diff options
| author |   Itohan <itohan.ukponmwan@intel.com> | 2018-11-12 21:06:48 -0800 |
|---|---|---|
| committer | Itohan <itohan.ukponmwan@intel.com> | 2018-11-12 21:06:48 -0800 |
| commit | ffe81cb66e38da20dd8d97ff15157eec032232d5 (patch) | |
| tree | 8757b01118ff4497c5dedef991eb70cec262e1ff | |
| parent | 9f8da0915c260757e4bb051d0cf66a9337dfb892 (diff) | |
vFW and vFWCL templates for HPA
Modified the generic vFW and vFWCL heat templates
to include different flavor parameters for each
vm in this use case.
Added a parameter to specify the vnic type for
the port of each vm so that sriov NICs or virtio
NICs can be specified.
Change-Id: I32b60f94b8deeb7c388d1d0b53afda215cd53c7d
Issue-ID: INT-703
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
| -rw-r--r-- | heat/vFW_HPA/vFW/MANIFEST.json | 17 | ||||
| -rw-r--r-- | heat/vFW_HPA/vFW/base_vfw.env | 43 | ||||
| -rw-r--r-- | heat/vFW_HPA/vFW/base_vfw.yaml | 472 | ||||
| -rw-r--r-- | heat/vFW_HPA/vFWCL/vFWSNK/MANIFEST.json | 17 | ||||
| -rw-r--r-- | heat/vFW_HPA/vFWCL/vFWSNK/base_vfw.env | 37 | ||||
| -rw-r--r-- | heat/vFW_HPA/vFWCL/vFWSNK/base_vfw.yaml | 381 | ||||
| -rw-r--r-- | heat/vFW_HPA/vFWCL/vPKG/MANIFEST.json | 17 | ||||
| -rw-r--r-- | heat/vFW_HPA/vFWCL/vPKG/base_vpkg.env | 26 | ||||
| -rw-r--r-- | heat/vFW_HPA/vFWCL/vPKG/base_vpkg.yaml | 234 |
9 files changed, 1244 insertions, 0 deletions
diff --git a/heat/vFW_HPA/vFW/MANIFEST.json b/heat/vFW_HPA/vFW/MANIFEST.json new file mode 100644 index 00000000..af79f75b --- /dev/null +++ b/heat/vFW_HPA/vFW/MANIFEST.json @@ -0,0 +1,17 @@ +{ + "name": "virtualFireWall", + "description": "", + "data": [ + { + "file": "base_vfw.yaml", + "type": "HEAT", + "isBase": "true", + "data": [ + { + "file": "base_vfw.env", + "type": "HEAT_ENV" + } + ] + } + ] +}
\ No newline at end of file diff --git a/heat/vFW_HPA/vFW/base_vfw.env b/heat/vFW_HPA/vFW/base_vfw.env new file mode 100644 index 00000000..cc53e413 --- /dev/null +++ b/heat/vFW_HPA/vFW/base_vfw.env @@ -0,0 +1,43 @@ +parameters: + vfw_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404 required) + firewall_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + sink_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + packetgen_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + public_net_id: PUT THE PUBLIC NETWORK ID HERE + unprotected_private_net_id: zdfw1fwl01_unprotected + protected_private_net_id: zdfw1fwl01_protected + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + unprotected_private_net_cidr: 192.168.10.0/24 + protected_private_net_cidr: 192.168.20.0/24 + onap_private_net_cidr: 10.0.0.0/16 + vfw_private_ip_0: 192.168.10.100 + vfw_private_ip_1: 192.168.20.100 + vfw_private_ip_2: 10.0.100.1 + vpg_private_ip_0: 192.168.10.200 + vpg_private_ip_1: 10.0.100.2 + vsn_private_ip_0: 192.168.20.250 + vsn_private_ip_1: 10.0.100.3 + vfw_name_0: zdfw1fwl01fwl01 + vpg_name_0: zdfw1fwl01pgn01 + vsn_name_0: zdfw1fwl01snk01 + vfw_private_0_port_vnic_type: normal or direct + vfw_private_1_port_vnic_type: normal or direct + vfw_private_2_port_vnic_type: normal or direct + vpg_private_0_port_vnic_type: normal or direct + vpg_private_1_port_vnic_type: normal or direct + vsn_private_0_port_vnic_type: normal or direct + vsn_private_1_port_vnic_type: normal or direct + vnf_id: vFirewall_demo_app + vf_module_id: vFirewall + dcae_collector_ip: 10.0.4.1 + dcae_collector_port: 8081 + demo_artifacts_version: 1.3.0-SNAPSHOT + install_script_version: 1.3.0-SNAPSHOT + key_name: vfw_key + pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN + cloud_env: openstack + sec_group: PUT THE ONAP SECURITY GROUP HERE + sdnc_model_name: vFW_spinup + sdnc_model_version: 1.0.0 + sdnc_artifact_name: vFW_vNF_Artifact diff --git a/heat/vFW_HPA/vFW/base_vfw.yaml b/heat/vFW_HPA/vFW/base_vfw.yaml new file mode 100644 index 00000000..df3765ef --- /dev/null +++ b/heat/vFW_HPA/vFW/base_vfw.yaml @@ -0,0 +1,472 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Heat template that deploys vFirewall demo app for ONAP + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + vfw_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + firewall_flavor_name: + type: string + label: Firewall Flavor + description: Type of instance (flavor) to be used for firewall VM + sink_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used for vSink VM + packetgen_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used for packet generator + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + unprotected_private_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + protected_private_net_id: + type: string + label: Protected private network name or ID + description: Private network that connects vFirewall with vSink + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + unprotected_private_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + protected_private_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_private_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vfw_private_ip_1: + type: string + label: vFirewall private IP address towards the protected network + description: Private IP address that is assigned to the vFirewall to communicate with the vSink + vfw_private_ip_2: + type: string + label: vFirewall private IP address towards the ONAP management network + description: Private IP address that is assigned to the vFirewall to communicate with ONAP components + vpg_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vpg_private_ip_1: + type: string + label: vPacketGenerator private IP address towards the ONAP management network + description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components + vsn_private_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vsn_private_ip_1: + type: string + label: vSink private IP address towards the ONAP management network + description: Private IP address that is assigned to the vSink to communicate with ONAP components + vfw_private_0_port_vnic_type: + type: string + description: vfw port 0 vnic type (normal, direct) + vfw_private_1_port_vnic_type: + type: string + description: vfw port 1 vnic type (normal, direct) + vfw_private_2_port_vnic_type: + type: string + description: vfw port 2 vnic type (normal, direct) + vsn_private_0_port_vnic_type: + type: string + description: vsn port 0 vnic type (normal, direct) + vsn_private_1_port_vnic_type: + type: string + description: vsn port 1 vnic type (normal, direct) + vpg_private_0_port_vnic_type: + type: string + description: vpg port 0 vnic type (normal, direct) + vpg_private_1_port_vnic_type: + type: string + description: vpg port 1 vnic type (normal, direct) + vfw_name_0: + type: string + label: vFirewall name + description: Name of the vFirewall + vpg_name_0: + type: string + label: vPacketGenerator name + description: Name of the vPacketGenerator + vsn_name_0: + type: string + label: vSink name + description: Name of the vSink + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: vFirewall module ID + description: The vFirewall Module ID is provided by ONAP + dcae_collector_ip: + type: string + label: DCAE collector IP address + description: IP address of the DCAE collector + dcae_collector_port: + type: string + label: DCAE collector port + description: Port of the DCAE collector + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + default: "https://nexus.onap.org" + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + sdnc_model_name: + type: string + description: SDNC Model Name metatada + sdnc_model_version: + type: string + description: SDNC Model Version metatada + sdnc_artifact_name: + type: string + description: SDNC Artifact Name metatada + +############# +# # +# RESOURCES # +# # +############# + +resources: + random-str: + type: OS::Heat::RandomString + properties: + length: 4 + + my_keypair: + type: OS::Nova::KeyPair + properties: + name: + str_replace: + template: base_rand + params: + base: { get_param: key_name } + rand: { get_resource: random-str } + public_key: { get_param: pub_key } + save_private_key: false + + unprotected_private_network: + type: OS::Neutron::Net + properties: + name: { get_param: unprotected_private_net_id } + + protected_private_network: + type: OS::Neutron::Net + properties: + name: { get_param: protected_private_net_id } + + unprotected_private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: unprotected_private_network } + cidr: { get_param: unprotected_private_net_cidr } + + protected_private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: protected_private_network } + cidr: { get_param: protected_private_net_cidr } + + # Virtual Firewall instantiation + vfw_private_0_port: + type: OS::Neutron::Port + properties: + network: { get_resource: unprotected_private_network } + binding:vnic_type: { get_param: vfw_private_0_port_vnic_type} + fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_private_1_port: + type: OS::Neutron::Port + properties: + allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] + network: { get_resource: protected_private_network } + binding:vnic_type: { get_param: vfw_private_1_port_vnic_type} + fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}] + security_groups: + - { get_param: sec_group } + + vfw_private_2_port: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + binding:vnic_type: { get_param: vfw_private_2_port_vnic_type} + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}] + security_groups: + - { get_param: sec_group } + + vfw_0: + type: OS::Nova::Server + properties: + image: { get_param: vfw_image_name } + flavor: { get_param: firewall_flavor_name } + name: { get_param: vfw_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vfw_private_0_port } + - port: { get_resource: vfw_private_1_port } + - port: { get_resource: vfw_private_2_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }, sdnc_model_name: { get_param: sdnc_model_name }, sdnc_model_version: { get_param: sdnc_model_version }, sdnc_artifact_name: { get_param: sdnc_artifact_name }} + user_data_format: RAW + user_data: + str_replace: + params: + __dcae_collector_ip__ : { get_param: dcae_collector_ip } + __dcae_collector_port__ : { get_param: dcae_collector_port } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vfw_private_ip_0__ : { get_param: vfw_private_ip_0 } + __vfw_private_ip_1__ : { get_param: vfw_private_ip_1 } + __vfw_private_ip_2__ : { get_param: vfw_private_ip_2 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt + echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vfw_private_ip_0__" > /opt/config/vfw_private_ip_0.txt + echo "__vfw_private_ip_1__" > /opt/config/vfw_private_ip_1.txt + echo "__vfw_private_ip_2__" > /opt/config/vfw_private_ip_2.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_firewall_install.sh + cd /opt + chmod +x v_firewall_install.sh + ./v_firewall_install.sh + + + # Virtual Packet Generator instantiation + vpg_private_0_port: + type: OS::Neutron::Port + properties: + network: { get_resource: unprotected_private_network } + binding:vnic_type: { get_param: vpg_private_0_port_vnic_type} + fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vpg_private_1_port: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + binding:vnic_type: { get_param: vpg_private_1_port_vnic_type} + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}] + security_groups: + - { get_param: sec_group } + + vpg_0: + type: OS::Nova::Server + properties: + image: { get_param: vfw_image_name } + flavor: { get_param: packetgen_flavor_name } + name: { get_param: vpg_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vpg_private_0_port } + - port: { get_resource: vpg_private_1_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }, sdnc_model_name: { get_param: sdnc_model_name }, sdnc_model_version: { get_param: sdnc_model_version }, sdnc_artifact_name: { get_param: sdnc_artifact_name }} + user_data_format: RAW + user_data: + str_replace: + params: + __fw_ipaddr__: { get_param: vfw_private_ip_0 } + __protected_net_cidr__: { get_param: protected_private_net_cidr } + __sink_ipaddr__: { get_param: vsn_private_ip_0 } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vpg_private_ip_0__ : { get_param: vpg_private_ip_0 } + __vpg_private_ip_1__ : { get_param: vpg_private_ip_1 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__fw_ipaddr__" > /opt/config/fw_ipaddr.txt + echo "__protected_net_cidr__" > /opt/config/protected_net_cidr.txt + echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt + echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh + cd /opt + chmod +x v_packetgen_install.sh + ./v_packetgen_install.sh + + + # Virtual Sink instantiation + vsn_private_0_port: + type: OS::Neutron::Port + properties: + network: { get_resource: protected_private_network } + binding:vnic_type: { get_param: vsn_private_0_port_vnic_type} + fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vsn_private_1_port: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + binding:vnic_type: { get_param: vsn_private_1_port_vnic_type} + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}] + security_groups: + - { get_param: sec_group } + + vsn_0: + type: OS::Nova::Server + properties: + image: { get_param: vfw_image_name } + flavor: { get_param: sink_flavor_name } + name: { get_param: vsn_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vsn_private_0_port } + - port: { get_resource: vsn_private_1_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }, sdnc_model_name: { get_param: sdnc_model_name }, sdnc_model_version: { get_param: sdnc_model_version }, sdnc_artifact_name: { get_param: sdnc_artifact_name }} + user_data_format: RAW + user_data: + str_replace: + params: + __protected_net_gw__: { get_param: vfw_private_ip_1 } + __unprotected_net__: { get_param: unprotected_private_net_cidr } + __install_script_version__ : { get_param: install_script_version } + __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 } + __vsn_private_ip_1__ : { get_param: vsn_private_ip_1 } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt + echo "__unprotected_net__" > /opt/config/unprotected_net.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt + echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_sink_install.sh + cd /opt + chmod +x v_sink_install.sh + ./v_sink_install.sh diff --git a/heat/vFW_HPA/vFWCL/vFWSNK/MANIFEST.json b/heat/vFW_HPA/vFWCL/vFWSNK/MANIFEST.json new file mode 100644 index 00000000..49383787 --- /dev/null +++ b/heat/vFW_HPA/vFWCL/vFWSNK/MANIFEST.json @@ -0,0 +1,17 @@ +{ + "name": "", + "description": "", + "data": [ + { + "file": "base_vfw.yaml", + "type": "HEAT", + "isBase": "true", + "data": [ + { + "file": "base_vfw.env", + "type": "HEAT_ENV" + } + ] + } + ] +} diff --git a/heat/vFW_HPA/vFWCL/vFWSNK/base_vfw.env b/heat/vFW_HPA/vFWCL/vFWSNK/base_vfw.env new file mode 100644 index 00000000..5e5189ab --- /dev/null +++ b/heat/vFW_HPA/vFWCL/vFWSNK/base_vfw.env @@ -0,0 +1,37 @@ +parameters: + image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + firewall_flavor_name: PUT THE FIREWALL VM FLAVOR NAME HERE (m1.medium suggested) + sink_flavor_name: PUT THE SINK VM FLAVOR NAME HERE (m1.medium suggested) + public_net_id: PUT THE PUBLIC NETWORK ID HERE + unprotected_private_net_id: zdfw1fwl01_unprotected + unprotected_private_subnet_id: zdfw1fwl01_unprotected_sub + unprotected_private_net_cidr: 192.168.10.0/24 + protected_private_net_id: zdfw1fwl01_protected + protected_private_subnet_id: zdfw1fwl01_protected_sub + protected_private_net_cidr: 192.168.20.0/24 + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + vfw_private_ip_0: 192.168.10.100 + vfw_private_ip_1: 192.168.20.100 + vfw_private_ip_2: 10.0.100.1 + vpg_private_ip_0: 192.168.10.200 + vsn_private_ip_0: 192.168.20.250 + vsn_private_ip_1: 10.0.100.3 + vfw_private_0_port_vnic_type: normal or direct + vfw_private_1_port_vnic_type: normal or direct + vfw_private_2_port_vnic_type: normal or direct + vsn_private_0_port_vnic_type: normal or direct + vsn_private_1_port_vnic_type: normal or direct + vfw_name_0: zdfw1fwl01fwl01 + vsn_name_0: zdfw1fwl01snk01 + vnf_id: vFirewall_demo_app + vf_module_id: vFirewallCL + dcae_collector_ip: 10.0.4.1 + dcae_collector_port: 8081 + demo_artifacts_version: 1.3.0-SNAPSHOT + install_script_version: 1.3.0-SNAPSHOT + key_name: vfw_key + pub_key: PUT YOUR KEY HERE + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vFW_HPA/vFWCL/vFWSNK/base_vfw.yaml b/heat/vFW_HPA/vFWCL/vFWSNK/base_vfw.yaml new file mode 100644 index 00000000..13045840 --- /dev/null +++ b/heat/vFW_HPA/vFWCL/vFWSNK/base_vfw.yaml @@ -0,0 +1,381 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Heat template that deploys vFirewall Closed Loop demo app (vFW and vSink) for ONAP + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + firewall_flavor_name: + type: string + label: Firewall Flavor + description: Type of instance (flavor) to be used for firewall VM + sink_flavor_name: + type: string + label: Sink Flavor + description: Type of instance (flavor) to be used for vsink VM + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + unprotected_private_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + unprotected_private_subnet_id: + type: string + label: Unprotected private subnetwork name or ID + description: Private subnetwork of the protected network + unprotected_private_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + protected_private_net_id: + type: string + label: Protected private network name or ID + description: Private network that connects vFirewall with vSink + protected_private_subnet_id: + type: string + label: Protected private subnetwork name or ID + description: Private subnetwork of the unprotected network + protected_private_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_private_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vfw_private_ip_1: + type: string + label: vFirewall private IP address towards the protected network + description: Private IP address that is assigned to the vFirewall to communicate with the vSink + vfw_private_ip_2: + type: string + label: vFirewall private IP address towards the ONAP management network + description: Private IP address that is assigned to the vFirewall to communicate with ONAP components + vpg_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vsn_private_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vsn_private_ip_1: + type: string + label: vSink private IP address towards the ONAP management network + description: Private IP address that is assigned to the vSink to communicate with ONAP components + vfw_private_0_port_vnic_type: + type: string + description: vfw port 0 vnic type (normal, direct) + vfw_private_1_port_vnic_type: + type: string + description: vfw port 1 vnic type (normal, direct) + vfw_private_2_port_vnic_type: + type: string + description: vfw port 2 vnic type (normal, direct) + vsn_private_0_port_vnic_type: + type: string + description: vsn port 0 vnic type (normal, direct) + vsn_private_1_port_vnic_type: + type: string + description: vsn port 1 vnic type (normal, direct) + vfw_name_0: + type: string + label: vFirewall name + description: Name of the vFirewall + vsn_name_0: + type: string + label: vSink name + description: Name of the vSink + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: vFirewall module ID + description: The vFirewall Module ID is provided by ONAP + dcae_collector_ip: + type: string + label: DCAE collector IP address + description: IP address of the DCAE collector + dcae_collector_port: + type: string + label: DCAE collector port + description: Port of the DCAE collector + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + default: "https://nexus.onap.org" + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + +############# +# # +# RESOURCES # +# # +############# + +resources: + random-str: + type: OS::Heat::RandomString + properties: + length: 4 + + my_keypair: + type: OS::Nova::KeyPair + properties: + name: + str_replace: + template: base_rand + params: + base: { get_param: key_name } + rand: { get_resource: random-str } + public_key: { get_param: pub_key } + save_private_key: false + + unprotected_private_network: + type: OS::Neutron::Net + properties: + name: { get_param: unprotected_private_net_id } + + unprotected_private_subnet: + type: OS::Neutron::Subnet + properties: + name: { get_param: unprotected_private_subnet_id } + network_id: { get_resource: unprotected_private_network } + cidr: { get_param: unprotected_private_net_cidr } + + protected_private_network: + type: OS::Neutron::Net + properties: + name: { get_param: protected_private_net_id } + + protected_private_subnet: + type: OS::Neutron::Subnet + properties: + name: { get_param: protected_private_subnet_id } + network_id: { get_resource: protected_private_network } + cidr: { get_param: protected_private_net_cidr } + + # Virtual Firewall instantiation + vfw_private_0_port: + type: OS::Neutron::Port + properties: + network: { get_resource: unprotected_private_network } + binding:vnic_type: { get_param: vfw_private_0_port_vnic_type} + fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_private_1_port: + type: OS::Neutron::Port + properties: + allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] + network: { get_resource: protected_private_network } + binding:vnic_type: { get_param: vfw_private_1_port_vnic_type} + fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}] + security_groups: + - { get_param: sec_group } + + vfw_private_2_port: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + binding:vnic_type: { get_param: vfw_private_2_port_vnic_type} + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}] + security_groups: + - { get_param: sec_group } + + vfw_0: + type: OS::Nova::Server + properties: + image: { get_param: image_name } + flavor: { get_param: firewall_flavor_name } + name: { get_param: vfw_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vfw_private_0_port } + - port: { get_resource: vfw_private_1_port } + - port: { get_resource: vfw_private_2_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} + user_data_format: RAW + user_data: + str_replace: + params: + __dcae_collector_ip__ : { get_param: dcae_collector_ip } + __dcae_collector_port__ : { get_param: dcae_collector_port } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vfw_private_ip_0__ : { get_param: vfw_private_ip_0 } + __vfw_private_ip_1__ : { get_param: vfw_private_ip_1 } + __vfw_private_ip_2__ : { get_param: vfw_private_ip_2 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt + echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vfw_private_ip_0__" > /opt/config/vfw_private_ip_0.txt + echo "__vfw_private_ip_1__" > /opt/config/vfw_private_ip_1.txt + echo "__vfw_private_ip_2__" > /opt/config/vfw_private_ip_2.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_firewall_install.sh + cd /opt + chmod +x v_firewall_install.sh + ./v_firewall_install.sh + + + # Virtual Sink instantiation + vsn_private_0_port: + type: OS::Neutron::Port + properties: + network: { get_resource: protected_private_network } + binding:vnic_type: { get_param: vsn_private_0_port_vnic_type} + fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vsn_private_1_port: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + binding:vnic_type: { get_param: vsn_private_1_port_vnic_type} + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}] + security_groups: + - { get_param: sec_group } + + vsn_0: + type: OS::Nova::Server + properties: + image: { get_param: image_name } + flavor: { get_param: sink_flavor_name } + name: { get_param: vsn_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vsn_private_0_port } + - port: { get_resource: vsn_private_1_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} + user_data_format: RAW + user_data: + str_replace: + params: + __protected_net_gw__: { get_param: vfw_private_ip_1 } + __unprotected_net__: { get_param: unprotected_private_net_cidr } + __install_script_version__ : { get_param: install_script_version } + __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 } + __vsn_private_ip_1__ : { get_param: vsn_private_ip_1 } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt + echo "__unprotected_net__" > /opt/config/unprotected_net.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt + echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_sink_install.sh + cd /opt + chmod +x v_sink_install.sh + ./v_sink_install.sh diff --git a/heat/vFW_HPA/vFWCL/vPKG/MANIFEST.json b/heat/vFW_HPA/vFWCL/vPKG/MANIFEST.json new file mode 100644 index 00000000..482b4294 --- /dev/null +++ b/heat/vFW_HPA/vFWCL/vPKG/MANIFEST.json @@ -0,0 +1,17 @@ +{ + "name": "", + "description": "", + "data": [ + { + "file": "base_vpkg.yaml", + "type": "HEAT", + "isBase": "true", + "data": [ + { + "file": "base_vpkg.env", + "type": "HEAT_ENV" + } + ] + } + ] +} diff --git a/heat/vFW_HPA/vFWCL/vPKG/base_vpkg.env b/heat/vFW_HPA/vFWCL/vPKG/base_vpkg.env new file mode 100644 index 00000000..c65aa723 --- /dev/null +++ b/heat/vFW_HPA/vFWCL/vPKG/base_vpkg.env @@ -0,0 +1,26 @@ +parameters: + image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + packetgen_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + public_net_id: PUT THE PUBLIC NETWORK ID HERE + unprotected_private_net_id: zdfw1fwl01_unprotected + unprotected_private_subnet_id: zdfw1fwl01_unprotected_sub + unprotected_private_net_cidr: 192.168.10.0/24 + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + protected_private_net_cidr: 192.168.20.0/24 + vfw_private_ip_0: 192.168.10.100 + vpg_private_ip_0: 192.168.10.200 + vpg_private_ip_1: 10.0.100.2 + vsn_private_ip_0: 192.168.20.250 + vpg_private_0_port_vnic_type: normal or direct + vpg_private_1_port_vnic_type: normal or direct + vpg_name_0: zdfw1fwl01pgn01 + vnf_id: vPNG_Firewall_demo_app + vf_module_id: vTrafficPNG + demo_artifacts_version: 1.3.0-SNAPSHOT + install_script_version: 1.3.0-SNAPSHOT + key_name: vfw_key + pub_key: PUT YOUR PUBLIC KEY HERE + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vFW_HPA/vFWCL/vPKG/base_vpkg.yaml b/heat/vFW_HPA/vFWCL/vPKG/base_vpkg.yaml new file mode 100644 index 00000000..20d76a28 --- /dev/null +++ b/heat/vFW_HPA/vFWCL/vPKG/base_vpkg.yaml @@ -0,0 +1,234 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Heat template that deploys the vFirewall Traffic Generator demo app for ONAP + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + packetgen_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + unprotected_private_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + unprotected_private_subnet_id: + type: string + label: Unprotected private sub-network name or ID + description: Private subnetwork for the unprotected network + unprotected_private_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + protected_private_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_private_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vsn_private_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vpg_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vpg_private_ip_1: + type: string + label: vPacketGenerator private IP address towards the ONAP management network + description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components + vpg_private_0_port_vnic_type: + type: string + description: vpg port 0 vnic type (normal, direct) + vpg_private_1_port_vnic_type: + type: string + description: vpg port 1 vnic type (normal, direct) + vpg_name_0: + type: string + label: vPacketGenerator name + description: Name of the vPacketGenerator + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: vPNG Traffic Generator module ID + description: The vPNG Module ID is provided by ONAP + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + default: "https://nexus.onap.org" + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + +############# +# # +# RESOURCES # +# # +############# + +resources: + random-str: + type: OS::Heat::RandomString + properties: + length: 4 + + my_keypair: + type: OS::Nova::KeyPair + properties: + name: + str_replace: + template: base_rand + params: + base: { get_param: key_name } + rand: { get_resource: random-str } + public_key: { get_param: pub_key } + save_private_key: false + + + # Virtual Packet Generator instantiation + vpg_private_0_port: + type: OS::Neutron::Port + properties: + network: { get_param: unprotected_private_net_id } + binding:vnic_type: { get_param: vpg_private_0_port_vnic_type} + fixed_ips: [{"subnet": { get_param: unprotected_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vpg_private_1_port: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + binding:vnic_type: { get_param: vpg_private_1_port_vnic_type} + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}] + security_groups: + - { get_param: sec_group } + + vpg_0: + type: OS::Nova::Server + properties: + image: { get_param: image_name } + flavor: { get_param: packetgen_flavor_name } + name: { get_param: vpg_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vpg_private_0_port } + - port: { get_resource: vpg_private_1_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} + user_data_format: RAW + user_data: + str_replace: + params: + __fw_ipaddr__: { get_param: vfw_private_ip_0 } + __protected_net_cidr__: { get_param: protected_private_net_cidr } + __sink_ipaddr__: { get_param: vsn_private_ip_0 } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vpg_private_ip_0__ : { get_param: vpg_private_ip_0 } + __vpg_private_ip_1__ : { get_param: vpg_private_ip_1 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__fw_ipaddr__" > /opt/config/fw_ipaddr.txt + echo "__protected_net_cidr__" > /opt/config/protected_net_cidr.txt + echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt + echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh + cd /opt + chmod +x v_packetgen_install.sh + ./v_packetgen_install.sh |