions, 112 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b535135c..a504c313 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -48,6 +48,32 @@ feature_branch_build_9000:
     - /^rel-.*$/i
     - /^update-.*$/i
 
+feature_branch_build_server_unlocked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    DALIY_BUILD_VERSION: 1
+    LOCK_STATE: UNLOCKED
+  except:
+    - tags
+    - /^dev-.*$/i
+    - /^rel-.*$/i
+    - /^update-.*$/i
+
+feature_branch_build_server_locked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    DALIY_BUILD_VERSION: 1
+    LOCK_STATE: LOCKED
+  except:
+    - tags
+    - /^dev-.*$/i
+    - /^rel-.*$/i
+    - /^update-.*$/i
+
 develop_build_7400_mcn0:
   stage: build
   extends: .build_tsg-buildimage
@@ -87,6 +113,34 @@ develop_build_9000:
   only:
     - /^dev-.*$/i
 
+develop_build_server_unlocked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    UPLOAD_TO_FILE_REPO: 1
+    PULP3_FILE_REPO_NAME: tsg-os-images-develop
+    PULP3_FILE_DIST_NAME: tsg-os-images-develop
+    DALIY_BUILD_VERSION: 1
+    FILE_REPO_PATH: install/develop/tsg-os-images
+    LOCK_STATE: UNLOCKED
+  only:
+    - /^dev-.*$/i
+
+develop_build_server_locked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    UPLOAD_TO_FILE_REPO: 1
+    PULP3_FILE_REPO_NAME: tsg-os-images-develop
+    PULP3_FILE_DIST_NAME: tsg-os-images-develop
+    DALIY_BUILD_VERSION: 1
+    FILE_REPO_PATH: install/develop/tsg-os-images
+    LOCK_STATE: LOCKED
+  only:
+    - /^dev-.*$/i
+
 testing_build_7400_mcn0:
   stage: build
   extends: .build_tsg-buildimage
@@ -126,6 +180,34 @@ testing_build_9000:
   only:
     - /^rel-.*$/i
 
+testing_build_server_unlocked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    UPLOAD_TO_FILE_REPO: 1
+    PULP3_FILE_REPO_NAME: tsg-os-images-testing
+    PULP3_FILE_DIST_NAME: tsg-os-images-testing
+    DALIY_BUILD_VERSION: 1
+    FILE_REPO_PATH: install/testing/tsg-os-images
+    LOCK_STATE: UNLOCKED
+  only:
+    - /^rel-.*$/i
+
+testing_build_server_locked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    UPLOAD_TO_FILE_REPO: 1
+    PULP3_FILE_REPO_NAME: tsg-os-images-testing
+    PULP3_FILE_DIST_NAME: tsg-os-images-testing
+    DALIY_BUILD_VERSION: 1
+    FILE_REPO_PATH: install/testing/tsg-os-images
+    LOCK_STATE: LOCKED
+  only:
+    - /^rel-.*$/i
+
 rc_build_7400_mcn0:
   stage: build
   extends: .build_tsg-buildimage
@@ -165,6 +247,34 @@ rc_build_9000:
   only:
     - /^.*-rc.*$/i
 
+rc_build_server_unlocked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    UPLOAD_TO_FILE_REPO: 1
+    DALIY_BUILD_VERSION: 0
+    PULP3_FILE_REPO_NAME: tsg-os-images-rc
+    PULP3_FILE_DIST_NAME: tsg-os-images-rc
+    FILE_REPO_PATH: install/rc/tsg-os-images
+    LOCK_STATE: UNLOCKED
+  only:
+    - /^.*-rc.*$/i
+
+rc_build_server_locked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    UPLOAD_TO_FILE_REPO: 1
+    DALIY_BUILD_VERSION: 0
+    PULP3_FILE_REPO_NAME: tsg-os-images-rc
+    PULP3_FILE_DIST_NAME: tsg-os-images-rc
+    FILE_REPO_PATH: install/rc/tsg-os-images
+    LOCK_STATE: LOCKED
+  only:
+    - /^.*-rc.*$/i
+
 release_build_7400_mcn0:
   stage: build
   extends: .build_tsg-buildimage
@@ -209,3 +319,35 @@ release_build_9000:
     - tags
   except:
     - /^.*-rc.*$/i
+
+release_build_server_unlocked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    UPLOAD_TO_FILE_REPO: 1
+    DALIY_BUILD_VERSION: 0
+    PULP3_FILE_REPO_NAME: tsg-os-images-release
+    PULP3_FILE_DIST_NAME: tsg-os-images-release
+    FILE_REPO_PATH: install/release/tsg-os-images
+    LOCK_STATE: UNLOCKED
+  only:
+    - tags
+  except:
+    - /^.*-rc.*$/i
+
+release_build_server_locked:
+  stage: build
+  extends: .build_tsg-buildimage
+  variables:
+    PROFILE_LIST: SERVER
+    UPLOAD_TO_FILE_REPO: 1
+    DALIY_BUILD_VERSION: 0
+    PULP3_FILE_REPO_NAME: tsg-os-images-release
+    PULP3_FILE_DIST_NAME: tsg-os-images-release
+    FILE_REPO_PATH: install/release/tsg-os-images
+    LOCK_STATE: LOCKED
+  only:
+    - tags
+  except:
+    - /^.*-rc.*$/i
diff --git a/Makefile b/Makefile
index d820cfda..515c6b6e 100644
--- a/Makefile
+++ b/Makefile
@@ -69,6 +69,10 @@ ifndef PROFILE_LIST
 PROFILE_LIST := 7400MCN0P01R01
 endif
 
+ifndef LOCK_STATE
+LOCK_STATE := UNLOCKED
+endif
+
 export TOOLSDIR
 export CONFDIR
 export INSTALLERDIR
@@ -76,6 +80,7 @@ export PROJECTDIR
 export BUILDDIR_BASE
 export IMAGEDIR_BASE
 export OS_RELEASE_VER
+export LOCK_STATE
 
 .PHONY: all clean $(PROFILE_LIST)
 
diff --git a/ansible/stage_one_deploy.yml b/ansible/HAL_deploy.yml
index 62228818..68dab80d 100644
--- a/ansible/stage_one_deploy.yml
+++ b/ansible/HAL_deploy.yml
@@ -3,12 +3,12 @@
   vars_files:
     - install_config/group_vars/rpm_version.yml
   roles:
-    - {role: rpm_packages_download, tags: rpm_packages_download}
+    - {role: rpm_download, tags: rpm_download}
 
 - hosts: 7400-MCN0-P01R01
   remote_user: root
   vars_files:
-    - install_config/group_vars/stage_one_7400MCN0P01R01.yml
+    - install_config/group_vars/HAL_7400MCN0P01R01.yml
     - install_config/group_vars/rpm_version.yml
   roles:
     - {role: tsg-os-provision, tags: tsg-os-provision}
@@ -39,7 +39,7 @@
 - hosts: 7400-MCN123-P01R01
   remote_user: root
   vars_files:
-    - install_config/group_vars/stage_one_7400MCN123P01R01.yml
+    - install_config/group_vars/HAL_7400MCN123P01R01.yml
     - install_config/group_vars/rpm_version.yml
   roles:
     - {role: tsg-os-provision, tags: tsg-os-provision}
@@ -56,7 +56,7 @@
 - hosts: 9000-NPB-P01R01
   remote_user: root
   vars_files:
-    - install_config/group_vars/stage_one_9000NPBP01R01.yml
+    - install_config/group_vars/HAL_9000NPBP01R01.yml
     - install_config/group_vars/rpm_version.yml
   roles:
     - {role: tsg-os-provision, tags: tsg-os-provision}
diff --git a/ansible/HAL_server_deploy.yml b/ansible/HAL_server_deploy.yml
new file mode 100644
index 00000000..5849f0df
--- /dev/null
+++ b/ansible/HAL_server_deploy.yml
@@ -0,0 +1,36 @@
+- hosts: server
+  remote_user: root
+  vars_files:
+    - group_vars/HAL_SERVER.yml
+    - group_vars/rpm_version.yml
+  roles:
+    - {role: kernel-args, tags: kernel-args}
+    - {role: rpm_to_dest, tags: rpm_to_dest}
+    - {role: rpm_uninstall, tags: rpm_uninstall}
+    - {role: hasp, tags: hasp}
+    - {role: workload_target, tags: workload_target}
+    - {role: tsg-os-provision, tags: tsg-os-provision}
+    - {role: tsg_device_tag, tags: tsg_device_tag}
+    - {role: tsg_sn, tags: tsg_sn}
+    - {role: framework, tags: framework}
+    - {role: mrzcpd, tags: mrzcpd}
+    - {role: sapp, tags: sapp}
+    - {role: tsg_master, tags: tsg_master}
+    - {role: kni, tags: kni}
+    - {role: firewall, tags: firewall}
+    - {role: tsg_app, tags: tsg_app}
+    - {role: i40e-drive, tags: i40e-drive}
+    - {role: redis, tags: redis}
+    - {role: certstore, tags: certstore}
+    - {role: tfe, tags: tfe}
+    - {role: telegraf_statistic, tags: telegraf_statistic}
+    - {role: exporter, tags: exporter}
+    - {role: docker, tags: docker}
+    - {role: tsg-diagnose, tags: tsg-diagnose}
+    - {role: tsg-exporter-proxy-9140, tags: tsg-exporter-proxy-9140}
+    - {role: system-init-server, tags: system-init-server}
+    - {role: system-init, tags: system-init}
+    - {role: wannat_wangw, tags: wannat_wangw}
+    - {role: wire_graft, tags: wire_graft}
+    - {role: nz-talon, tags: nz-talon}
+    - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition}
diff --git a/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml b/ansible/install_config/group_vars/HAL_7400MCN0P01R01.yml
index bfc527a5..d1a98db0 100644
--- a/ansible/install_config/group_vars/stage_one_7400MCN0P01R01.yml
+++ b/ansible/install_config/group_vars/HAL_7400MCN0P01R01.yml
@@ -54,5 +54,5 @@ prefix_path:
 monitor:
   enable_redis_exporter: 1
   enable_ipmi_exporter: 1
-### server, 7400mcn0 7400mcn123 9140
-runtime_env: 7400mcn0
-\ No newline at end of file
+### TSG-server, TSG-7400-mcn0 TSG-7400-mcn123 TSG-9140
+runtime_env: TSG-7400-mcn0
+\ No newline at end of file
diff --git a/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml b/ansible/install_config/group_vars/HAL_7400MCN123P01R01.yml
index aae063e9..d222889e 100644
--- a/ansible/install_config/group_vars/stage_one_7400MCN123P01R01.yml
+++ b/ansible/install_config/group_vars/HAL_7400MCN123P01R01.yml
@@ -21,12 +21,14 @@ dp_steering_proxy:
   node_list:
     - nic_name: eth_vf_kni
 
-dp_proxy:
-  nic_name_data_incoming: eth_pxy
-  mac_addr_data_incoming: aa:bb:cc:dd:ee:ff
+workload_proxy:
   enable_cpu_affinity: 0
   cpu_affinity: 1-8
   worker_thread: 32
+
+dp_proxy:
+  nic_name_data_incoming: eth_pxy
+  mac_addr_data_incoming: aa:bb:cc:dd:ee:ff
   enable_traffic_mirror: 1
   traffic_mirror_type: 1
   traffic_mirror_vlan_id: 0
@@ -38,4 +40,4 @@ monitor:
   enable_redis_exporter: 0
   enable_ipmi_exporter: 1
 
-runtime_env: 7400mcn123
-\ No newline at end of file
+runtime_env: TSG-7400-mcn123
+\ No newline at end of file
diff --git a/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml b/ansible/install_config/group_vars/HAL_9000NPBP01R01.yml
index 47e38acc..972c2963 100644
--- a/ansible/install_config/group_vars/stage_one_9000NPBP01R01.yml
+++ b/ansible/install_config/group_vars/HAL_9000NPBP01R01.yml
@@ -38,12 +38,14 @@ dp_steering_proxy:
   node_list:
     - nic_name: eth_vf_kni
 
-dp_proxy:
-  nic_name_data_incoming: eth_vf_tfe
-  mac_addr_data_incoming: 00:0e:c6:d6:72:c1
+workload_proxy:
   enable_cpu_affinity: 1
   cpu_affinity: 48-55
   worker_thread: 7
+
+dp_proxy:
+  nic_name_data_incoming: eth_vf_tfe
+  mac_addr_data_incoming: 00:0e:c6:d6:72:c1
   enable_traffic_mirror: 1
   traffic_mirror_type: 1
   traffic_mirror_vlan_id: 1025
@@ -56,4 +58,4 @@ monitor:
   enable_redis_exporter: 0
   enable_ipmi_exporter: 0
 
-runtime_env: 9140
-\ No newline at end of file
+runtime_env: TSG-9140
+\ No newline at end of file
diff --git a/ansible/install_config/group_vars/HAL_SERVER.yml b/ansible/install_config/group_vars/HAL_SERVER.yml
new file mode 100644
index 00000000..a74a5e70
--- /dev/null
+++ b/ansible/install_config/group_vars/HAL_SERVER.yml
@@ -0,0 +1,74 @@
+# TOD: TSG-6386 调整 TSG-OS 中的脚本， 适配 TSG-9140 硬件平台
+# variable format {role_name}.{configname}.{section}.{var}  configname 用 "_" 替代 "."
+
+control_and_policy:
+  nic_name: eth_pf_ctl
+
+workload_zcpd:
+  cpu_affinity: 100,101,102,103
+  hugepage_num_1G: 16
+
+dp_traffic_mirror:
+  nic_name: eth_pf_mirr
+
+workload_firewall:
+  cpu_affinity: 17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99
+  worker_threads: 19
+  send_only_threads_max: 0
+
+dp_steering_firewall:
+  deployment: inline
+  encapsulation: vxlan 
+  capture_packet: driver
+  nic_internal: eth_vf_raw
+  nic_internal_mac: 90:00:00:91:40:01
+  enable_mirror: 1
+
+diagnose:
+  virtual_server_nic: eth_vf_dign_s
+  virtual_client_nic: eth_vf_dign_c
+
+prefix_path:
+  mrzcpd: /opt/tsg/mrzcpd
+  framework: /opt/tsg/framework
+  sapp: /opt/tsg/sapp
+
+dp_steering_proxy:
+  ###### location: value {local, foreign}
+  location: local
+  node_list:
+    - nic_name: eth_vf_kni
+
+workload_proxy:
+  enable_cpu_affinity: 1
+  cpu_affinity: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+  worker_thread: 15
+
+dp_proxy:
+  nic_name_data_incoming: eth_vf_tfe
+  mac_addr_data_incoming: 00:0e:c6:d6:72:c1
+  enable_traffic_mirror: 1
+  traffic_mirror_type: 1
+  traffic_mirror_vlan_id: 1025
+
+dp_certstore:
+  location: local
+# “default_vlan_id_for_mac” needs to be modified according to the vlan plan of the device
+
+
+wannat_wangw:
+  wangw_conf:
+    main:
+      recvfrom_NATGW_bind_first_port: 3545
+      NAT_GW_tunnel_send_port: 3544
+
+wire_graft:
+  wire_graft_conf:
+    toroad:
+      sendto_toroad_enable: 1
+
+monitor:
+  enable_redis_exporter: 0
+  enable_ipmi_exporter: 0
+
+runtime_env: TSG-server
+\ No newline at end of file
diff --git a/ansible/install_config/group_vars/rpm_version.yml b/ansible/install_config/group_vars/rpm_version.yml
index 11918504..e7260971 100644
--- a/ansible/install_config/group_vars/rpm_version.yml
+++ b/ansible/install_config/group_vars/rpm_version.yml
@@ -58,9 +58,11 @@ mrzcpd_rpm_version:
 sapp_rpm_version:
   sapp: sapp-4.2.71.153e167
   tcpdump_mesa: tcpdump_mesa-1.0.9.ca549c5
+  sapp-pr: sapp-pr-4.2.71.153e167
 
 tfe_rpm_version:
   tfe: tfe-4.5.30.d201968
+  tfe-pr: tfe-pr-4.5.30.d201968
 
 tsg_app_rpm_version:
   app_sketch_local: app_sketch_local-4.3.1.6038e0a
diff --git a/ansible/roles/certstore/tasks/main.yml b/ansible/roles/certstore/tasks/main.yml
index aeab5020..e40ab985 100644
--- a/ansible/roles/certstore/tasks/main.yml
+++ b/ansible/roles/certstore/tasks/main.yml
@@ -2,8 +2,19 @@
   file: path=/opt/tsg state=directory
   tags: mkdir
 
-- name: "Install certstore"
-  shell: rpm -i /tmp/rpm_download/{{ certstore_rpm_version.certstore }}*
+#- name: "Install certstore"
+#  shell: rpm -i /tmp/rpm_download/{{ certstore_rpm_version.certstore }}*
+
+- name: "Get certstore rpm path"
+  find:
+    path: /tmp/rpm_download/
+    pattern: "{{ certstore_rpm_version.certstore }}*"
+  register: certstore_rpm_fullname
+
+- name: "Install certstore from local path" 
+  yum:
+    name: "{{ certstore_rpm_fullname.files[0].path }}" 
+    state: present
 
 - name: template certstore configure file
   template:
@@ -68,6 +79,11 @@
     - /usr/lib/systemd/system/certstore.service
 
 ##################### certstore #####################
+- name: "systemctl daemon-reload"
+  systemd:
+    daemon_reload: yes
+  when: runtime_env == 'TSG-server'
+
 - name: "start certstore"
   systemd:
     name: certstore.service
diff --git a/ansible/roles/certstore/templates/cert_store.ini.j2.j2 b/ansible/roles/certstore/templates/cert_store.ini.j2.j2
index c04fef7d..7a29229d 100644
--- a/ansible/roles/certstore/templates/cert_store.ini.j2.j2
+++ b/ansible/roles/certstore/templates/cert_store.ini.j2.j2
@@ -69,8 +69,10 @@ port = 6379
 [MAAT_REDIS]
 #Maat monitors the Redsi server IP address and port number
 
-ip = {% raw %}{{ cm_policy_server_ip }}{% endraw %}
-port = {% raw %}{{ cm_policy_server_port }}{% endraw %}
+ip = {% raw %}{{ cm_policy_server_ip }}
+{% endraw %}
+port = {% raw %}{{ cm_policy_server_port }}
+{% endraw %}
 {% raw %}dbindex =  {{ cm.policy_server.db_static }}
 {% endraw %}
 [stat]
diff --git a/ansible/roles/exporter/tasks/main.yml b/ansible/roles/exporter/tasks/main.yml
index c54b2c93..c152decd 100644
--- a/ansible/roles/exporter/tasks/main.yml
+++ b/ansible/roles/exporter/tasks/main.yml
@@ -1,8 +1,13 @@
-- name: "Install freeipmi rpm package"
-  yum:
-    name: freeipmi
-    conf_file: "{{ rpm_repo_config_path }}"
-    state: latest
+- name: "Get freeipmi rpm path"
+  find:
+    path: /tmp/rpm_download/
+    pattern: "freeipmi-*"
+  register: freeipmi_rpm_fullname
+
+- name: "Install freeipmi from local path" 
+  yum: 
+    name: "{{ freeipmi_rpm_fullname.files[0].path }}" 
+    state: present 
 
 - name: "mkdir /opt/tsg/exporter/"
   file:
diff --git a/ansible/roles/firewall/templates/maat.conf.j2.j2 b/ansible/roles/firewall/templates/maat.conf.j2.j2
index 6ade5aa5..715c2c76 100644
--- a/ansible/roles/firewall/templates/maat.conf.j2.j2
+++ b/ansible/roles/firewall/templates/maat.conf.j2.j2
@@ -6,8 +6,10 @@ PERF_SWITCH=1
 TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
 STAT_FILE=tsg_static_maat.status
 EFFECT_INTERVAL_S=1
-REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %}
-REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %}
+REDIS_IP={% raw %}{{ cm_policy_server_ip }}
+{% endraw %}
+REDIS_PORT={% raw %}{{ cm_policy_server_port }}
+{% endraw %}
 {% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
 {% endraw %}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
@@ -23,8 +25,10 @@ PERF_SWITCH=1
 TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
 STAT_FILE=tsg_dynamic_maat.status
 EFFECT_INTERVAL_S=1
-REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %}
-REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %}
+REDIS_IP={% raw %}{{ cm_policy_server_ip }}
+{% endraw %}
+REDIS_PORT={% raw %}{{ cm_policy_server_port }}
+{% endraw %}
 {% raw %}REDIS_INDEX={{ cm.policy_server.db_dynamic }}
 {% endraw %}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
@@ -39,8 +43,10 @@ PERF_SWITCH=1
 TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
 STAT_FILE=app_sketch_maat.status
 EFFECT_INTERVAL_S=1
-REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %}
-REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %}
+REDIS_IP={% raw %}{{ cm_policy_server_ip }}
+{% endraw %}
+REDIS_PORT={% raw %}{{ cm_policy_server_port }}
+{% endraw %}
 {% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
 {% endraw %}
 JSON_CFG_FILE=tsgconf/app_sketch_maat.json
@@ -55,8 +61,10 @@ PERF_SWITCH=1
 TABLE_INFO=tsgconf/capture_packet_tableinfo.conf
 STAT_FILE=capture_packet.status
 EFFECT_INTERVAL_S=1
-REDIS_IP={% raw %}{{ cm_policy_server_ip }}{% endraw %}
-REDIS_PORT={% raw %}{{ cm_policy_server_port }}{% endraw %}
+REDIS_IP={% raw %}{{ cm_policy_server_ip }}
+{% endraw %}
+REDIS_PORT={% raw %}{{ cm_policy_server_port }}
+{% endraw %}
 {% raw %}REDIS_INDEX={{ cm.policy_server.db_static }}
 {% endraw %}
 JSON_CFG_FILE=tsgconf/capture_packet_maat.json
diff --git a/ansible/roles/kernel-args/files/grub b/ansible/roles/kernel-args/files/grub
new file mode 100644
index 00000000..252955f3
--- /dev/null
+++ b/ansible/roles/kernel-args/files/grub
@@ -0,0 +1,8 @@
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
+GRUB_DEFAULT=saved
+GRUB_DISABLE_SUBMENU=true
+GRUB_TERMINAL_OUTPUT="console"
+GRUB_CMDLINE_LINUX="rhgb quiet iommu=pt intel_iommu=on crashkernel=512M default_hugepagesz=1G hugepagesz=1G hugepages=16 isolcpus=1-103 psi=1 mitigations=off"
+GRUB_DISABLE_RECOVERY="true"
+
diff --git a/ansible/roles/kernel-args/tasks/main.yml b/ansible/roles/kernel-args/tasks/main.yml
new file mode 100644
index 00000000..638d58a2
--- /dev/null
+++ b/ansible/roles/kernel-args/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: "copy /etc/default/grub"
+  copy:
+    src: "{{ role_path }}/files/grub"
+    dest: "/etc/default"
+  register: grub_status
+
+- name: "BIOS:grub2-mkconfig"
+  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
+  when: grub_status.changed
+
+- name: "UEFI:grub2-mkconfig"
+  shell: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
+  when: grub_status.changed
+\ No newline at end of file
diff --git a/ansible/roles/mrzcpd/tasks/main.yml b/ansible/roles/mrzcpd/tasks/main.yml
index 3abc70f8..b5256e9d 100644
--- a/ansible/roles/mrzcpd/tasks/main.yml
+++ b/ansible/roles/mrzcpd/tasks/main.yml
@@ -54,21 +54,28 @@
     src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.9000NPBP01R01"
     dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
   when:
-    - runtime_env == '9140'
+    - runtime_env == 'TSG-9140'
 
 - name: "update mrglobal.conf - TSG7400 - mcn0"
   template:
     src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.7400MCN0P01R01"
     dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
   when:
-    - runtime_env == '7400mcn0'
+    - runtime_env == 'TSG-7400-mcn0'
 
 - name: "update mrglobal.conf - TSG7400 - mcn1 mcn2 mcn3"
   template:
     src: "{{ role_path }}/templates/mrglobal.conf.j2.7400MCN123P01R01"
     dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
   when:
-    - runtime_env == '7400mcn123'
+    - runtime_env == 'TSG-7400-mcn123'
+
+- name: "update mrglobal.conf - TSG server"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.SERVER"
+    dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2
+  when:
+    - runtime_env == 'TSG-server'
 
 - name: "replace action: replace service WantedBy from multi-user.target to workload.target"
   replace:
diff --git a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01 b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01
index 0a5945d1..d723c9e4 100644
--- a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01
+++ b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.9000NPBP01R01
@@ -1,7 +1,7 @@
 [device]
 {% set steeering_to_proxy_nic_list = [] %}
 {% for node_info in dp_steering_proxy.node_list %}{{ steeering_to_proxy_nic_list.append(node_info.nic_name) }}{% endfor %}
-device={{ dp_steering_firewall.nic_internal }},{{ steeering_to_proxy_nic_list | join(",") }}
+device={{ dp_steering_firewall.nic_internal }},{{ steeering_to_proxy_nic_list | join(",") }},{{ dp_traffic_mirror.nic_name }}
 sz_tunnel=8192
 sz_buffer=0
 
@@ -10,7 +10,7 @@ mtu=4096
 clear_tx_flags=1
 hw_strip_crc=1
 vlan-strip=1
-{% raw %}in_addr=10.252.{{ keepalive_subnet_ip }}.1
+{% raw %}in_addr={{ gdev_conf_keep_alive_ip }}
 {% endraw %}
 in_mask=255.255.0.0
 rssmode=2
diff --git a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.SERVER b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.SERVER
new file mode 100644
index 00000000..5880c877
--- /dev/null
+++ b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.SERVER
@@ -0,0 +1,77 @@
+[device]
+{% set steeering_to_proxy_nic_list = [] %}
+{% for node_info in dp_steering_proxy.node_list %}{{ steeering_to_proxy_nic_list.append(node_info.nic_name) }}{% endfor %}
+device={{ dp_steering_firewall.nic_internal }},{{ steeering_to_proxy_nic_list | join(",") }},{{ dp_traffic_mirror.nic_name }}
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{ dp_steering_firewall.nic_internal }}]
+mtu=4096
+clear_tx_flags=1
+hw_strip_crc=1
+vlan-strip=1
+{% raw %}in_addr={{inline_device_settings.keepalive.ip}}
+in_mask={{inline_device_settings.keepalive.mask}}
+{% endraw %}
+rssmode=2
+
+{% for node_info in dp_steering_proxy.node_list %}
+[device:{{ node_info.nic_name }}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow=4095
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+sz_tunnel=8192
+sz_buffer=0
+rssmode=2
+
+{% endfor %}
+
+[device:{{ dp_traffic_mirror.nic_name }}]
+mtu=2048
+hw_strip_crc=1
+rssmode=2
+vlan-strip=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ workload_zcpd.cpu_affinity }}
+{% raw %}{% if session_distribution_policy.hash_key == 'outer-most-sip-dip' %}
+distmode=0
+{% endif %}
+{% if session_distribution_policy.hash_key == 'outer-most-sip-dip-sport-dport' %}
+distmode=1
+{% endif %}
+{% if session_distribution_policy.hash_key == 'inner-most-sip-dip' %}
+distmode=2
+{% endif %}
+{% if session_distribution_policy.hash_key == 'inner-most-sip-dip-sport-dport' %}
+distmode=3
+{% endif %}
+{% if session_distribution_policy.hash_key == 'hardware' %}
+distmode=4
+{% endif %}
+{% endraw %}
+hashmode=0
+idle_threshold=10000
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=2097152
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+\ No newline at end of file
diff --git a/ansible/roles/rpm_packages_download/tasks/main.yml b/ansible/roles/rpm_download/tasks/main.yml
index e3ae557c..2baceede 100644
--- a/ansible/roles/rpm_packages_download/tasks/main.yml
+++ b/ansible/roles/rpm_download/tasks/main.yml
@@ -6,7 +6,7 @@
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
 
 - name: "download rpm packages: firewall"
   yum:
@@ -14,7 +14,7 @@
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
   with_dict: "{{ firewall_rpm_version }}"
 
 - name: "uninstall rsyslog-kafka and librdkafka"
@@ -31,7 +31,7 @@
     state: present
     conf_file: "{{ rpm_repo_config_path }}"
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
   with_dict: "{{ framework_rpm_version }}"
 
 - name: "download rpm packages: kni"
@@ -41,7 +41,7 @@
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
 
 - name: "download rpm packages: mrzcpd"
   yum:
@@ -49,7 +49,7 @@
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
 
 - name: "download rpm packages: sapp and tcpdump_mesa"
   yum:
@@ -57,17 +57,17 @@
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
   with_dict: "{{ sapp_rpm_version }}"
 
 - name: "download rpm packages: tfe"
   yum:
-    name:
-      - "{{ tfe_rpm_version.tfe }}"
+    name: "{{ item.value }}"
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
+  with_dict: "{{ tfe_rpm_version }}"
 
 - name: "download rpm packages: app_skecth_local"
   yum:
@@ -75,49 +75,68 @@
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
 
   
-- name: "install tsg_master from localhost"
+- name: "download rpm packages: tsg_master"
   yum:
     name:
       - "{{ tsg_master_rpm_version.tsg_master }}"
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
 
-- name: "Install tsg-diagnose rpm package"
+- name: "download rpm packages: tsg-diagnose"
   yum:
     name:
       - "{{ tsg_diagnose_rpm_version.tsg_diagnose }}"
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
 
-- name: "install http_healthcheck from localhost"
+- name: "download rpm packages: http_healthcheck"
   yum:
     name: "{{ http_healthcheck_rpm_version.http_healthcheck }}"
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
 
-- name: "install wannat wangw plug packages"
+- name: "download rpm packages: wannat wangw"
   yum:
     name: "{{ item.value }}"
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
   with_dict: "{{ wannat_wangw_rpm_version }}"
 
-- name: "install wire_graft plug packages"
+- name: "download rpm packages: wire_graft"
   yum:
     name: "{{ item.value }}"
     conf_file: "{{ rpm_repo_config_path }}"
     state: present
     download_only: yes
-    download_dir: /tmp/rpm_download/
+    download_dir: "{{ path_download }}"
   with_dict: "{{ wire_graft_rpm_version }}"
+
+- name: "download rpm packages: freeipmi"
+  yum:
+    name: "{{ item }}"
+    conf_file: "{{ rpm_repo_config_path }}"
+    state: latest
+    download_only: yes
+    download_dir: "{{ path_download }}"
+  with_items:
+    - freeipmi
+    - systemd-sysv
+
+- name: "download rpm packages: watchdog"
+  yum:
+    name: "watchdog"
+    conf_file: "{{ rpm_repo_config_path }}"
+    state: latest
+    download_only: yes
+    download_dir: "{{ path_download }}"
diff --git a/ansible/roles/rpm_to_dest/tasks/main.yml b/ansible/roles/rpm_to_dest/tasks/main.yml
new file mode 100644
index 00000000..d7117a4a
--- /dev/null
+++ b/ansible/roles/rpm_to_dest/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: "copy rpm to target_device"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/rpm_download/
diff --git a/ansible/roles/rpm_uninstall/tasks/main.yml b/ansible/roles/rpm_uninstall/tasks/main.yml
new file mode 100644
index 00000000..3bc12e22
--- /dev/null
+++ b/ansible/roles/rpm_uninstall/tasks/main.yml
@@ -0,0 +1,78 @@
+---
+#- name: "uninstall certstore"
+#  yum:
+#    name: "{{ item.value }}"
+#    state: absent
+#  with_dict: "{{ certstore_rpm_version }}"
+
+- name: "uninstall firewall"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ firewall_rpm_version }}"
+
+- name: "uninstall framework"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ framework_rpm_version }}"
+
+- name: "uninstall kni"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ kni_rpm_version }}"
+
+- name: "uninstall mrzcpd"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ mrzcpd_rpm_version }}"
+
+- name: "uninstall sapp and tcpdump_mesa"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ sapp_rpm_version }}"
+
+#- name: "uninstall tfe"
+#  yum:
+#    name: "{{ item.value }}"
+#    state: absent
+#  with_dict: "{{ tfe_rpm_version }}"
+
+- name: "uninstall app_skecth_local"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ tsg_app_rpm_version }}"
+
+- name: "uninstall tsg_master"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ tsg_master_rpm_version }}"
+
+#- name: "uninstall tsg-diagnose"
+#  yum:
+#    name: "{{ item.value }}"
+#    state: absent
+#  with_dict: "{{ tsg_diagnose_rpm_version }}"
+
+- name: "uninstall http_healthcheck"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ http_healthcheck_rpm_version }}"
+
+- name: "uninstall wannat wangw"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ wannat_wangw_rpm_version }}"
+
+- name: "uninstall wire_graft"
+  yum:
+    name: "{{ item.key }}"
+    state: absent
+  with_dict: "{{ wire_graft_rpm_version }}"
diff --git a/ansible/roles/sapp/tasks/main.yml b/ansible/roles/sapp/tasks/main.yml
index 4f1e2f62..3bf72b9b 100644
--- a/ansible/roles/sapp/tasks/main.yml
+++ b/ansible/roles/sapp/tasks/main.yml
@@ -9,11 +9,13 @@
     - /opt/tsg/sapp
     - /opt/tsg/framework
 
-- name: "Install sapp and tcpdump_mesa rpm package"
-  shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix_path }}
-  with_items:
-    - {"rpm_version": "{{ sapp_rpm_version.sapp }}", "prefix_path": "{{ prefix_path.sapp }}" }
-    - {"rpm_version": "{{ sapp_rpm_version.tcpdump_mesa }}", "prefix_path": "{{ prefix_path.framework }}" }
+- name: "Install sapp rpm package"
+  shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ prefix_path.sapp }}
+  when: item.key is search("sapp")
+  with_dict: "{{ sapp_rpm_version }}"
+
+- name: "Install tcpdump_mesa rpm package"
+  shell: rpm -i /tmp/rpm_download/{{ sapp_rpm_version.tcpdump_mesa }}* --prefix {{ prefix_path.framework }}
 
 - name: replace sapp service
   replace:
@@ -61,7 +63,7 @@
     dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2
   tags: template
   when:
-    - runtime_env == '9140'
+    - runtime_env == 'TSG-9140'
 
 - name: Template the conflist.inf - tsg_7400
   template:
@@ -69,7 +71,15 @@
     dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2
   tags: template
   when:
-    - runtime_env == '7400mcn0'
+    - runtime_env == 'TSG-7400-mcn0'
+
+- name: Template the conflist.inf - tsg_server
+  template:
+    src: "{{ role_path }}/templates/conflist.inf.j2.j2.SERVER"
+    dest: /opt/tsg/tsg-os-provision/templates/conflist.inf.j2
+  tags: template
+  when:
+    - runtime_env == 'TSG-server'
 
 - name: Template the entrylist.conf.j2
   template:
@@ -95,7 +105,7 @@
     dest: /opt/tsg/sapp/etc/vlan_flipping_map.conf
   tags: template
   when:
-    - runtime_env == '9140'
+    - runtime_env == 'TSG-9140' or runtime_env == 'TSG-server'
 
 - name: Template the vlan_flipping_map.conf - tsg-7400
   template:
@@ -103,7 +113,7 @@
     dest: /opt/tsg/tsg-os-provision/templates/vlan_flipping_map.conf.j2
   tags: template
   when:
-    - runtime_env == '7400mcn0'
+    - runtime_env == 'TSG-7400-mcn0'
 
 - name: Template the sapp_log.conf
   template:
@@ -166,7 +176,7 @@
     - { src: "{{ role_path }}/files/service_attach_startpre.conf.except_tera", mode: "0644" }
     - { src: "{{ role_path }}/files/tera_fake_promisc_setup.sh", mode: "0755" }
   when:
-    - runtime_env == '7400mcn0'
+    - runtime_env == 'TSG-7400-mcn0'
 
 - name: "replace action: replace service WantedBy from multi-user.target to workload.target"
   replace:
@@ -186,6 +196,12 @@
 
 
 ##################### sapp #####################
+- name: "systemctl daemon-reload"
+  systemd:
+    daemon_reload: yes
+  when: runtime_env == 'TSG-server'
+
+
 - name: "enable sapp"
   systemd:
     name: sapp
diff --git a/ansible/roles/sapp/templates/conflist.inf.j2.j2.SERVER b/ansible/roles/sapp/templates/conflist.inf.j2.j2.SERVER
new file mode 100644
index 00000000..03606379
--- /dev/null
+++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2.SERVER
@@ -0,0 +1,72 @@
+[platform]
+{% raw %}{% if wannat.enable == 1 %}
+./plug/platform/wannat/wangw.inf
+./plug/platform/wire_graft/wire_graft.inf
+{% endif %}
+{% if connsketch.enable is defined %}
+{% if connsketch.enable == 1 %}
+./plug/platform/app_proto_identify/app_proto_identify.inf
+{% endif %}
+{% else %}
+{% if sessionrecord.enable == 1 %}
+./plug/platform/app_proto_identify/app_proto_identify.inf
+{% endif %}
+{% endif %}
+./plug/platform/tsg_master/tsg_master.inf
+{% if app.identify_by.builtin_app_engine == 1 %}
+./plug/platform/app_proto_engine/app_proto_engine.inf
+{% endif %}
+{% if ddossketch.enable == 1 %}
+./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf
+{% endif %}
+{% endraw %}
+
+[protocol]
+./plug/protocol/mesa_sip/mesa_sip.inf
+./plug/protocol/rtp/rtp.inf
+./plug/protocol/ssl/ssl.inf
+./plug/protocol/http/http.inf
+./plug/protocol/dns/dns.inf
+./plug/protocol/mail/mail.inf
+./plug/protocol/ftp/ftp.inf
+./plug/protocol/quic/quic.inf
+./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf
+./plug/protocol/gtp/gtp.inf
+./plug/protocol/ssh/ssh.inf
+./plug/protocol/radius/radius.inf
+
+[business]
+{% raw %}{% if connsketch.enable is defined %}
+{% if connsketch.enable == 1 %}
+./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+{% endif %}
+{% else %}
+{% if sessionrecord.enable == 1 %}
+./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+{% endif %}
+{% endif %}
+{% if capturepacket.enable == 1 %}
+./plug/business/capture_packet_plug/capture_packet_plug.inf
+{% endif %}
+{% if proxy.enable == 1 %}
+./plug/business/kni/kni.inf
+{% endif %}
+{% if firewall.enable == 1 %}
+./plug/business/fw_ssl_plug/fw_ssl_plug.inf
+./plug/business/fw_http_plug/fw_http_plug.inf
+./plug/business/fw_dns_plug/fw_dns_plug.inf
+./plug/business/fw_mail_plug/fw_mail_plug.inf
+./plug/business/fw_ftp_plug/fw_ftp_plug.inf
+./plug/business/fw_quic_plug/fw_quic_plug.inf
+./plug/business/fw_voip_plug/fw_voip_plug.inf
+./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
+./plug/business/deal_socks/deal_socks.inf 
+{% endif %}
+./plug/business/conn_telemetry/conn_telemetry.inf
+{% if app.identify_by.user_defined_signature == 1 %}
+./plug/business/app_sketch_local/app_sketch_local.inf
+{% endif %}
+{% if radius.enable == 1 %}
+./plug/business/radius_collect_plug/radius_collect_plug.inf
+{% endif %}
+{% endraw %}
+\ No newline at end of file
diff --git a/ansible/roles/sapp/templates/gdev.conf.j2.j2 b/ansible/roles/sapp/templates/gdev.conf.j2.j2
index 7a3fe5ec..d6c9b87f 100644
--- a/ansible/roles/sapp/templates/gdev.conf.j2.j2
+++ b/ansible/roles/sapp/templates/gdev.conf.j2.j2
@@ -1,5 +1,6 @@
 [Module]
 pcapdevice={{ dp_steering_firewall.nic_internal }}
 sendto_gdev_card={{ dp_steering_firewall.nic_internal }}
-sendto_gdev_ip={% raw %}{{ gdev_conf_keep_alive_ip }}{% endraw %}
+sendto_gdev_ip={% raw %}{{ gdev_conf_keep_alive_ip }}
+{% endraw %}
 gdev_status_switch=1
diff --git a/ansible/roles/sapp/templates/sapp.toml.j2.j2 b/ansible/roles/sapp/templates/sapp.toml.j2.j2
index 4e5d0565..5e2b44f1 100644
--- a/ansible/roles/sapp/templates/sapp.toml.j2.j2
+++ b/ansible/roles/sapp/templates/sapp.toml.j2.j2
@@ -32,7 +32,8 @@ dictator_enable=1
         overlay_mode=vxlan
 {% endif %}
 {% if dp_steering_firewall.encapsulation == 'provision' %}
-        overlay_mode={% raw %}{{ sapp_overlay_mode }}{% endraw %}
+        overlay_mode={% raw %}{{ sapp_overlay_mode }}
+        {% endraw %}
 {% endif %}
     [packet_io.feature]
 	
@@ -80,10 +81,10 @@ dictator_enable=1
 
 ### note, interface.type options: [pag,pcap,marsio]
     [packet_io.internal.interface]
-{% if dp_steering_firewall.deployment == 'driver' %}
+{% if dp_steering_firewall.capture_packet == 'driver' %}
         type=marsio
 {% endif %}
-{% if dp_steering_firewall.deployment == 'pcap' %}
+{% if dp_steering_firewall.capture_packet == 'pcap' %}
         type=pcap
 {% endif %}
         name={{ dp_steering_firewall.nic_internal }}
diff --git a/ansible/roles/system-init-server/tasks/main.yml b/ansible/roles/system-init-server/tasks/main.yml
new file mode 100644
index 00000000..48899e1a
--- /dev/null
+++ b/ansible/roles/system-init-server/tasks/main.yml
@@ -0,0 +1,202 @@
+---
+- name: "Get watchdog rpm path"
+  find:
+    path: /tmp/rpm_download/
+    pattern: "watchdog-*"
+  register: watchdog_rpm_fullname
+
+- name: "Install watchdog from local path" 
+  yum: 
+    name: "{{ watchdog_rpm_fullname.files[0].path }}" 
+    state: present 
+
+- name: "set 90-SERVER.rules"
+  template:
+    src: "{{ role_path }}/templates/90-SERVER.rules.j2"
+    dest: /usr/lib/udev/rules.d/90-SERVER.rules
+    mode: 0644
+  tags: template
+
+- name: "set eth_pf_40G_0 cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_pf_40G_0.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_pf_40G_0
+  tags: template
+
+- name: "set eth_vf_raw cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_vf_raw.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_vf_raw
+  tags: template
+
+- name: "set eth_vf_dign_c cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_vf_dign_c.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_vf_dign_c
+  tags: template
+
+- name: "set eth_vf_dign_s cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_vf_dign_s.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_vf_dign_s
+  tags: template
+
+- name: "set eth_pf_40G_1 cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_pf_40G_1.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_pf_40G_1
+  tags: template
+
+- name: "set eth_vf_kni cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_vf_kni.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_vf_kni
+  tags: template
+
+- name: "set eth_vf_tfe cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_vf_tfe.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_vf_tfe
+  tags: template
+
+- name: "set eth_pf_mirr cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_pf_mirr.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_pf_mirr
+  tags: template
+
+- name: "set eth_pf_ctl cfg"
+  template:
+    src: "{{ role_path }}/templates/ifcfg-eth_pf_ctl.j2"
+    dest: /etc/sysconfig/network-scripts/ifcfg-eth_pf_ctl
+  tags: template
+
+- name: "set set-eth_vf_raw-macaddr.sh"
+  template:
+    src: "{{ role_path }}/templates/set-eth_vf_raw-macaddr.sh.j2"
+    dest: /usr/bin/set-eth_vf_raw-macaddr.sh
+    mode: 0777
+  tags: template
+
+- name: "copy setup.eth_vf_tfe.ips"
+  template:
+    src: "{{ role_path }}/templates/setup.eth_vf_tfe.ips.j2"
+    dest: /sbin/setup.eth_vf_tfe.ips
+    mode: 0777
+  tags: template
+
+- name: "set if-pre-up "
+  template:
+    src: "{{ role_path }}/templates/if-pre-up.j2"
+    dest: /etc/NetworkManager/dispatcher.d/pre-up.d/if-pre-up
+    mode: 0755
+  tags: template
+
+# systemctl set-property user.slice     CPUShares=1500 MemoryLimit=13G
+## systemctl set-property system.slice   CPUShares=1000 MemoryLimit=13G
+## systemctl set-property workload.slice CPUShares=7500 MemoryLimit=100G
+#
+# workload.slice
+- name: "Create /usr/lib/systemd/system/workload.slice.d/ directory if it does not exist"
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  with_items:
+    - /usr/lib/systemd/system/workload.slice.d/
+
+- name: "copy 50-CPUShares.conf to workload.slice.d"
+  copy:
+    src: "{{ role_path }}/templates/override_workload_slice_cpu.conf.j2"
+    dest: /usr/lib/systemd/system/workload.slice.d/50-CPUShares.conf
+    mode: 0644
+
+- name: "copy 50-MemoryLimit.conf to workload.slice.d"
+  copy:
+    src: "{{ role_path }}/templates/override_workload_slice_mem.conf.j2"
+    dest: /usr/lib/systemd/system/workload.slice.d/50-MemoryLimit.conf
+    mode: 0644
+
+# user.slice
+- name: "Create /usr/lib/systemd/system/user.slice.d/ directory if it does not exist"
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  with_items:
+    - /usr/lib/systemd/system/user.slice.d/
+
+- name: "copy 50-CPUShares.conf to user.slice.d"
+  copy:
+    src: "{{ role_path }}/templates/override_user_slice_cpu.conf.j2"
+    dest: /usr/lib/systemd/system/user.slice.d/50-CPUShares.conf
+    mode: 0644
+
+- name: "copy 50-MemoryLimit.conf to user.slice.d"
+  copy:
+    src: "{{ role_path }}/templates/override_user_slice_mem.conf.j2"
+    dest: /usr/lib/systemd/system/user.slice.d/50-MemoryLimit.conf
+    mode: 0644
+
+# system.slice
+- name: "Create /usr/lib/systemd/system/system.slice.d/ directory if it does not exist"
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  with_items:
+    - /usr/lib/systemd/system/system.slice.d/
+
+- name: "copy 50-CPUShares.conf to system.slice.d"
+  copy:
+    src: "{{ role_path }}/templates/override_system_slice_cpu.conf.j2"
+    dest: /usr/lib/systemd/system/system.slice.d/50-CPUShares.conf
+    mode: 0644
+
+- name: "copy 50-MemoryLimit.conf to system.slice.d"
+  copy:
+    src: "{{ role_path }}/templates/override_system_slice_mem.conf.j2"
+    dest: /usr/lib/systemd/system/system.slice.d/50-MemoryLimit.conf
+    mode: 0644
+
+## 启用 IPMI
+- name: "copy ipmi.conf to /etc/sysconfig/ipmi"
+  copy:
+    src: "{{ role_path }}/templates/ipmi.conf.j2"
+    dest: /etc/sysconfig/ipmi
+    mode: 0644
+
+- name: "enable ipmi"
+  systemd:
+    name: ipmi
+    enabled: yes
+
+## 启用 Watchdog
+- name: "copy watchdog.conf to /etc/watchdog.conf"
+  copy:
+    src: "{{ role_path }}/templates/watchdog.conf.j2"
+    dest: /etc/watchdog.conf
+    mode: 0644
+
+- name: "enable watchdog"
+  systemd:
+    name: watchdog
+    enabled: yes
+
+- name: "enable irqbalance"
+  systemd:
+    name: irqbalance
+    enabled: yes
+
+# 关闭DHCPDISCOVER
+- name: "set 90-SERVER-dracut.rules"
+  template:
+    src: "{{ role_path }}/templates/90-SERVER-dracut.rules.j2"
+    dest: /usr/lib/dracut/dracut.conf.d/90-SERVER-dracut.conf
+    mode: 0644
+  tags: template
+
+- name: "enable firewalld"
+  systemd:
+    name: firewalld
+    enabled: no
diff --git a/ansible/roles/system-init-server/templates/90-SERVER-dracut.rules.j2 b/ansible/roles/system-init-server/templates/90-SERVER-dracut.rules.j2
new file mode 100644
index 00000000..0469b190
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/90-SERVER-dracut.rules.j2
@@ -0,0 +1 @@
+omit_dracutmodules+="ifcfg network"
+\ No newline at end of file
diff --git a/ansible/roles/system-init-server/templates/90-SERVER.rules.j2 b/ansible/roles/system-init-server/templates/90-SERVER.rules.j2
new file mode 100644
index 00000000..72bf551d
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/90-SERVER.rules.j2
@@ -0,0 +1,47 @@
+# rename p4p1 to eth_pf_40G_0
+# rename p4p1_0 to eth_vf_raw
+# rename p4p1_1 to eth_vf_dign_c
+# rename p4p1_2 to eth_vf_dign_s
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:00.0", NAME:="eth_pf_40G_0"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:00.0",ATTR{device/sriov_numvfs}="3"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.0", NAME:="eth_vf_raw"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.1", NAME:="eth_vf_dign_c"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.2", NAME:="eth_vf_dign_s"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:00.0",ATTR{device/sriov/0/trunk}="add 0,4000,4001"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:00.0",RUN+="/usr/bin/set-eth_vf_raw-macaddr.sh"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.1",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 1 vlan 4000"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.2",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 2 vlan 4001"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.0",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 0 trust on"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.1",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 1 trust on"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.2",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 2 trust on"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.0",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 0 spoofchk off"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.0",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 0 state enable"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.1",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 1 state enable"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:02.2",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_0 vf 2 state enable"
+
+
+#rename p4p2 to eth_pf_40G_1
+#rename p4p2_0 to eth_vf_kni
+#rename p4p2_1 to eth_vf_tfe
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:00.1", NAME:="eth_pf_40G_1"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:00.1",ATTR{device/sriov_numvfs}="2"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:00.1",ATTR{/device/sriov/0/max_tx_rate}="10240"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:00.1",ATTR{/device/sriov/1/max_tx_rate}="10240"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.0", NAME:="eth_vf_kni"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.1", NAME:="eth_vf_tfe"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.0",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_1 vf 0 vlan 4095"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.1",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_1 vf 1 vlan 4095"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.0",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_1 vf 0 trust on"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.1",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_1 vf 1 trust on"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.0",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_1 vf 0 mac 00:0e:c6:d6:72:c1"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.1",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_1 vf 1 mac fe:65:b7:03:50:bd"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.0",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_1 vf 0 state enable"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:98:0a.1",PROGRAM+="/usr/sbin/ip link set eth_pf_40G_1 vf 1 state enable"
+
+#rename p5p1 to eth_pf_ctl
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:b1:00.0", NAME:="eth_pf_ctl"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:b1:00.0",PROGRAM+="/usr/sbin/ip link set eth_pf_ctl state enable"
+
+#rename p5p2 to eth_pf_mirr
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:b1:00.1", NAME:="eth_pf_mirr"
+ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:b1:00.1",PROGRAM+="/usr/sbin/ip link set eth_pf_mirr state enable"
diff --git a/ansible/roles/system-init-server/templates/if-pre-up.j2 b/ansible/roles/system-init-server/templates/if-pre-up.j2
new file mode 100644
index 00000000..03066245
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/if-pre-up.j2
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+INF="$1"
+STA="$2"
+if [ "$STA" == "pre-up" ]
+then
+  logger "$0 called for interface named $INF with $STA ..."
+  case "$INF" in
+          eth_vf_tfe) logger "Setting $STA $INF RPS ..."; /sbin/setup.eth_vf_tfe.ips $INF $STA;;
+  esac
+fi
+exit 0
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_pf_40G_0.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_pf_40G_0.j2
new file mode 100644
index 00000000..80e67984
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_pf_40G_0.j2
@@ -0,0 +1,14 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=none
+DEFROUTE=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_pf_40G_0
+DEVICE=eth_pf_40G_0
+ONBOOT=yes
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_pf_40G_1.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_pf_40G_1.j2
new file mode 100644
index 00000000..b1474d9b
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_pf_40G_1.j2
@@ -0,0 +1,14 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=none
+DEFROUTE=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_pf_40G_1
+DEVICE=eth_pf_40G_1
+ONBOOT=yes
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_pf_ctl.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_pf_ctl.j2
new file mode 100644
index 00000000..fa4d98db
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_pf_ctl.j2
@@ -0,0 +1,15 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=static
+DEFROUTE=yes
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_pf_ctl
+DEVICE=eth_pf_ctl
+ONBOOT=yes
+MTU=2000
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_pf_mirr.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_pf_mirr.j2
new file mode 100644
index 00000000..ff3e176c
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_pf_mirr.j2
@@ -0,0 +1,14 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=none
+DEFROUTE=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_pf_mirr
+DEVICE=eth_pf_mirr
+ONBOOT=yes
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_vf_dign_c.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_dign_c.j2
new file mode 100644
index 00000000..2298b881
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_dign_c.j2
@@ -0,0 +1,14 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=none
+DEFROUTE=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_vf_dign_c
+DEVICE=eth_vf_dign_c
+ONBOOT=yes
+\ No newline at end of file
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_vf_dign_s.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_dign_s.j2
new file mode 100644
index 00000000..616e9902
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_dign_s.j2
@@ -0,0 +1,14 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=none
+DEFROUTE=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_vf_dign_s
+DEVICE=eth_vf_dign_s
+ONBOOT=yes
+\ No newline at end of file
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_vf_kni.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_kni.j2
new file mode 100644
index 00000000..551b48d1
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_kni.j2
@@ -0,0 +1,14 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=none
+DEFROUTE=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_vf_kni
+DEVICE=eth_vf_kni
+ONBOOT=yes
+\ No newline at end of file
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_vf_raw.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_raw.j2
new file mode 100644
index 00000000..abb32da9
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_raw.j2
@@ -0,0 +1,14 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=none
+DEFROUTE=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_vf_raw
+DEVICE=eth_vf_raw
+ONBOOT=yes
+\ No newline at end of file
diff --git a/ansible/roles/system-init-server/templates/ifcfg-eth_vf_tfe.j2 b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_tfe.j2
new file mode 100644
index 00000000..f3ca5e74
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ifcfg-eth_vf_tfe.j2
@@ -0,0 +1,14 @@
+TYPE=Ethernet
+PROXY_METHOD=none
+BROWSER_ONLY=no
+BOOTPROTO=none
+DEFROUTE=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=no
+IPV6_DEFROUTE=no
+IPV6_FAILURE_FATAL=no
+IPV6_ADDR_GEN_MODE=stable-privacy
+NAME=eth_vf_tfe
+DEVICE=eth_vf_tfe
+ONBOOT=yes
+\ No newline at end of file
diff --git a/ansible/roles/system-init-server/templates/ipmi.conf.j2 b/ansible/roles/system-init-server/templates/ipmi.conf.j2
new file mode 100644
index 00000000..5634fb41
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/ipmi.conf.j2
@@ -0,0 +1,69 @@
+## Path:        Hardware/IPMI
+## Description: Enable standard hardware interfaces (KCS, BT, SMIC)
+## Type:        yesno
+## Default:     "yes"
+## Config:      ipmi
+# Enable standard hardware interfaces (KCS, BT, SMIC)
+# You probably want this enabled.
+# IPMI_SI disabled by OpenIPMI-modalias rpm scriplet
+IPMI_SI=no
+
+## Path:        Hardware/IPMI
+## Description: Enable /dev/ipmi0 interface, used by ipmitool, ipmicmd,
+## Type:        yesno
+## Default:     "yes"
+## Config:      ipmi
+# Enable /dev/ipmi0 interface, used by ipmitool, ipmicmd,
+# and other userspace IPMI-using applications.
+# You probably want this enabled.
+DEV_IPMI=yes
+
+## Path:        Hardware/IPMI
+## Description: Enable IPMI_WATCHDOG if you want the IPMI watchdog
+## Type:        yesno
+## Default:     "no"
+## Config:      ipmi
+# Enable IPMI_WATCHDOG if you want the IPMI watchdog
+# to reboot the system if it hangs
+IPMI_WATCHDOG=yes
+
+## Path:        Hardware/IPMI
+## Description: Watchdog options - modinfo ipmi_watchdog for details
+## Type:        string
+## Default:     "timeout=60"
+## Config:      ipmi
+# Watchdog options - modinfo ipmi_watchdog for details
+# watchdog timeout value in seconds
+# as there is no userspace ping application that runs during shutdown,
+# be sure to give it enough time for any device drivers to
+# do their cleanup (e.g. megaraid cache flushes)
+# without the watchdog triggering prematurely
+IPMI_WATCHDOG_OPTIONS="timeout=600 action=reset"
+
+## Path:        Hardware/IPMI
+## Description: Enable IPMI_POWEROFF if you want the IPMI poweroff module to be loaded.
+## Type:        yesno
+## Default:     "no"
+## Config:      ipmi
+# Enable IPMI_POWEROFF if you want the IPMI
+# poweroff module to be loaded.
+IPMI_POWEROFF=no
+
+## Path:        Hardware/IPMI
+## Description: Enable IPMI_POWERCYCLE if you want the system to be power-cycled on reboot
+## Type:        yesno
+## Default:     "no"
+## Config:      ipmi
+# Enable IPMI_POWERCYCLE if you want the system to be power-cycled (power
+# down, delay briefly, power on) rather than power off, on systems
+# that support such.  IPMI_POWEROFF=yes is also required.
+IPMI_POWERCYCLE=no
+
+## Path:        Hardware/IPMI
+## Description: Enable "legacy" interfaces for applications
+## Type:        yesno
+## Default:     "no"
+## Config:      ipmi
+# Enable "legacy" interfaces for applications
+# Intel IMB driver interface
+IPMI_IMB=no
diff --git a/ansible/roles/system-init-server/templates/override_system_slice_cpu.conf.j2 b/ansible/roles/system-init-server/templates/override_system_slice_cpu.conf.j2
new file mode 100644
index 00000000..f28071c2
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/override_system_slice_cpu.conf.j2
@@ -0,0 +1,2 @@
+[Slice]
+CPUShares=1000
diff --git a/ansible/roles/system-init-server/templates/override_system_slice_mem.conf.j2 b/ansible/roles/system-init-server/templates/override_system_slice_mem.conf.j2
new file mode 100644
index 00000000..38c3bf72
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/override_system_slice_mem.conf.j2
@@ -0,0 +1,2 @@
+[Slice]
+MemoryLimit=13G
diff --git a/ansible/roles/system-init-server/templates/override_user_slice_cpu.conf.j2 b/ansible/roles/system-init-server/templates/override_user_slice_cpu.conf.j2
new file mode 100644
index 00000000..bca6bd76
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/override_user_slice_cpu.conf.j2
@@ -0,0 +1,2 @@
+[Slice]
+CPUShares=1500
diff --git a/ansible/roles/system-init-server/templates/override_user_slice_mem.conf.j2 b/ansible/roles/system-init-server/templates/override_user_slice_mem.conf.j2
new file mode 100644
index 00000000..38c3bf72
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/override_user_slice_mem.conf.j2
@@ -0,0 +1,2 @@
+[Slice]
+MemoryLimit=13G
diff --git a/ansible/roles/system-init-server/templates/override_workload_slice_cpu.conf.j2 b/ansible/roles/system-init-server/templates/override_workload_slice_cpu.conf.j2
new file mode 100644
index 00000000..0ad6b44b
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/override_workload_slice_cpu.conf.j2
@@ -0,0 +1,2 @@
+[Slice]
+CPUShares=7500
diff --git a/ansible/roles/system-init-server/templates/override_workload_slice_mem.conf.j2 b/ansible/roles/system-init-server/templates/override_workload_slice_mem.conf.j2
new file mode 100644
index 00000000..4d9ac358
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/override_workload_slice_mem.conf.j2
@@ -0,0 +1,2 @@
+[Slice]
+MemoryLimit=100G
diff --git a/ansible/roles/system-init-server/templates/set-eth_vf_raw-macaddr.sh.j2 b/ansible/roles/system-init-server/templates/set-eth_vf_raw-macaddr.sh.j2
new file mode 100644
index 00000000..bee7207d
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/set-eth_vf_raw-macaddr.sh.j2
@@ -0,0 +1,5 @@
+#!/bin/sh
+echo --------------------  set eth_vf_raw macaddr  --------------------
+macaddr='{{ dp_steering_firewall.nic_internal_mac }}'
+echo eth_vf_raw macaddr:$macaddr
+echo $macaddr > /sys/class/net/eth_pf_40G_0/device/sriov/0/mac
+\ No newline at end of file
diff --git a/ansible/roles/system-init-server/templates/setup.eth_vf_tfe.ips.j2 b/ansible/roles/system-init-server/templates/setup.eth_vf_tfe.ips.j2
new file mode 100644
index 00000000..d3fed813
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/setup.eth_vf_tfe.ips.j2
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+INF="$1"
+STA="$2"
+
+if [ "$INF" == "eth_vf_tfe" ]
+then
+  logger "$0: Interface $INF with $STA ,Set $INF RPS ..."
+  echo 00,00000000,00000000,0001fffe > /sys/class/net/eth_vf_tfe/queues/rx-0/rps_cpus
+  echo 00,00000000,00000000,0001fffe > /sys/class/net/eth_vf_tfe/queues/rx-1/rps_cpus
+  echo 00,00000000,00000000,0001fffe > /sys/class/net/eth_vf_tfe/queues/rx-2/rps_cpus
+  echo 00,00000000,00000000,0001fffe > /sys/class/net/eth_vf_tfe/queues/rx-3/rps_cpus
+fi
+\ No newline at end of file
diff --git a/ansible/roles/system-init-server/templates/watchdog.conf.j2 b/ansible/roles/system-init-server/templates/watchdog.conf.j2
new file mode 100644
index 00000000..978c9ed3
--- /dev/null
+++ b/ansible/roles/system-init-server/templates/watchdog.conf.j2
@@ -0,0 +1,51 @@
+#ping			= 172.31.14.1
+#ping			= 172.26.1.255
+#interface		= eth0
+#file			= /var/log/messages
+#change			= 1407
+
+# Uncomment to enable test. Setting one of these values to '0' disables it.
+# These values will hopefully never reboot your machine during normal use
+# (if your machine is really hung, the loadavg will go much higher than 25)
+#max-load-1		= 24
+#max-load-5		= 18
+#max-load-15		= 12
+
+# Note that this is the number of pages!
+# To get the real size, check how large the pagesize is on your machine.
+#min-memory		= 1
+
+# With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/
+# or /etc/watchdog.d/ for your test-binary and repair-binary configuration.
+#repair-binary		= /usr/sbin/repair
+#repair-timeout		= 
+#test-binary		= 
+#test-timeout		= 
+
+watchdog-device	= /dev/watchdog
+
+# Defaults compiled into the binary
+#temperature-device	=
+#max-temperature	= 120
+
+# Defaults compiled into the binary
+#admin			= root
+interval		= 20
+#logtick                = 1
+#log-dir		= /var/log/watchdog
+
+# This greatly decreases the chance that watchdog won't be scheduled before
+# your machine is really loaded
+realtime		= yes
+priority		= 1
+
+# When using custom service pid check with custom service
+# systemd unit file please be aware the "Requires="
+# does dependent service deactivation.
+# Using "Before=watchdog.service" or "Before=watchdog-ping.service"
+# in the custom service unit file may be the desired operation instead.
+# See man 5 systemd.unit for more details.
+#
+# Check if rsyslogd is still running by enabling the following line
+#pidfile		= /var/run/rsyslogd.pid   
+
diff --git a/ansible/roles/tfe/tasks/main.yml b/ansible/roles/tfe/tasks/main.yml
index 8612604d..3a27cc16 100644
--- a/ansible/roles/tfe/tasks/main.yml
+++ b/ansible/roles/tfe/tasks/main.yml
@@ -10,8 +10,22 @@
     dest: /usr/lib/systemd/system/
     mode: 0644
 
-- name: "Install  tfe"
-  shell: rpm -i /tmp/rpm_download/{{ tfe_rpm_version.tfe }}*
+- name: "Get tfe rpm final version"
+  set_fact: 
+    tfe_rpm_final_version: "{{ item.value }}"
+  when: item.key is search("tfe")
+  with_dict: "{{ tfe_rpm_version }}"
+
+- name: "Get tfe rpm path"
+  find:
+    path: /tmp/rpm_download/
+    pattern: "{{ tfe_rpm_final_version }}*"
+  register: tfe_rpm_fullname
+
+- name: "Install tfe from local path" 
+  yum: 
+    name: "{{ tfe_rpm_fullname.files[0].path }}" 
+    state: present 
 
 - name: "tfe:copy cert file to device"
   copy:
@@ -86,6 +100,11 @@
     - /usr/lib/systemd/system/tfe.service
 
 ##################### tfe #####################
+- name: "systemctl daemon-reload"
+  systemd:
+    daemon_reload: yes
+  when: runtime_env == 'TSG-server'
+
 - name: "enable tfe-env"
   systemd:
     name: tfe-env
diff --git a/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2 b/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2
index 559652d1..beba04b1 100644
--- a/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2
+++ b/ansible/roles/tfe/templates/pangu_pxy.conf.j2.j2
@@ -51,8 +51,10 @@ log_fsstat_dst_port=8125
 #hijack flow control
 enable=0
 token_name=ratelimit
-redis_server={% raw %}{{ cm_policy_server_ip }}{% endraw %}
-redis_port={% raw %}{{ cm_policy_server_port }}{% endraw %}
+redis_server={% raw %}{{ cm_policy_server_ip }}
+{% endraw %}
+redis_port={% raw %}{{ cm_policy_server_port }}
+{% endraw %}
 redis_db_index=6
 
 [tango_cache]
diff --git a/ansible/roles/tfe/templates/tfe.conf.j2.j2 b/ansible/roles/tfe/templates/tfe.conf.j2.j2
index 9083c564..61d905e0 100644
--- a/ansible/roles/tfe/templates/tfe.conf.j2.j2
+++ b/ansible/roles/tfe/templates/tfe.conf.j2.j2
@@ -1,5 +1,5 @@
 [system]
-nr_worker_threads={{ dp_proxy.worker_thread }}
+nr_worker_threads={{ workload_proxy.worker_thread }}
 enable_kni_v1=0
 enable_kni_v2=0
 enable_kni_v3=1
@@ -35,8 +35,8 @@ breakpad_upload_tools=/opt/tsg/framework/bin/minidump_upload
 # ask for at least (1 + nr_worker_threads) masks
 # the first  mask for acceptor thread
 # the others mask for worker   thread
-enable_cpu_affinity={{ dp_proxy.enable_cpu_affinity }}
-cpu_affinity_mask={{ dp_proxy.cpu_affinity }}
+enable_cpu_affinity={{ workload_proxy.enable_cpu_affinity }}
+cpu_affinity_mask={{ workload_proxy.cpu_affinity }}
 
 # LEAST_CONN = 0; ROUND_ROBIN = 1
 load_balance=1
@@ -134,11 +134,11 @@ sasl_passwd=galaxy2019
 #0 on cache 1 off cache
 no_cache=0
 mode=normal
-{% if dp_certstore == 'local' %}
+{% if dp_certstore.location == 'local' %}
 cert_store_host=127.0.0.1
 {% endif %}
-{% if dp_certstore == 'foreign'%}
-cert_store_host=
+{% if dp_certstore.location == 'foreign'%}
+cert_store_host=192.168.100.1
 {% endif %}
 cert_store_port=9991
 ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
@@ -228,8 +228,10 @@ deferred_load_on=0
 json_cfg_file=resource/pangu/pangu_http.json
 
 # redis mode conf iterm
-maat_redis_server={% raw %}{{ cm_policy_server_ip }}{% endraw %}
-maat_redis_port_range={% raw %}{{ cm_policy_server_port }}{% endraw %}
+maat_redis_server={% raw %}{{ cm_policy_server_ip }}
+{% endraw %}
+maat_redis_port_range={% raw %}{{ cm_policy_server_port }}
+{% endraw %}
 {% raw %}maat_redis_db_index={{ cm.policy_server.db_static }}
 {% endraw %}
 
diff --git a/ansible/roles/tsg-diagnose/tasks/main.yml b/ansible/roles/tsg-diagnose/tasks/main.yml
index c9fcf688..cc076b5d 100644
--- a/ansible/roles/tsg-diagnose/tasks/main.yml
+++ b/ansible/roles/tsg-diagnose/tasks/main.yml
@@ -1,5 +1,16 @@
-- name: "Install  tsg-diagnose"
-  shell: rpm -i /tmp/rpm_download/{{ tsg_diagnose_rpm_version.tsg_diagnose }}*
+#- name: "Install  tsg-diagnose"
+#  shell: rpm -i /tmp/rpm_download/{{ tsg_diagnose_rpm_version.tsg_diagnose }}*
+#
+- name: "Get tsg_diagnose rpm path"
+  find:
+    path: /tmp/rpm_download/
+    pattern: "{{ tsg_diagnose_rpm_version.tsg_diagnose }}*"
+  register: tsg_diagnose_rpm_fullname
+
+- name: "Install tsg_diagnose from local path" 
+  yum: 
+    name: "{{ tsg_diagnose_rpm_fullname.files[0].path }}" 
+    state: present 
 
 - name: "Templates docker-compose.yml"
   template:
diff --git a/ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml b/ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml
index e100ee83..6a1df4b2 100644
--- a/ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml
+++ b/ansible/roles/tsg-exporter-proxy-9140/tasks/main.yml
@@ -43,7 +43,7 @@
     replace: 'WantedBy=workload.target'
   with_items:
     - /usr/lib/systemd/system/exporter-proxy.service
-  when: runtime_env == '9140'
+  when: runtime_env == 'TSG-9140'
 
 - name: 'exporter-proxy service start'
   systemd:
diff --git a/ansible/roles/tsg-os-provision-condition/tasks/main.yml b/ansible/roles/tsg-os-provision-condition/tasks/main.yml
index 9e4a2e2f..e6ee5ab7 100644
--- a/ansible/roles/tsg-os-provision-condition/tasks/main.yml
+++ b/ansible/roles/tsg-os-provision-condition/tasks/main.yml
@@ -14,7 +14,7 @@
     - telegraf_statistic
     - tfe-env
     - tfe
-  when: runtime_env == '9140'
+  when: runtime_env == 'TSG-9140' or 'TSG-server'
 
 - name: "add condition into service depend provision result TSG7400 MCN0"
   copy:
@@ -30,7 +30,7 @@
     - mrzcpd
     - sapp
     - telegraf_statistic
-  when: runtime_env == '7400mcn0'
+  when: runtime_env == 'TSG-7400-mcn0'
 
 - name: "add condition into service depend provision result TSG7400 MCN0"
   copy:
@@ -44,4 +44,4 @@
     - mrzcpd
     - tfe-env
     - tfe
-  when: runtime_env == '7400mcn123'
+  when: runtime_env == 'TSG-7400-mcn123'
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER
new file mode 100644
index 00000000..0df57a7e
--- /dev/null
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER
@@ -0,0 +1,72 @@
+feature:
+  enable_stream_bypass_under_ddos: 0
+
+firewall:
+  enable: 1
+  enable_hos: 1
+
+proxy:
+  enable: 1
+  enable_hos: 1
+
+sessionrecord:
+  enable: 1
+  enable_dns_record: 1
+  enable_rtp_record: 1
+
+capturepacket:
+  enable: 1
+
+radius:
+  enable: 1
+
+gtp:
+  enable_gtp_c_record: 1
+
+wannat:
+  enable: 0
+  nat_gateway_address: "127.0.0.1"
+  reachability_test_server_address: "127.0.0.1"
+  reachability_test_server_port: 8888
+  feedback_linkinfo_interval: 30
+  nat_gateway_broadcast_session_port: 5671
+  reachability_test_server_broadcast_session_port: 5672
+  reachability_test_server_tunnel_port: 3542
+  wan_gateway_listen_port_range_left_edge: 3545
+  nat_gateway_listen_port: 3544
+  enable_link_info_recording: 1
+
+ddossketch:
+  enable: 1
+  tcp_flood_report_thresh: 0.0008
+  udp_flood_report_thresh: 0.0008
+  icmp_flood_report_thresh: 0.0008
+  dns_flood_report_thresh: 0.0008
+
+app:
+  identify_by:
+    user_defined_signature: 1
+    builtin_app_engine: 1
+
+coredump:
+  format: none
+  collect: local
+  sentry_url: http://127.0.0.1:9000/api/2/minidump/
+
+advanced_settings:
+  stream_tcp_max: 50000
+  stream_tcp_timeout: 30
+  stream_udp_max: 50000
+  stream_udp_timeout: 60
+  stream_bypass_trigger_cpu_usage: 90
+
+cm:
+  policy_server:
+    port_num: 1
+    db_static: 0
+    db_dynamic: 1
+
+#####session_distribution_policy.hash_key in [outer-most-sip-dip,outer-most-sip-dip-sport-dport,inner-most-sip-dip,inner-most-sip-dip-sport-dport]
+session_distribution_policy:
+  mode: sym-hash
+  hash_key: inner-most-sip-dip
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER
new file mode 100644
index 00000000..ec6a5d24
--- /dev/null
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER
@@ -0,0 +1,70 @@
+version: 1
+
+device:
+  tags:
+    - key1: value1
+    - key2: value2
+
+session_id_generator:
+  snowflake_worker_id_base: 1
+  snowflake_worker_id_offset: 1
+
+
+feature:
+  enable_stream_bypass_under_ddos: 0
+
+firewall:
+  enable: 0/1
+
+proxy:
+  enable: 0/1
+
+sessionrecord:
+  enable: 0/1
+  enable_dns_record: 0/1
+  enable_rtp_record: 0/1
+
+capturepacket:
+  enable: 0/1
+
+radius:
+  enable: 0/1
+
+gtp:
+  enable_gtp_c_record: 0/1
+
+wannat:
+  enable: 0/1
+  natgw_address: "127.0.0.1"
+  toroad_address: "127.0.0.1"
+  toroad_port: 8888
+
+ddossketch:
+  enable: 0/1
+
+app:
+  identify_by:
+    user_defined_signature: 0/1
+    builtin_app_engine: 0/1
+
+cm:
+  policy_server:
+    address: "127.0.0.1"
+    port: 7002
+
+olap:
+  kafka_broker:
+    address_list: ['1.1.1.1:9092','2.2.2.2:9092']
+  hos_server:
+    address: "127.0.0.1"
+    port: 9098
+
+inline_device_settings:
+  keepalive:
+    ip: 127.0.0.1
+    mask: 255.255.255.0
+
+coredump:
+  format: minidump/core/none
+  collect: local/sentry
+  sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.SERVER b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.SERVER
new file mode 100644
index 00000000..5888dcc0
--- /dev/null
+++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.SERVER
@@ -0,0 +1,219 @@
+---
+- hosts: provision
+  tasks:
+    - name: Delete porvision successed sign
+      file:
+        path: /data/tsg-os-provision/.provision_succeeded
+        state: absent
+
+    - name: Load default config file variable
+      include_vars:
+        file: /opt/tsg/tsg-os-provision/provision.default.yml
+
+    - name: Load general config file variable 
+      include_vars:
+        file: /data/tsg-os-provision/provision.yml
+
+    - name: Load provision.yml.d config file variable
+      include_vars:
+        dir: /data/tsg-os-provision/provision.yml.d/
+        ignore_unknown_extensions: yes
+        extensions:
+          - 'yml'
+          - 'yaml'
+
+    - name: "mkdir /opt/tsg/etc/"
+      file:
+        path: /opt/tsg/etc
+        state: directory
+
+    - name: "tsg-os-provision: ldconfig"
+      shell: ldconfig
+
+    - name: "tsg-os-provision: obtain sn"
+      shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
+      register: result_exec_obtain_sn_and_write_sn_in_file
+
+    - name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file"
+      assert:
+        that:
+          - result_exec_obtain_sn_and_write_sn_in_file.rc == 0
+          - result_exec_obtain_sn_and_write_sn_in_file.failed == False
+        fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}"
+        success_msg: "Successded: obtain the sn and write sn into tsg_sn.json"
+
+    - name: "set cm_policy_server_ip  and cm_policy_server_port"
+      set_fact:
+        cm_policy_server_ip: "{{cm.policy_server.address}}"
+        cm_policy_server_port: "{{ cm.policy_server.port }}"
+
+    - name: "set gdev_conf_keep_alive_ip variable"
+      set_fact:
+        gdev_conf_keep_alive_ip: "{{ inline_device_settings.keepalive.ip }}"
+
+    - name: "tsg-os-provision: Template the conflist.inf"
+      template:
+        src: ../templates/conflist.inf.j2
+        dest: /opt/tsg/sapp/plug/conflist.inf
+      tags: sapp
+
+    - name: "tsg-os-provision: template gdev.conf file"
+      template:
+        src: "../templates/gdev.conf.j2"
+        dest: /opt/tsg/sapp/etc/gdev.conf
+      tags: sapp
+
+    - name: "tsg-os-provision: template mrglobal.conf file"
+      template:
+        src: "../templates/mrglobal.conf.j2"
+        dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
+      tags: mrzcpd
+
+    - name: "tsg-os-provision: template certstore configure file"
+      template:
+        src: "../templates/cert_store.ini.j2"
+        dest: /opt/tsg/certstore/conf/cert_store.ini
+      tags: certstore
+  
+    - name: "tsg-os-provision: Template the tsgconf/main.conf"
+      template:
+        src: "../templates/main.conf.j2"
+        dest: /opt/tsg/sapp/tsgconf/main.conf
+      tags: firewall
+  
+    - name: "tsg-os-provision: Template the tsgconf/maat.conf"
+      template:
+        src: "../templates/maat.conf.j2"
+        dest: /opt/tsg/sapp/tsgconf/maat.conf
+      tags: firewall
+
+    - name: "tsg-os-provision: Template the tsg_conn_sketch.inf"
+      template:
+        src: "../templates/tsg_conn_sketch.inf.j2"
+        dest: /opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+      tags: firewall
+
+    - name: "tsg-os-provision: Template the sapp.toml"
+      template:
+        src: "../templates/sapp.toml.j2"
+        dest: /opt/tsg/sapp/etc/sapp.toml
+      tags: sapp
+  
+    - name: "tsg-os-provision: Templates telegraf.conf"
+      template:
+        src: "../templates/telegraf_statistic.conf.j2"
+        dest: /etc/telegraf/telegraf_statistic.conf
+      tags: telegraf_statistic
+  
+    - name: "tsg-os-provision: template the tfe.conf"
+      template:
+        src: "../templates/tfe.conf.j2"
+        dest: /opt/tsg/tfe/conf/tfe/tfe.conf
+      tags: tfe
+  
+    - name: "tsg-os-provision: template the pangu_pxy.conf"
+      template:
+        src: "../templates/pangu_pxy.conf.j2"
+        dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
+      tags: tfe
+
+    - name: "mkdir /opt/tsg/etc/"
+      file:
+        path: /opt/tsg/etc
+        state: directory
+
+    - name: "tsg-os-provision: template the tsg_device_tag"
+      template:
+        src: "../templates/tsg_device_tag.json.j2"
+        dest: /opt/tsg/etc/tsg_device_tag.json
+      tags: tsg_device_tag
+
+    - name: "tsg-os-provision: template wannat wangw.conf file"
+      template:
+        src: "../templates/wangw.conf.j2"
+        dest: /opt/tsg/sapp/etc/wannat/wangw.conf
+      tags: wangw
+
+    - name: "tsg-os-provision: template wire_graft.conf file"
+      template:
+        src: "../templates/wire_graft.conf.j2"
+        dest: /opt/tsg/sapp/etc/wire_graft/wire_graft.conf
+      tags: wire_graft
+
+    - name: "tsg-os-provision: coredump setup override - mkdir"
+      file:
+        path: /usr/lib/systemd/coredump.conf.d/
+        state: directory
+
+    - name: "tsg-os-provision: coredump setup override - override"
+      template:
+        src: "../templates/coredump_setup_override.conf.j2"
+        dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
+
+    - name: 'tsg-os-provision: execute command - systemctl daemon-reload'
+      systemd:
+        daemon_reload: yes
+
+    - name: "tsg-os-provision: snapshot the stage2 config files"
+      copy:
+        src: /data/tsg-os-provision/provision.yml
+        dest: /data/tsg-os-provision/provision.yml.snapshot
+
+    - name: add porvision successed sign
+      file:
+        path: /data/tsg-os-provision/.provision_succeeded
+        state: touch
+
+    - name: "tsg-os-provision: start mrenv"
+      systemd:
+        name: mrenv
+        state: started
+      when: enable_config_apply == '1'
+
+    - name: "tsg-os-provision: start mrzcpd"
+      systemd:
+        name: mrzcpd
+        state: started
+      when: enable_config_apply == '1'
+
+    - name: "tsg-os-provision: restart mrapm_device"
+      systemd:
+        name: mrapm_device
+        state: restarted
+      when: enable_config_apply == '1'
+
+    - name: "tsg-os-provision: restart mrapm_stream"
+      systemd:
+        name: mrapm_stream
+        state: restarted
+      when: enable_config_apply == '1'
+
+    - name: "tsg-os-provision: restart telegraf_statistic"
+      systemd:
+        name: telegraf_statistic
+        state: restarted
+      when: enable_config_apply == '1'
+
+    - name: "tsg-os-provision: restart certstore"
+      systemd:
+        name: certstore
+        state: restarted
+      when: enable_config_apply == '1'
+
+    - name: "tsg-os-provision: restart cert-redis"
+      systemd:
+        name: cert-redis
+        state: restarted
+      when: enable_config_apply == '1'
+
+    - name: "tsg-os-provision: restart sapp"
+      systemd:
+        name: sapp
+        state: restarted
+      when: enable_config_apply == '1'
+
+    - name: "tsg-os-provision: restart tfe"
+      systemd:
+        name: tfe
+        state: restarted
+      when: enable_config_apply == '1'
diff --git a/ansible/roles/tsg-os-provision/tasks/main.yml b/ansible/roles/tsg-os-provision/tasks/main.yml
index a9ae7af4..5109030e 100644
--- a/ansible/roles/tsg-os-provision/tasks/main.yml
+++ b/ansible/roles/tsg-os-provision/tasks/main.yml
@@ -12,6 +12,15 @@
     - "/opt/tsg/tsg-os-provision/templates/"
     - "/opt/tsg/tsg-os-provision/scripts/"
 
+- name: "tsg-os-provision: build data dicretory"
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "/data/tsg-os-provision/provision.yml.d/"
+    - "/data/tsg-os-provision/"
+  when: runtime_env == 'TSG-server'
+
 - name: "tsg-os-provision: copy hosts file dest"
   copy:
     src: "{{ role_path }}/files/hosts"
@@ -38,64 +47,84 @@
     src: "{{ role_path }}/files/tasks/provision.yml.9000NPBP01R01"
     dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
     mode: 0644
-  when: runtime_env == '9140'
+  when: runtime_env == 'TSG-9140'
+
+- name: "tsg-os-provision: copy tasks file that excutes provision to dest  - tsg-server"
+  copy:
+    src: "{{ role_path }}/files/tasks/provision.yml.SERVER"
+    dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
+    mode: 0644
+  when: runtime_env == 'TSG-server'
 
 - name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg7400 mcn0"
   copy:
     src: "{{ role_path }}/files/tasks/provision.yml.7400MCN0P01R01"
     dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
     mode: 0644
-  when: runtime_env == '7400mcn0'
+  when: runtime_env == 'TSG-7400-mcn0'
 
 - name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg7400 mcn1 mcn2 mcn3"
   copy:
     src: "{{ role_path }}/files/tasks/provision.yml.7400MCN123P01R01"
     dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
     mode: 0644
-  when: runtime_env == '7400mcn123'
+  when: runtime_env == 'TSG-7400-mcn123'
 
 - name: "tsg-os-provision: copy provision.yml.sample file to dest - tsg9140"
   copy:
     src: "{{ role_path }}/files/config_sample/provision.yml.sample.9000NPBP01R01"
     dest: /opt/tsg/tsg-os-provision/provision.yml.sample
     mode: 0644
-  when: runtime_env == '9140'
+  when: runtime_env == 'TSG-9140'
 
 - name: "tsg-os-provision: copy provision.default.yml - tsg7400 mcn0"
   copy:
     src: "{{ role_path }}/files/config_sample/provision.default.yml.7400MCN0P01R01"
     dest: /opt/tsg/tsg-os-provision/provision.default.yml
     mode: 0644
-  when: runtime_env == '7400mcn0'
+  when: runtime_env == 'TSG-7400-mcn0'
 
 - name: "tsg-os-provision: copy provision.default.yml - tsg7400 mcn123"
   copy:
     src: "{{ role_path }}/files/config_sample/provision.default.yml.7400MCN123P01R01"
     dest: /opt/tsg/tsg-os-provision/provision.default.yml
     mode: 0644
-  when: runtime_env == '7400mcn123'
+  when: runtime_env == 'TSG-7400-mcn123'
 
 - name: "tsg-os-provision: copy provision.default.yml - tsg9140"
   copy:
     src: "{{ role_path }}/files/config_sample/provision.default.yml.9000NPBP01R01"
     dest: /opt/tsg/tsg-os-provision/provision.default.yml
     mode: 0644
-  when: runtime_env == '9140'
+  when: runtime_env == 'TSG-9140'
+
+- name: "tsg-os-provision: copy provision.default.yml - tsg server"
+  copy:
+    src: "{{ role_path }}/files/config_sample/provision.default.yml.SERVER"
+    dest: /opt/tsg/tsg-os-provision/provision.default.yml
+    mode: 0644
+  when: runtime_env == 'TSG-server'
 
 - name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0"
   copy:
     src: "{{ role_path }}/files/config_sample/provision.yml.sample.7400MCN0P01R01"
     dest: /opt/tsg/tsg-os-provision/provision.yml.sample
     mode: 0644
-  when: runtime_env == '7400mcn0'
+  when: runtime_env == 'TSG-7400-mcn0'
 
 - name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn1 mcn2 mcn3"
   copy:
     src: "{{ role_path }}/files/config_sample/provision.yml.sample.7400MCN123P01R01"
     dest: /opt/tsg/tsg-os-provision/provision.yml.sample
     mode: 0644
-  when: runtime_env == '7400mcn123'
+  when: runtime_env == 'TSG-7400-mcn123'
 
+- name: "tsg-os-provision: copy provision.yml.sample to dest - tsg server"
+  copy:
+    src: "{{ role_path }}/files/config_sample/provision.yml.sample.SERVER"
+    dest: /opt/tsg/tsg-os-provision/provision.yml.sample
+    mode: 0644
+  when: runtime_env == 'TSG-server'
 
 - name: "tsg-os-provision: copy provision.sh file to dest"
   copy:
@@ -113,7 +142,7 @@
     mode: 0644
   with_items:
     - { "src": tsg-os-provision.service.TSG7400, "dest": tsg-os-provision.service }
-  when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123'
+  when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
 
 - name: "replace action: replace service WantedBy from multi-user.target to workload.target --TSG7400"
   replace:
@@ -122,7 +151,7 @@
     replace: 'RequiredBy=workload.target'
   with_items:
     - /usr/lib/systemd/system/tsg-os-provision.service
-  when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123'
+  when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
 
 - name: "tsg-os-provision: enable tsg-os-provison -- TSG7400"
   systemd:
@@ -130,7 +159,7 @@
     enabled: yes
   with_items:
     - tsg-os-provision
-  when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123'
+  when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
 
 - name: "install tsg-os-provision.service -- TSG9140"
   copy:
@@ -139,13 +168,13 @@
     mode: 0644
   with_items:
     - { "src": tsg-os-provision.service.TSG9140, "dest": tsg-os-provision.service }
-  when: runtime_env == '9140'
+  when: runtime_env == 'TSG-9140' or runtime_env == 'TSG-server'
 
 - name: "replace action: add service into sysinit.target --TSG9140"
   shell: ln -vfs --relative /usr/lib/systemd/system/{{item}} /usr/lib/systemd/system/sysinit.target.wants/{{item}}
   with_items:
     - tsg-os-provision.service
-  when: runtime_env == '9140'
+  when: runtime_env == 'TSG-9140' or runtime_env == 'TSG-server'
 
 
 - name: "tsg-os-provision: copy tsg-start.sh to dest - tsg9140"
@@ -153,7 +182,7 @@
     src: "{{ role_path }}/files/script/provision-config-apply"
     dest: /opt/tsg/tsg-os-provision/
     mode: 0755
-  when: runtime_env == '9140'
+  when: runtime_env == 'TSG-9140' or runtime_env == 'TSG-server'
 
 #- name: "tsg-os-provision: install yaml module using pip3"
 #  pip:
diff --git a/ansible/roles/tsg_sn/files/obtain_sn.sh.TSGSERVER b/ansible/roles/tsg_sn/files/obtain_sn.sh.TSGSERVER
new file mode 100644
index 00000000..ed38b215
--- /dev/null
+++ b/ansible/roles/tsg_sn/files/obtain_sn.sh.TSGSERVER
@@ -0,0 +1,10 @@
+#!/bin/bash -x
+
+sn=`ipmitool fru list |grep 'Product Serial' | awk '{ print $4}'`
+if [  -z "$sn" ];then
+    echo "{\"sn\": \"unknown\"}" > /opt/tsg/etc/tsg_sn.json
+    echo "device_id=\"unknown\"" > /etc/default/telegraf
+    exit 0
+fi
+echo "{\"sn\": \"$sn\"}" > /opt/tsg/etc/tsg_sn.json
+echo "device_id=\"$sn\"" > /etc/default/telegraf
diff --git a/ansible/roles/tsg_sn/tasks/main.yml b/ansible/roles/tsg_sn/tasks/main.yml
index b93ac15b..94fdee53 100644
--- a/ansible/roles/tsg_sn/tasks/main.yml
+++ b/ansible/roles/tsg_sn/tasks/main.yml
@@ -7,11 +7,18 @@
   with_items:
     - { "src": "obtain_sn.sh.TSG7400", "dest": "obtain_sn.sh" }
     - { "src": "cmm_api_tst", "dest": "cmm_api_tst" }
-  when: runtime_env == '7400mcn0' or runtime_env == '7400mcn123'
+  when: runtime_env == 'TSG-7400-mcn0' or runtime_env == 'TSG-7400-mcn123'
 
 - name: "deploy obtain sn - tsg-9140"
   copy:
     src: "{{ role_path }}/files/obtain_sn.sh.TSG9140"
     dest: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
     mode: 0755
-  when: runtime_env == '9140'
-\ No newline at end of file
+  when: runtime_env == 'TSG-9140'
+
+- name: "deploy obtain sn - tsg-server"
+  copy:
+    src: "{{ role_path }}/files/obtain_sn.sh.TSGSERVER"
+    dest: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
+    mode: 0755
+  when: runtime_env == 'TSG-server'
+\ No newline at end of file
diff --git a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2 b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
index 8a5e0840..ef6d5074 100644
--- a/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
+++ b/ansible/roles/wannat_wangw/templates/wangw.conf.j2.j2
@@ -69,8 +69,10 @@ json_cfg_file=./etc/wannat/gtest.json
 inc_dir=./redis_dump/
 full_dir=./redis_dump/
 
-redis_server_ip={% raw %}{{ cm_policy_server_ip }}{% endraw %}
-redis_server_port={% raw %}{{ cm_policy_server_port }}{% endraw %}
+redis_server_ip={% raw %}{{ cm_policy_server_ip }}
+{% endraw %}
+redis_server_port={% raw %}{{ cm_policy_server_port }}
+{% endraw %}
 {% raw %}REDIS_PORT_NUM={{ cm.policy_server.port_num }}
 redis_index={{ cm.policy_server.db_static }}
 {% endraw %}
diff --git a/ansible/roles/workload_target/files/workload.target b/ansible/roles/workload_target/files/workload.target
new file mode 100644
index 00000000..3ba2198b
--- /dev/null
+++ b/ansible/roles/workload_target/files/workload.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=TSG workload
+Requires=basic.target multi-user.target
+Conflicts=rescue.service rescue.target
+After=basic.target rescue.service rescue.target multi-user.target
+AllowIsolate=yes
diff --git a/ansible/roles/workload_target/tasks/main.yml b/ansible/roles/workload_target/tasks/main.yml
new file mode 100644
index 00000000..b106e958
--- /dev/null
+++ b/ansible/roles/workload_target/tasks/main.yml
@@ -0,0 +1,14 @@
+- name: "copy slice file to cert-redis.service.d"
+  copy:
+    src: "{{ role_path }}/files/workload.target"
+    dest: /usr/lib/systemd/system/
+    mode: 0644
+
+- name: "Create directory /usr/lib/systemd/system/workload.target.wants if they not exist"
+  file:
+    path: "/usr/lib/systemd/system/workload.target.wants"
+    state: directory
+    mode: '0644'
+
+- name: "set system default.target"
+  shell: ln -vfs /usr/lib/systemd/system/workload.target /etc/systemd/system/default.target
+\ No newline at end of file
diff --git a/make/Makefile.7400MCN0P01R01 b/make/Makefile.7400MCN0P01R01
index a19c7b44..19a00a6d 100644
--- a/make/Makefile.7400MCN0P01R01
+++ b/make/Makefile.7400MCN0P01R01
@@ -37,6 +37,8 @@ installer: builddir
 	sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh
 	sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh
 
+	sed -i '/sapp-pr:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
+
 sysroot-base: builddir
 	$(TOOLSDIR)/mk-base-image $(CONFDIR)/yum.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR)
 
@@ -50,7 +52,7 @@ sysroot-ansible: sysroot-verfile sysroot-base
 	cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r
 	cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r
 	cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
-	$(TOOLSDIR)/ansible-stage-one $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum.conf
+	$(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum.conf
 	cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
 
 sysroot-cleanup:
diff --git a/make/Makefile.7400MCN123P01R01 b/make/Makefile.7400MCN123P01R01
index 0183ef7d..d21237a1 100644
--- a/make/Makefile.7400MCN123P01R01
+++ b/make/Makefile.7400MCN123P01R01
@@ -37,6 +37,8 @@ installer: builddir
 	sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh
 	sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh
 
+	sed -i '/tfe-pr:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
+
 sysroot-base: builddir
 	$(TOOLSDIR)/mk-base-image $(CONFDIR)/yum.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR)
 
@@ -50,7 +52,7 @@ sysroot-ansible: sysroot-verfile sysroot-base
 	cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r
 	cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r
 	cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
-	$(TOOLSDIR)/ansible-stage-one $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum.conf
+	$(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum.conf
 	cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
 
 sysroot-cleanup:
diff --git a/make/Makefile.9000NPBP01R01 b/make/Makefile.9000NPBP01R01
index 7a627934..f0939cf3 100644
--- a/make/Makefile.9000NPBP01R01
+++ b/make/Makefile.9000NPBP01R01
@@ -37,6 +37,8 @@ installer: builddir
 	sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh
 	sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh
 
+	sed -i '/sapp-pr:/d;/tfe-pr:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
+
 sysroot-base: builddir
 	$(TOOLSDIR)/mk-base-image $(CONFDIR)/yum.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR)
 
@@ -50,7 +52,7 @@ sysroot-ansible: sysroot-verfile sysroot-base
 	cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r
 	cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r
 	cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
-	$(TOOLSDIR)/ansible-stage-one $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum.conf
+	$(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum.conf
 	cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
 
 sysroot-cleanup:
diff --git a/make/Makefile.SERVER b/make/Makefile.SERVER
new file mode 100644
index 00000000..125da057
--- /dev/null
+++ b/make/Makefile.SERVER
@@ -0,0 +1,55 @@
+PROFILE_ID 				:= server
+SUPPORTED_MACHINE_ID 	:= server
+KERNEL_ARGS 			:= console=ttyS0,115200n8 crashkernel=512M default_hugepagesz=1G hugepagesz=1G hugepages=16 intel_iommu=on iommu=pt mitigations=off pci=realloc,assign-busses psi=1 isolcpus=1,9-55
+GRUB_SERIAL_COMMAND 	:=
+SIZE_PART_SYSROOT		:= 16384M
+SIZE_PART_UPDATE			:= 16384M
+
+PROFILE_ID_IN_SHORT		:= $(subst -,$e,$(PROFILE_ID))
+INSTALL_PKG_UNLOCKED 	:= tsg-installer-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}.tar
+INSTALL_PKG_LOCKED		:= tsg-installer-pr-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}.tar
+
+TARGET_BUILD_DIR 		:= $(BUILDDIR_BASE)/$(PROFILE_ID)
+TARGET_INSTALLER_DIR 	:= $(TARGET_BUILD_DIR)/installer
+TARGET_COMPRESS_DIR		:= $(TARGET_BUILD_DIR)/compress
+
+.PHONY: all packages_compress packages_download builddir packages_directory_assemble
+
+all: packages_compress
+
+builddir:
+	mkdir -p $(TARGET_BUILD_DIR)
+	mkdir -p $(TARGET_COMPRESS_DIR)
+	mkdir -p $(TARGET_COMPRESS_DIR)/rpm_download
+
+packages_compress: packages_download packages_directory_assemble
+ifeq ($(LOCK_STATE),UNLOCKED)
+	tar -zcvf $(IMAGEDIR_BASE)/$(INSTALL_PKG_UNLOCKED) -C $(TARGET_COMPRESS_DIR) .
+	sha256sum $(IMAGEDIR_BASE)/$(INSTALL_PKG_UNLOCKED) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(INSTALL_PKG_UNLOCKED).sha256sum.txt
+endif
+ifeq ($(LOCK_STATE),LOCKED)
+	tar -zcvf $(IMAGEDIR_BASE)/$(INSTALL_PKG_LOCKED) -C $(TARGET_COMPRESS_DIR) .
+	sha256sum $(IMAGEDIR_BASE)/$(INSTALL_PKG_LOCKED) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(INSTALL_PKG_LOCKED).sha256sum.txt
+endif
+
+packages_download: builddir
+ifeq ($(LOCK_STATE),UNLOCKED)
+	sed -i '/sapp-pr:/d;/tfe-pr:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
+	sed -i '/role: hasp/d' $(PROJECTDIR)/ansible/HAL_server_deploy.yml
+endif
+ifeq ($(LOCK_STATE),LOCKED)
+	sed -i '/sapp:/d;/tfe:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
+endif
+	$(TOOLSDIR)/ansible-HAL-server $(PROFILE_ID) $(PROJECTDIR) $(TARGET_COMPRESS_DIR)/rpm_download $(PROJECTDIR)/conf/yum.conf
+
+packages_directory_assemble:
+	mkdir -p $(TARGET_COMPRESS_DIR)
+	mkdir -p $(TARGET_COMPRESS_DIR)/group_vars
+	cp -r $(PROJECTDIR)/ansible/roles $(TARGET_COMPRESS_DIR)
+	cp -r $(PROJECTDIR)/ansible/install_config/group_vars/HAL_SERVER.yml $(TARGET_COMPRESS_DIR)/group_vars
+	cp -r $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml $(TARGET_COMPRESS_DIR)/group_vars
+	cp -r $(PROJECTDIR)/ansible/HAL_server_deploy.yml  $(TARGET_COMPRESS_DIR)
+	echo "[server]" > $(TARGET_COMPRESS_DIR)/hosts
+	echo "###target device address###" >> $(TARGET_COMPRESS_DIR)/hosts
+	rm -rf $(TARGET_COMPRESS_DIR)/roles/rpm_to_dest/files
+	mv $(TARGET_COMPRESS_DIR)/rpm_download $(TARGET_COMPRESS_DIR)/roles/rpm_to_dest/files
diff --git a/tools/ansible-stage-one b/tools/ansible-HAL
index 40e67a75..4ef40a01 100644
--- a/tools/ansible-stage-one
+++ b/tools/ansible-HAL
@@ -11,4 +11,4 @@ echo "$PROFILE_ID"
 echo "[$PROFILE_ID]" > $PROJECTDIR/ansible/install_config/hosts
 echo "$TARGET_SYSROOT_DIR  ansible_connection=chroot" >> $PROJECTDIR/ansible/install_config/hosts
 
-ansible-playbook -i $PROJECTDIR/ansible/install_config/hosts $PROJECTDIR/ansible/stage_one_deploy.yml -e "rpm_repo_config_path=$YUM_CONF_PATH PROFILE_ID=$PROFILE_ID"
+ansible-playbook -i $PROJECTDIR/ansible/install_config/hosts $PROJECTDIR/ansible/HAL_deploy.yml -e "rpm_repo_config_path=$YUM_CONF_PATH PROFILE_ID=$PROFILE_ID path_download=/tmp/rpm_download"
diff --git a/tools/ansible-HAL-server b/tools/ansible-HAL-server
new file mode 100644
index 00000000..d2acc80a
--- /dev/null
+++ b/tools/ansible-HAL-server
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+PROFILE_ID=$1
+PROJECTDIR=$2
+TARGET_DIR=$3
+YUM_CONF_PATH=$4
+
+echo "-----------------------------  Ansible HAL-server  ----------------------------"
+echo "$PROFILE_ID"
+
+echo "[$PROFILE_ID]" > $PROJECTDIR/ansible/install_config/hosts
+echo "server ansible_connection=local" >> $PROJECTDIR/ansible/install_config/hosts
+ansible-playbook -i $PROJECTDIR/ansible/install_config/hosts $PROJECTDIR/ansible/HAL_deploy.yml -e "rpm_repo_config_path=$YUM_CONF_PATH PROFILE_ID=$PROFILE_ID path_download=$TARGET_DIR"
diff --git a/tools/upload.sh b/tools/upload.sh
index 27787c42..eec64916 100644
--- a/tools/upload.sh
+++ b/tools/upload.sh
@@ -6,6 +6,10 @@ cat $CI_PROJECT_DIR/images/*.sha256sum.txt
 if [ -n "${UPLOAD_TO_FILE_REPO}" ]; then	
 	#python3 ~/file_upload_tools.py ${PULP3_FILE_REPO_NAME} ${PULP3_FILE_DIST_NAME} ./images/*.bin
 	#python3 ~/file_upload_tools.py ${PULP3_FILE_REPO_NAME} ${PULP3_FILE_DIST_NAME} ./images/*.sha256sum.txt
-	python3 ~/file_upload_tools_to_share_repo.py ${FILE_REPO_PATH} ./images/*.bin
+	if [ "${PROFILE_LIST}" == "SERVER" ]; then
+		python3 ~/file_upload_tools_to_share_repo.py ${FILE_REPO_PATH} ./images/*.tar
+	else
+		python3 ~/file_upload_tools_to_share_repo.py ${FILE_REPO_PATH} ./images/*.bin
+	fi
 	python3 ~/file_upload_tools_to_share_repo.py ${FILE_REPO_PATH} ./images/*.sha256sum.txt
 fi
 \ No newline at end of file
author	fumingwei <[email protected]>	2021-11-03 15:45:54 +0800
committer	fumingwei <[email protected]>	2021-12-30 17:38:30 +0800
commit	bddbebb6f3e48429b0783d72c572d65234db153b (patch)
tree	08c220e9c2b3ddb893aebdbd09747e159ba9391a
parent	3ba9652efa22142e718c15e727832c7716e28caf (diff)