diff options
| author | lijia <[email protected]> | 2021-08-10 14:03:00 +0800 |
|---|---|---|
| committer | lijia <[email protected]> | 2021-08-10 14:03:00 +0800 |
| commit | 614d4cf0894f83fb67e0c7672d4996ca7e8b769b (patch) | |
| tree | 70c78e61dd6404fc3d964ab1367464575104319b | |
| parent | 9c93e6f5130b56b9ac344f7f39fb50906922009b (diff) | |
删除wangw, wire_graft_plug功能端模块, 更新RPM包.
22 files changed, 142 insertions, 242 deletions
diff --git a/xxg_integration_env/group_vars/all.yml b/deploy_env.tmp/group_vars/all.yml index 0c30f15..587f8cd 100644 --- a/xxg_integration_env/group_vars/all.yml +++ b/deploy_env.tmp/group_vars/all.yml @@ -51,9 +51,8 @@ wannat_global: rpm_files: wangw_rpm_file: "libwangw-1.3.0.bcc9c59-2.el7.x86_64.rpm" natgw_rpm_file: "wannat_natgw-1.3.3.d7123b3-2.el7.x86_64.rpm" - wire_graft_rpm_file: "libwire_graft-1.2.8.d123db9-2.el7.x86_64.rpm" - wire_graft_devel_rpm_file: "libwire_graft-devel-1.2.8.d123db9-2.el7.x86_64.rpm" - toroad_rpm_file: "toroad-1.1.11.b0562a5-2.el7.x86_64.rpm" + wire_graft_rpm_file: "libwire_graft-1.3.3.e1fe8e4-2.el7.x86_64.rpm" + toroad_rpm_file: "toroad-1.2.3.693a647-2.el7.x86_64.rpm" ppp_rpm_file: "ppp-2.4.5-34.el7_7.x86_64.rpm" pptpd_rpm_file: "pptpd-1.4.0-2.el7.x86_64.rpm" openvpn_rpm_file: "openvpn-2.4.11-1.el7.x86_64.rpm" diff --git a/xxg_test_env/hosts.xxg b/deploy_env.tmp/hosts.xxg index 2f7eae2..4bfbf16 100644 --- a/xxg_test_env/hosts.xxg +++ b/deploy_env.tmp/hosts.xxg @@ -5,7 +5,7 @@ install_device_sn=false install_device_tag=false [wangw] -192.168.40.21 +192.168.40.137 [natgw] 192.168.40.133 @@ -20,8 +20,5 @@ install_device_tag=false 192.168.44.3 [radius_client] -192.168.40.133 - -[openvpn] -192.168.40.133 +192.168.40.3 diff --git a/xxg_test_env/all.yml b/deploy_env/group_vars/all.yml index 4620df8..cb7719f 100644 --- a/xxg_test_env/all.yml +++ b/deploy_env/group_vars/all.yml @@ -1,26 +1,29 @@ wannat_global: common: - redis_server_ip: "192.168.44.3" + redis_server_ip: "192.168.44.72" redis_server_port: 7002 redis_index: 0 bifang_db_username: "root" bifang_db_password: "bifang!@#" bifang_radius_db_name: "tsg-bifang" + vpn_client_ip_cidr: "10.10.120.0/24" + vpn_server_ip_local: "10.10.120.1" + vpn_client_ip_range: "10.10.120.2-254" wangw: - NAT_GW_tunnel_device: "enp8s0" + NAT_GW_tunnel_device: "enp6s0" WAN_GW_tunnel_listen_port: 3544 - NAT_GW_tunnel_ip: "192.168.40.133" + NAT_GW_tunnel_ip: "192.168.40.161" NAT_GW_tunnel_remote_port: 3544 natgw: run_type: 0 config_type: 1 - wannat_ip: "192.168.40.21" + wannat_ip: "192.168.40.161" wannat_port: 3544 natgw_bind_port: 3544 device: "eth0" - vpn_client_ip_cidr: "10.10.133.0/24" + vpn_client_ip_cidr: "10.10.120.0/24" country_location: "private" province_location: "private" @@ -35,25 +38,24 @@ wannat_global: config_src_type: "redis" wiregraft: - identification_by_which_device: "enp8s0" - toroad_server_ip: "192.168.40.133" + identification_by_which_device: "enp6s0" + toroad_server_ip: "192.168.40.134" toroad_server_port: 8888 pptp: - mtu: 9000 + mtu: 2000 dns1: "8.8.8.8" dns2: "114.114.114.114" radius: shared_secret: "testing123" - server_ip: "192.168.44.3" + server_ip: "192.168.44.72" rpm_files: wangw_rpm_file: "libwangw-1.3.0.bcc9c59-2.el7.x86_64.rpm" natgw_rpm_file: "wannat_natgw-1.3.3.d7123b3-2.el7.x86_64.rpm" - wire_graft_rpm_file: "libwire_graft-1.2.8.d123db9-2.el7.x86_64.rpm" - wire_graft_devel_rpm_file: "libwire_graft-devel-1.2.8.d123db9-2.el7.x86_64.rpm" - toroad_rpm_file: "toroad-1.1.11.b0562a5-2.el7.x86_64.rpm" + wire_graft_rpm_file: "libwire_graft-1.3.3.e1fe8e4-2.el7.x86_64.rpm" + toroad_rpm_file: "toroad-1.2.3.693a647-2.el7.x86_64.rpm" ppp_rpm_file: "ppp-2.4.5-34.el7_7.x86_64.rpm" pptpd_rpm_file: "pptpd-1.4.0-2.el7.x86_64.rpm" openvpn_rpm_file: "openvpn-2.4.11-1.el7.x86_64.rpm" diff --git a/xxg_integration_env/hosts.xxg b/deploy_env/hosts.xxg index da17f48..da17f48 100644 --- a/xxg_integration_env/hosts.xxg +++ b/deploy_env/hosts.xxg diff --git a/roles/libwire_graft/files/rpm/libwire_graft-1.3.3.e1fe8e4-2.el7.x86_64.rpm b/roles/libwire_graft/files/rpm/libwire_graft-1.3.3.e1fe8e4-2.el7.x86_64.rpm Binary files differnew file mode 100644 index 0000000..4ea7a9c --- /dev/null +++ b/roles/libwire_graft/files/rpm/libwire_graft-1.3.3.e1fe8e4-2.el7.x86_64.rpm diff --git a/roles/wire_graft_devel/tasks/main.yml b/roles/libwire_graft/tasks/main.yml index 9e3c9ac..098c678 100644 --- a/roles/wire_graft_devel/tasks/main.yml +++ b/roles/libwire_graft/tasks/main.yml @@ -6,7 +6,7 @@ - name: "copy wiregraft_devel_rpm_file to destination server" synchronize: - src: "{{ role_path }}/files/rpm/{{ wannat_global.rpm_files.wire_graft_devel_rpm_file }}" + src: "{{ role_path }}/files/rpm/{{ wannat_global.rpm_files.wire_graft_rpm_file }}" dest: "/tmp/" - name: "install wiregraft_devel" @@ -15,7 +15,7 @@ state: present vars: packages: - - /tmp/{{ wannat_global.rpm_files.wire_graft_devel_rpm_file }} + - /tmp/{{ wannat_global.rpm_files.wire_graft_rpm_file }} diff --git a/roles/natgw/templates/monit_natgw.j2 b/roles/natgw/templates/monit_natgw.j2 index d2f538c..e15619d 100644 --- a/roles/natgw/templates/monit_natgw.j2 +++ b/roles/natgw/templates/monit_natgw.j2 @@ -21,7 +21,7 @@ while [ 1 ]; do ethtool -K tun_natgw gso off ethtool -K tun_natgw tso off - ip rule add from {{wannat_global.natgw.vpn_client_ip_cidr}} table 1001 + ip rule add from {{wannat_global.common.vpn_client_ip_cidr}} table 1001 ip route add default via 192.168.1.253 table 1001 echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log fi diff --git a/roles/pptpd/tasks/main.yml b/roles/pptpd/tasks/main.yml index 1bd5e34..9d09e75 100644 --- a/roles/pptpd/tasks/main.yml +++ b/roles/pptpd/tasks/main.yml @@ -31,6 +31,12 @@ dest: /etc/ppp/options.pptpd tags: template +- name: "Template the pptp.conf file" + template: + src: "{{ role_path }}/templates/pptpd.conf.j2" + dest: /etc/pptpd.conf + tags: template + - name: "Template the ip-up script file" template: src: "{{ role_path }}/templates/ip-up.j2" diff --git a/roles/pptpd/templates/ip-up.j2 b/roles/pptpd/templates/ip-up.j2 index c3c02b3..8204a81 100644 --- a/roles/pptpd/templates/ip-up.j2 +++ b/roles/pptpd/templates/ip-up.j2 @@ -14,9 +14,6 @@ REALDEVICE=$1 [ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@" -# PPTP VPN客户端的mtu不能通过本地服务器通告而修改, -# 如果能改小一些, 改成小于1500最好, 因为加了ppp头部, -# 现在只能修改本地的MTU, 超过了一般以太网的最大值. ifconfig $1 mtu {{wannat_global.pptp.mtu}} exit 0 diff --git a/roles/pptpd/templates/pptpd.conf.j2 b/roles/pptpd/templates/pptpd.conf.j2 new file mode 100644 index 0000000..101897d --- /dev/null +++ b/roles/pptpd/templates/pptpd.conf.j2 @@ -0,0 +1,108 @@ +############################################################################### +# $Id: pptpd.conf,v 1.11 2011/05/19 00:02:50 quozl Exp $ +# +# Sample Poptop configuration file /etc/pptpd.conf +# +# Changes are effective when pptpd is restarted. +############################################################################### + +# TAG: ppp +# Path to the pppd program, default '/usr/sbin/pppd' on Linux +# +#ppp /usr/sbin/pppd + +# TAG: option +# Specifies the location of the PPP options file. +# By default PPP looks in '/etc/ppp/options' +# +option /etc/ppp/options.pptpd + +# TAG: debug +# Turns on (more) debugging to syslog +# +#debug + +# TAG: stimeout +# Specifies timeout (in seconds) on starting ctrl connection +# +# stimeout 10 + +# TAG: noipparam +# Suppress the passing of the client's IP address to PPP, which is +# done by default otherwise. +# +#noipparam + +# TAG: logwtmp +# Use wtmp(5) to record client connections and disconnections. +# +logwtmp + +# TAG: vrf <vrfname> +# Switches PPTP & GRE sockets to the specified VRF, which must exist +# Only available if VRF support was compiled into pptpd. +# +#vrf test + +# TAG: bcrelay <if> +# Turns on broadcast relay to clients from interface <if> +# +#bcrelay eth1 + +# TAG: delegate +# Delegates the allocation of client IP addresses to pppd. +# +# Without this option, which is the default, pptpd manages the list of +# IP addresses for clients and passes the next free address to pppd. +# With this option, pptpd does not pass an address, and so pppd may use +# radius or chap-secrets to allocate an address. +# +#delegate + +# TAG: connections +# Limits the number of client connections that may be accepted. +# +# If pptpd is allocating IP addresses (e.g. delegate is not +# used) then the number of connections is also limited by the +# remoteip option. The default is 100. +#connections 100 + +# TAG: localip +# TAG: remoteip +# Specifies the local and remote IP address ranges. +# +# These options are ignored if delegate option is set. +# +# Any addresses work as long as the local machine takes care of the +# routing. But if you want to use MS-Windows networking, you should +# use IP addresses out of the LAN address space and use the proxyarp +# option in the pppd options file, or run bcrelay. +# +# You can specify single IP addresses seperated by commas or you can +# specify ranges, or both. For example: +# +# 192.168.0.234,192.168.0.245-249,192.168.0.254 +# +# IMPORTANT RESTRICTIONS: +# +# 1. No spaces are permitted between commas or within addresses. +# +# 2. If you give more IP addresses than the value of connections, +# it will start at the beginning of the list and go until it +# gets connections IPs. Others will be ignored. +# +# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, +# you must type 234-238 if you mean this. +# +# 4. If you give a single localIP, that's ok - all local IPs will +# be set to the given one. You MUST still give at least one remote +# IP for each simultaneous client. +# +# (Recommended) +#localip 192.168.0.1 +#remoteip 192.168.0.234-238,192.168.0.245 +# or +#localip 192.168.0.234-238,192.168.0.245 +#remoteip 192.168.1.234-238,192.168.1.245 +localip {{wannat_global.common.vpn_server_ip_local}} +remoteip {{wannat_global.common.vpn_client_ip_range}} diff --git a/roles/toroad/files/rpm/toroad-1.1.11.b0562a5-2.el7.x86_64.rpm b/roles/toroad/files/rpm/toroad-1.1.11.b0562a5-2.el7.x86_64.rpm Binary files differdeleted file mode 100644 index 009acaf..0000000 --- a/roles/toroad/files/rpm/toroad-1.1.11.b0562a5-2.el7.x86_64.rpm +++ /dev/null diff --git a/roles/toroad/files/rpm/toroad-1.2.3.693a647-2.el7.x86_64.rpm b/roles/toroad/files/rpm/toroad-1.2.3.693a647-2.el7.x86_64.rpm Binary files differnew file mode 100644 index 0000000..e11d7d5 --- /dev/null +++ b/roles/toroad/files/rpm/toroad-1.2.3.693a647-2.el7.x86_64.rpm diff --git a/roles/wangw/files/rpm/libwangw-1.3.0.bcc9c59-2.el7.x86_64.rpm b/roles/wangw/files/rpm/libwangw-1.3.0.bcc9c59-2.el7.x86_64.rpm Binary files differdeleted file mode 100644 index 85b01c4..0000000 --- a/roles/wangw/files/rpm/libwangw-1.3.0.bcc9c59-2.el7.x86_64.rpm +++ /dev/null diff --git a/roles/wangw/tasks/main.yml b/roles/wangw/tasks/main.yml deleted file mode 100644 index cd6fb9c..0000000 --- a/roles/wangw/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: "copy wangw_rpm_file to destination server" - synchronize: - src: "{{ role_path }}/files/rpm/{{ wannat_global.rpm_files.wangw_rpm_file }}" - dest: "/tmp/" - -- name: "install wangw" - yum: - name: "{{ packages }}" - state: present - vars: - packages: - - /tmp/{{ wannat_global.rpm_files.wangw_rpm_file }} - -- name: "Creates ./etc/wannat directory" - file: - path: /home/mesasoft/sapp_run/etc/wannat - state: directory - -- name: "Template the wangw.conf" - template: - src: "{{ role_path }}/templates/wangw.conf.j2" - dest: /home/mesasoft/sapp_run/etc/wannat/wangw.conf - tags: template - diff --git a/roles/wangw/templates/wangw.conf.j2 b/roles/wangw/templates/wangw.conf.j2 deleted file mode 100644 index 5bd2680..0000000 --- a/roles/wangw/templates/wangw.conf.j2 +++ /dev/null @@ -1,64 +0,0 @@ -[main] -#在线模式用vxlan, 测试模式用ethernet, 即标准ethernet/IP协议 -NAT_GW_tunnel_mode=vxlan - -#本地监听端口 -NAT_GW_tunnel_recv_port={{wannat_global.wangw.WAN_GW_tunnel_listen_port}} - -#DNAT首包发送给NATGW时, 对端的监听端口 -NAT_GW_tunnel_send_port={{wannat_global.wangw.NAT_GW_tunnel_remote_port}} - -#NAT GW的内部互联网卡名称 -NAT_GW_tunnel_device={{wannat_global.wangw.NAT_GW_tunnel_device}} - -#NAT GW的内部互联IP地址, 端口使用vxlan默认值, 要求对方也开放UDP 4789端口 -NAT_GW_tunnel_ip={{wannat_global.wangw.NAT_GW_tunnel_ip}} - - -#接收来自NAT GW的包, 需要创建sapp的独立发包线程, 目前暂时只支持1个. -I2E_independent_thread_num=1 - -#重复流量识别 -duplicate_pkt_prune=1 - -[pkt_dump] -command_port=1234 - -[session] -#最大并发连接数 -max_session_num=100000 - -#连续no_pkt_timeout秒没有数据包, 认为此连接已超时, 可以删除 -no_pkt_timeout=60 - - -[runtime_log] -log_file=./wannat_log/wannat.log -log_level=30 - -[field_stat2] -Fs2_log_local_dir_path=./wannat_log -Fs2_server_ip=127.0.0.1 -Fs2_server_port=8125 -Fs2_interval=3 - -[maat] -table_info=./etc/wannat/tableinfo.conf -#json, redis, local_file -#config_src_type=local_file -config_src_type=redis -#config_src_type=json -json_cfg_file=./etc/wannat/gtest.json -inc_dir=./redis_dump/ -full_dir=./redis_dump/ -redis_server_ip={{wannat_global.common.redis_server_ip}} -redis_server_port={{wannat_global.common.redis_server_port}} -redis_index={{wannat_global.common.redis_index}} - -[no_nat_gw_self_test] -test_eth_mode_nat_type=snat -test_eth_mode_vlink_id=0 -test_eth_mode_link_dir=E -test_eth_bpf="port 80" -test_linkinfo_file=./etc/wannat/self_test.linkinfo - diff --git a/roles/wire_graft/files/rpm/libwire_graft-1.2.8.d123db9-2.el7.x86_64.rpm b/roles/wire_graft/files/rpm/libwire_graft-1.2.8.d123db9-2.el7.x86_64.rpm Binary files differdeleted file mode 100644 index 108bd25..0000000 --- a/roles/wire_graft/files/rpm/libwire_graft-1.2.8.d123db9-2.el7.x86_64.rpm +++ /dev/null diff --git a/roles/wire_graft/tasks/main.yml b/roles/wire_graft/tasks/main.yml deleted file mode 100644 index 339d538..0000000 --- a/roles/wire_graft/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: "Creates ./etc/wire_graft directory" - file: - path: /home/mesasoft/sapp_run/etc/wire_graft - state: directory - -- name: "copy wiregraft_rpm_file to destination server" - synchronize: - src: "{{ role_path }}/files/rpm/{{ wannat_global.rpm_files.wire_graft_rpm_file }}" - dest: "/tmp/" - -- name: "install wiregraft" - yum: - name: "{{ packages }}" - state: present - vars: - packages: - - /tmp/{{ wannat_global.rpm_files.wire_graft_rpm_file }} - -- name: "Template the wire_graft.inf" - template: - src: "{{ role_path }}/templates/wire_graft.inf.j2" - dest: /home/mesasoft/sapp_run/plug/platform/wire_graft/wire_graft.inf - tags: template - -- name: "Template the wire_graft.conf" - template: - src: "{{ role_path }}/templates/wire_graft.conf.j2" - dest: /home/mesasoft/sapp_run/etc/wire_graft/wire_graft.conf - tags: template - diff --git a/roles/wire_graft/templates/wire_graft.conf.j2 b/roles/wire_graft/templates/wire_graft.conf.j2 deleted file mode 100644 index d45b8c8..0000000 --- a/roles/wire_graft/templates/wire_graft.conf.j2 +++ /dev/null @@ -1,19 +0,0 @@ -[main] - -[record_link_info] -stream_project_tag_enable=1 -link_info_prune=1 -#用于标识本机ip使用哪块网卡,可能是管理口,可能是其他业务口 -identification_by_which_device={{wannat_global.wiregraft.identification_by_which_device}} - -#单个流超过此包数的才发送链路信息, 防止遭受ddos攻击疯狂发日志 -at_least_total_num=2 -at_least_total_byte=10 - -[toroad] -sendto_toroad_enable=1 -toroad_ip={{wannat_global.wiregraft.toroad_server_ip}} -toroad_port={{wannat_global.wiregraft.toroad_server_port}} - -[log] -log_level=30 diff --git a/roles/wire_graft/templates/wire_graft.inf.j2 b/roles/wire_graft/templates/wire_graft.inf.j2 deleted file mode 100644 index c6e2cf5..0000000 --- a/roles/wire_graft/templates/wire_graft.inf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -[PLUGINFO] -PLUGNAME=wire_graft -SO_PATH=./plug/platform/wire_graft/libwire_graft.so -INIT_FUNC=wire_graft_init - -[TCP_RAW] -FUNC_FLAG=ALL -FUNC_NAME=record_link_info_entry_raw - -#[POLLING] -#FUNC_FLAG=ALL -#FUNC_NAME=wire_graft_polling_cb diff --git a/roles/wire_graft_devel/files/rpm/libwire_graft-devel-1.2.8.d123db9-2.el7.x86_64.rpm b/roles/wire_graft_devel/files/rpm/libwire_graft-devel-1.2.8.d123db9-2.el7.x86_64.rpm Binary files differdeleted file mode 100644 index 17eee5b..0000000 --- a/roles/wire_graft_devel/files/rpm/libwire_graft-devel-1.2.8.d123db9-2.el7.x86_64.rpm +++ /dev/null diff --git a/wannat-install.tmp.yml b/wannat-install.tmp.yml deleted file mode 100644 index fa06b21..0000000 --- a/wannat-install.tmp.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- hosts: wangw - roles: - - wangw - - wire_graft_devel - - wire_graft - vars_files: - - xxg_test_env/all.yml - -- hosts: natgw - roles: - - wire_graft_devel - - natgw - vars_files: - - xxg_test_env/all.yml - -#- hosts: toroad -# roles: -# - wire_graft_devel -# - toroad -# vars_files: -# - wannat_deploy_env/all.yml - -#- hosts: radius_client -# roles: -# - radius_client -# vars_files: -# - wannat_deploy_env/all.yml - -#- hosts: radius_server -# roles: -# - radius_server -# vars_files: -# - wannat_deploy_env/all.yml - -#- hosts: pptpd - #roles: - #- pptpd - #vars_files: - #- wannat_deploy_env/all.yml - -#- hosts: openvpn -# roles: -# - openvpn -# vars_files: -# - wannat_deploy_env/all.yml - diff --git a/wannat-install.yml b/wannat-install.yml index 5732965..2e4e1fe 100644 --- a/wannat-install.yml +++ b/wannat-install.yml @@ -1,31 +1,20 @@ --- -- hosts: wangw - roles: - - wangw - - wire_graft_devel - - wire_graft - vars_files: - - wannat_deploy_env/all.yml - hosts: natgw roles: - - wire_graft_devel + - libwire_graft - natgw vars_files: - - wannat_deploy_env/all.yml + - deploy_env/group_vars/all.yml - hosts: toroad roles: - - wire_graft_devel + - libwire_graft - toroad vars_files: - - wannat_deploy_env/all.yml + - deploy_env/group_vars/all.yml -- hosts: natgw - roles: - - wire_graft_devel - - natgw - hosts: radius_client roles: @@ -39,9 +28,9 @@ roles: - pptpd -- hosts: openvpn - roles: - - openvpn +#- hosts: openvpn +# roles: +# - openvpn |