diff options
author | Lukasz Rajewski <lukasz.rajewski@orange.com> | 2018-09-28 11:00:24 +0200 |
---|---|---|
committer | Lukasz Rajewski <lukasz.rajewski@orange.com> | 2018-09-28 15:14:50 +0200 |
commit | 602868b48a92ef2fc1814d71f6fc713d836850a8 (patch) | |
tree | fe4db5a813285180dc4106abcc4f30f0dd2d81b3 /heat/vFWDT/vFWSNK/base_vfw.yaml | |
parent | 18ef61806ca74186ef1b45c5b854c4b2658f857c (diff) |
Heat templates for vFW and Traffic Distribution
Modified featg templates for vFW use case that allow to
create two instances of vFW and vSink. Change was required
for tests of Distribute Traffic LCM action in SDN-C and APP-C
Also templates have improved way for association of
floationg IP and installation of vFW components also is corrected.
Change-Id: I47f95c5e01fa4a37c75b8dfe50ed474be5288522
Issue-ID: CCSDK-449
Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com>
Diffstat (limited to 'heat/vFWDT/vFWSNK/base_vfw.yaml')
-rwxr-xr-x | heat/vFWDT/vFWSNK/base_vfw.yaml | 385 |
1 files changed, 385 insertions, 0 deletions
diff --git a/heat/vFWDT/vFWSNK/base_vfw.yaml b/heat/vFWDT/vFWSNK/base_vfw.yaml new file mode 100755 index 00000000..bb2888c2 --- /dev/null +++ b/heat/vFWDT/vFWSNK/base_vfw.yaml @@ -0,0 +1,385 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018 Orange Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Heat template that deploys vFirewall Closed Loop demo app (vFW and vSink) for ONAP + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + unprotected_private_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + unprotected_private_subnet_id: + type: string + label: Unprotected private subnetwork name or ID + description: Private subnetwork of the protected network + unprotected_private_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + protected_private_net_id: + type: string + label: Protected private network name or ID + description: Private network that connects vFirewall with vSink + protected_private_subnet_id: + type: string + label: Protected private subnetwork name or ID + description: Private subnetwork of the unprotected network + protected_private_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + ext_private_net_id: + type: string + label: external private network name or ID + description: Private network that enables connection to the public network + ext_private_subnet_id: + type: string + label: External private subnetwork name or ID + description: Private subnetwork that enables connection to the public network + ext_private_net_cidr: + type: string + label: External private network CIDR + description: The CIDR of the external private network + vfw_private_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vfw_private_ip_1: + type: string + label: vFirewall private IP address towards the protected network + description: Private IP address that is assigned to the vFirewall to communicate with the vSink + vfw_private_ip_2: + type: string + label: vFirewall private IP address towards the ONAP management network + description: Private IP address that is assigned to the vFirewall to communicate with ONAP components + vfw_private_ip_3: + type: string + label: vFirewall private IP address towards public + description: Private IP address that is assigned to the vFirewall to communicate with internet + vpg_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vsn_private_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vsn_private_ip_1: + type: string + label: vSink private IP address towards the ONAP management network + description: Private IP address that is assigned to the vSink to communicate with ONAP components + vsn_private_ip_2: + type: string + label: vSink private IP address towards public + description: Private IP address that is assigned to the vSink to communicate with internet + vfw_name_0: + type: string + label: vFirewall name + description: Name of the vFirewall + vsn_name_0: + type: string + label: vSink name + description: Name of the vSink + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: vFirewall module ID + description: The vFirewall Module ID is provided by ONAP + dcae_collector_ip: + type: string + label: DCAE collector IP address + description: IP address of the DCAE collector + dcae_collector_port: + type: string + label: DCAE collector port + description: Port of the DCAE collector + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + repo_url_blob: + type: string + label: Repository URL + description: URL of the repository that hosts the demo packages + repo_url_artifacts: + type: string + label: Repository URL + description: URL of the repository that hosts the demo packages + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + +############# +# # +# RESOURCES # +# # +############# + +resources: + random-str: + type: OS::Heat::RandomString + properties: + length: 4 + + my_keypair: + type: OS::Nova::KeyPair + properties: + name: + str_replace: + template: base_rand + params: + base: { get_param: key_name } + rand: { get_resource: random-str } + public_key: { get_param: pub_key } + save_private_key: false + + # Virtual Firewall instantiation + vfw_private_0_port: + type: OS::Neutron::Port + properties: + network: { get_param: unprotected_private_net_id } + fixed_ips: [{"subnet": { get_param: unprotected_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_private_1_port: + type: OS::Neutron::Port + properties: + allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] + network: { get_param: protected_private_net_id } + fixed_ips: [{"subnet": { get_param: protected_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_1 }}] + security_groups: + - { get_param: sec_group } + + vfw_private_2_port: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}] + security_groups: + - { get_param: sec_group } + + vfw_private_3_port: + type: OS::Neutron::Port + properties: + network: { get_param: ext_private_net_id } + fixed_ips: [{"subnet": { get_param: ext_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_3 }}] + security_groups: + - { get_param: sec_group } + + vfw_ext_floatingip: + type: OS::Neutron::FloatingIP + properties: + floating_network: { get_param: public_net_id } + port_id: { get_resource: vfw_private_3_port } + + vfw_0: + type: OS::Nova::Server + properties: + image: { get_param: image_name } + flavor: { get_param: flavor_name } + name: { get_param: vfw_name_0 } + key_name: { get_resource: my_keypair } + networks: + - port: { get_resource: vfw_private_3_port } + - port: { get_resource: vfw_private_0_port } + - port: { get_resource: vfw_private_1_port } + - port: { get_resource: vfw_private_2_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} + user_data_format: RAW + user_data: + str_replace: + params: + __dcae_collector_ip__ : { get_param: dcae_collector_ip } + __dcae_collector_port__ : { get_param: dcae_collector_port } + __repo_url_blob__ : { get_param: repo_url_blob } + __repo_url_artifacts__ : { get_param: repo_url_artifacts } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vfw_private_ip_0__ : { get_param: vfw_private_ip_0 } + __vfw_private_ip_1__ : { get_param: vfw_private_ip_1 } + __vfw_private_ip_2__ : { get_param: vfw_private_ip_2 } + __vfw_private_ip_3__ : { get_param: vfw_private_ip_3 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt + echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt + echo "__repo_url_blob__" > /opt/config/repo_url_blob.txt + echo "__repo_url_artifacts__" > /opt/config/repo_url_artifacts.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vfw_private_ip_0__" > /opt/config/vfw_private_ip_0.txt + echo "__vfw_private_ip_1__" > /opt/config/vfw_private_ip_1.txt + echo "__vfw_private_ip_2__" > /opt/config/vfw_private_ip_2.txt + echo "__vfw_private_ip_3__" > /opt/config/vfw_private_ip_3.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + + # Download and run install script + curl -k __repo_url_blob__/org.onap.demo/vnfs/vfw/__install_script_version__/v_firewall_install.sh -o /opt/v_firewall_install.sh + cd /opt + chmod +x v_firewall_install.sh + ./v_firewall_install.sh + + + # Virtual Sink instantiation + vsn_private_0_port: + type: OS::Neutron::Port + properties: + network: { get_param: protected_private_net_id } + fixed_ips: [{"subnet": { get_param: protected_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vsn_private_1_port: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}] + security_groups: + - { get_param: sec_group } + + vsn_private_2_port: + type: OS::Neutron::Port + properties: + network: { get_param: ext_private_net_id } + fixed_ips: [{"subnet": { get_param: ext_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_2 }}] + security_groups: + - { get_param: sec_group } + + vsn_ext_floatingip: + type: OS::Neutron::FloatingIP + properties: + floating_network: { get_param: public_net_id } + port_id: { get_resource: vsn_private_2_port } + + vsn_0: + type: OS::Nova::Server + properties: + image: { get_param: image_name } + flavor: { get_param: flavor_name } + name: { get_param: vsn_name_0 } + key_name: { get_resource: my_keypair } + networks: + - port: { get_resource: vsn_private_2_port } + - port: { get_resource: vsn_private_0_port } + - port: { get_resource: vsn_private_1_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} + user_data_format: RAW + user_data: + str_replace: + params: + __protected_net_gw__: { get_param: vfw_private_ip_1 } + __unprotected_net__: { get_param: unprotected_private_net_cidr } + __repo_url_blob__ : { get_param: repo_url_blob } + __repo_url_artifacts__ : { get_param: repo_url_artifacts } + __install_script_version__ : { get_param: install_script_version } + __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 } + __vsn_private_ip_1__ : { get_param: vsn_private_ip_1 } + __vsn_private_ip_2__ : { get_param: vsn_private_ip_2 } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt + echo "__unprotected_net__" > /opt/config/unprotected_net.txt + echo "__repo_url_blob__" > /opt/config/repo_url_blob.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt + echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt + echo "__vsn_private_ip_2__" > /opt/config/vsn_private_ip_2.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + + # Download and run install script + curl -k __repo_url_blob__/org.onap.demo/vnfs/vfw/__install_script_version__/v_sink_install.sh -o /opt/v_sink_install.sh + cd /opt + chmod +x v_sink_install.sh + ./v_sink_install.sh |