aboutsummaryrefslogtreecommitdiffstats
path: root/heat/vIPsec
diff options
context:
space:
mode:
authorRuoyu Ying <ruoyu.ying@intel.com>2019-07-08 20:35:12 +0800
committerGary Wu <gary.wu@futurewei.com>2019-07-08 17:41:00 +0000
commit3627a6c1f7c09ce92ab42a53c79bca2bebee8183 (patch)
tree2fb5a61a89cf1e648ab22f8f557bc77347a8bd59 /heat/vIPsec
parente572d10757521a870f02c3524388de48f4418deb (diff)
Further enhancement for the vIPSec script
* Setup vpp through scripts instead of using the vipsec image due to cloud init limitation * Add router to fix network issues that happens randomly Issue-ID: INT-793 Signed-off-by: Ruoyu Ying <ruoyu.ying@intel.com> Change-Id: I55ee8d9e2d2bf06d69b223a3e8d45b8b10b6b0c7
Diffstat (limited to 'heat/vIPsec')
-rw-r--r--heat/vIPsec/vIPsec/base_vipsec.env97
-rw-r--r--heat/vIPsec/vIPsec/base_vipsec.yaml417
2 files changed, 303 insertions, 211 deletions
diff --git a/heat/vIPsec/vIPsec/base_vipsec.env b/heat/vIPsec/vIPsec/base_vipsec.env
index 6146ff5c..f29eb4fc 100644
--- a/heat/vIPsec/vIPsec/base_vipsec.env
+++ b/heat/vIPsec/vIPsec/base_vipsec.env
@@ -1,58 +1,61 @@
parameters:
- vipsec_image_name: PUT THE VM IMAGE NAME HERE (IPSEC image required)
+ basic_image_name: ubuntu-16.04
ipsec_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.large suggested)
sink_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested)
packetgen_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested)
- public_net_id: PUT THE PUBLIC NETWORK ID HERE
- protected_clientA_private_net_id: zdfw1fwl01_unprotected
- protected_clientB_private_net_id: zdfw1fwl01_protected
- onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE
- onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE
- ipsec_private_net_id: PUT THE IPSEC PRIVATE NETWORK NAME HERE
- ipsec_private_subnet_id: PUT THE IPSEC PRIVATE NETWORK NAME HERE
- protected_clientA_private_net_cidr: 192.168.10.0/24
- protected_clientB_private_net_cidr: 192.168.20.0/24
- onap_private_net_cidr: 10.0.0.0/16
- ipsec_private_net_cidr: 192.168.30.0/24
- vipsec_A_private_ip_0: 192.168.10.100
- vipsec_B_private_ip_0: 192.168.20.100
- vipsec_A_private_ip_1: 10.0.100.1
- vipsec_B_private_ip_1: 10.0.100.4
- vipsec_A_private_ip_2: 10.0.30.100
- vipsec_B_private_ip_2: 10.0.30.101
- vpg_private_ip_0: 192.168.10.200
- vpg_private_ip_1: 10.0.100.2
- vsn_private_ip_0: 192.168.20.250
- vsn_private_ip_1: 10.0.100.3
- vipsec_name_0: zdfw1fwl01fwl01
- vipsec_name_1: zdfw1fwl01fwl02
- vpg_name_0: zdfw1fwl01pgn01
- vsn_name_0: zdfw1fwl01snk01
- vipsec_A_private_0_port_vnic_type: normal or direct
- vipsec_B_private_0_port_vnic_type: normal or direct
- vipsec_private_1_port_vnic_type: normal or direct
- vipsec_private_2_port_vnic_type: normal or direct
- vpg_private_0_port_vnic_type: normal or direct
- vpg_private_1_port_vnic_type: normal or direct
- vsn_private_0_port_vnic_type: normal or direct
- vsn_private_1_port_vnic_type: normal or direct
- input_device_interface_A: TwentyFiveGigabitEthernet18/0/0
- input_device_interface_B: TwentyFiveGigabitEthernet18/0/1
- output_device_interface_A: TwentyFiveGigabitEthernet18/0/0
- output_device_interface_B: TwentyFiveGigabitEthernet18/0/1
- input_interface_A: 0000:00:06.0
- input_interface_B: 0000:00:06.0
- output_interface_A: 0000:00:07.0
- output_interface_B: 0000:00:07.0
+ public_net_id: external
+ protected_clientA_private_net_id: private_net_clientA
+ protected_clientB_private_net_id: private_net_clientB
+ protected_clientA_provider_net_id: private-1
+ protected_clientB_provider_net_id: private-1
+ onap_private_net_id: oam_onap_vnf_test
+ onap_private_subnet_id: oam_onap_vnf_test
+ ipsec_private_net_id: ipsec_net
+ ipsec_provider_net_id: private-1
+ protected_clientA_private_net_cidr: 192.168.70.0/24
+ protected_clientB_private_net_cidr: 192.168.80.0/24
+ onap_private_net_cidr: 20.0.0.0/16
+ ipsec_private_net_cidr: 192.168.100.0/24
+ vipsec_A_private_ip_0: 192.168.70.100
+ vipsec_B_private_ip_0: 192.168.80.100
+ vipsec_A_private_ip_1: 20.0.100.7
+ vipsec_B_private_ip_1: 20.0.100.8
+ vipsec_A_private_ip_2: 192.168.100.3
+ vipsec_B_private_ip_2: 192.168.100.4
+ vpg_private_ip_0: 192.168.70.200
+ vpg_private_ip_1: 20.0.100.10
+ vsn_private_ip_0: 192.168.80.250
+ vsn_private_ip_1: 20.0.100.9
+ vipsec_name_0: ipsec01
+ vipsec_name_1: ipsec02
+ vpg_name_0: vpg01
+ vsn_name_0: vsn01
+ vipsec_A_private_0_port_vnic_type: direct
+ vipsec_B_private_0_port_vnic_type: direct
+ vipsec_private_1_port_vnic_type: normal
+ vipsec_private_2_port_vnic_type: direct
+ vpg_private_0_port_vnic_type: direct
+ vpg_private_1_port_vnic_type: normal
+ vsn_private_0_port_vnic_type: direct
+ vsn_private_1_port_vnic_type: normal
+ input_device_interface_A: VirtualFunctionEthernet0/5/0
+ input_device_interface_B: VirtualFunctionEthernet0/6/0
+ output_device_interface_A: VirtualFunctionEthernet0/6/0
+ output_device_interface_B: VirtualFunctionEthernet0/5/0
+ input_interface_A: 0000:00:05.0
+ input_interface_B: 0000:00:05.0
+ output_interface_A: 0000:00:06.0
+ output_interface_B: 0000:00:06.0
ipsec_A_MAC_address: 1:00:00:00:00:01
ipsec_B_MAC_address: 11:11:11:11:00:11
+ ipsec_config: /opt/config/ipsec.config
+ vpp_config: /opt/config/vpp.config
vnf_id: vIPsec_demo_app
vf_module_id: vIPsec
dcae_collector_ip: 10.0.4.1
- dcae_collector_port: 30235
- demo_artifacts_version: 1.5.0-SNAPSHOT
- install_script_version: 1.5.0-SNAPSHOT
+ dcae_collector_port: 8081
+ demo_artifacts_version: 1.4.0-SNAPSHOT
+ install_script_version: 1.4.0-SNAPSHOT
key_name: vipsec_key
- pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN
+ pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxk+Rp4jv6Ni0wJJQlY6jzcYgb/ujLFwOtVFX1mB6sAH35QnbJ5gj694If6eGg0qST+6GBUhUf856Jt4l7lLrfmJbisi2/IiRQHjbRgf4DmJ2Uko1sTqPjH80wyaBzRhmomA0Q2YtRypfQB2DrGP5a96iLil1N1h8pTL81Pw6J3VkgA53jFwv2+Pbn6vGCFGyFesDq5NZi5aEb4AWuHcXhhI4lxzBMDyXcNyaDsw1PNh+Mh3TaAdmuxA/vhbzaxY/WUHIbyNl8KBjDBWIue6tk1GXZ6lj259TEA5v76oDbqcPoSIKqQEYd5XvUTqgziVCA8SHx+XrjMydeBYr+7/RT
cloud_env: openstack
- sec_group: PUT THE ONAP SECURITY GROUP HERE
diff --git a/heat/vIPsec/vIPsec/base_vipsec.yaml b/heat/vIPsec/vIPsec/base_vipsec.yaml
index 6d401415..d64f30d3 100644
--- a/heat/vIPsec/vIPsec/base_vipsec.yaml
+++ b/heat/vIPsec/vIPsec/base_vipsec.yaml
@@ -31,10 +31,10 @@ description: Heat template that deploys vIPsec demo app for ONAP
##############
parameters:
- vipsec_image_name:
+ basic_image_name:
type: string
label: Image name or ID
- description: Image to be used for compute instance
+ description: Image to be used for IPsec compute instance
ipsec_flavor_name:
type: string
label: IPsec Flavor
@@ -51,18 +51,26 @@ parameters:
type: string
label: Public network name or ID
description: Public network that enables remote connection to VNF
- external_net_id:
- type: string
- label: External network name or ID
- description: External network that connects the two IPsec gateways
protected_clientA_private_net_id:
type: string
- label: Unprotected private network name or ID
+ label: protected private network name or ID
description: Private network that connects vPacketGenerator with vIPsec gateway A
protected_clientB_private_net_id:
type: string
label: Protected private network name or ID
description: Private network that connects vIPsec gateway B with vSink
+ protected_clientA_provider_net_id:
+ type: string
+ label: Provider network name or ID for client A
+ description: Private network that connects vPacketGenerator with vIPsec gateway A
+ protected_clientB_provider_net_id:
+ type: string
+ label: Provider network name or ID for client B
+ description: Private network that connects vIPsec gateway B with vSink
+ ipsec_provider_net_id:
+ type: string
+ label: Provider network name or ID between IPsec gateways
+ description: Private network that connects vIPsec gateway B with vIPsec gateway A
onap_private_net_id:
type: string
label: ONAP management network name or ID
@@ -75,10 +83,6 @@ parameters:
type: string
label: IPsec private network name or ID
description: Private network that connects the two IPsec VNFs
- ipsec_private_subnet_id:
- type: string
- label: IPsec sub-network name or ID
- description: Private sub-network that connects the two IPsec VNFs
protected_clientA_private_net_cidr:
type: string
label: Unprotected private network CIDR
@@ -223,18 +227,6 @@ parameters:
type: string
label: Cloud environment
description: Cloud environment (e.g., openstack, rackspace)
- sec_group:
- type: string
- description: ONAP Security Group
- sdnc_model_name:
- type: string
- description: SDNC Model Name metatada
- sdnc_model_version:
- type: string
- description: SDNC Model Version metatada
- sdnc_artifact_name:
- type: string
- description: SDNC Artifact Name metatada
input_device_interface_A:
type: string
description: Device BDF name for the interface
@@ -296,15 +288,73 @@ resources:
public_key: { get_param: pub_key }
save_private_key: false
- protected_clientA_private_network:
+ security_group_ipsec:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ name: "ipsec_sg"
+ rules:
+ - {direction: ingress, remote_ip_prefix: 0.0.0.0/0, protocol: icmp }
+ - {direction: ingress, remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 22, port_range_max: 22}
+
+ onap_private_net:
type: OS::Neutron::Net
properties:
+ name: { get_param: onap_private_net_id }
+
+ onap_private_subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ name: { get_param: onap_private_subnet_id }
+ network_id: { get_resource: onap_private_net }
+ cidr: { get_param: onap_private_net_cidr }
+ dns_nameservers: [ "8.8.8.8" ]
+
+ router:
+ type: OS::Neutron::Router
+ properties:
+ name:
+ list_join: ['-', [{ get_param: 'OS::stack_name' }, 'router']]
+ external_gateway_info:
+ network: { get_param: public_net_id }
+
+ oam_router_interface:
+ type: OS::Neutron::RouterInterface
+ properties:
+ router_id: { get_resource: router }
+ subnet_id: { get_resource: onap_private_subnet }
+
+ ipsec_0_floating_ip:
+ type: OS::Neutron::FloatingIP
+ properties:
+ floating_network_id: { get_param: public_net_id }
+ port_id: { get_resource: vipsec_A_private_1_port }
+
+ ipsec_1_floating_ip:
+ type: OS::Neutron::FloatingIP
+ properties:
+ floating_network_id: { get_param: public_net_id }
+ port_id: { get_resource: vipsec_B_private_1_port }
+
+ protected_clientA_private_network:
+ type: OS::Neutron::ProviderNet
+ properties:
name: { get_param: protected_clientA_private_net_id }
+ physical_network: { get_param: protected_clientA_provider_net_id }
+ network_type: vlan
protected_clientB_private_network:
- type: OS::Neutron::Net
+ type: OS::Neutron::ProviderNet
properties:
name: { get_param: protected_clientB_private_net_id }
+ physical_network: { get_param: protected_clientB_provider_net_id }
+ network_type: vlan
+
+ protected_ipsec_network:
+ type: OS::Neutron::ProviderNet
+ properties:
+ name: { get_param: ipsec_private_net_id }
+ physical_network: { get_param: ipsec_provider_net_id }
+ network_type: vlan
protected_clientA_private_subnet:
type: OS::Neutron::Subnet
@@ -318,75 +368,79 @@ resources:
network_id: { get_resource: protected_clientB_private_network }
cidr: { get_param: protected_clientB_private_net_cidr }
+ ipsec_private_subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ network_id: { get_resource: protected_ipsec_network }
+ cidr: { get_param: ipsec_private_net_cidr }
+
# Virtual IPsec instantiation
vipsec_A_private_0_port:
type: OS::Neutron::Port
properties:
network: { get_resource: protected_clientA_private_network }
binding:vnic_type: { get_param: vipsec_A_private_0_port_vnic_type}
- fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet}, "ipaddress": { get_param: vipsec_A_private_ip_0 }}]
+ fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet}, "ip_address": { get_param: vipsec_A_private_ip_0 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
vipsec_A_private_1_port:
type: OS::Neutron::Port
properties:
- #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
- network: { get_param: onap_private_net_id }
+ network: { get_resource: onap_private_net }
binding:vnic_type: { get_param: vipsec_private_1_port_vnic_type}
- fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vipsec_A_private_ip_1 }}]
+ fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vipsec_A_private_ip_1 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
vipsec_A_private_2_port:
type: OS::Neutron::Port
properties:
- #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
- network: { get_param: ipsec_private_net_id }
+ allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
+ network: { get_resource: protected_ipsec_network }
binding:vnic_type: { get_param: vipsec_private_2_port_vnic_type}
- fixed_ips: [{"subnet": { get_param: ipsec_private_subnet_id }, "ip_address": { get_param: vipsec_A_private_ip_2 }}]
+ fixed_ips: [{"subnet": { get_resource: ipsec_private_subnet }, "ip_address": { get_param: vipsec_A_private_ip_2 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
vipsec_B_private_0_port:
type: OS::Neutron::Port
properties:
network: { get_resource: protected_clientB_private_network }
binding:vnic_type: { get_param: vipsec_B_private_0_port_vnic_type}
- fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet}, "ipaddress": { get_param: vipsec_B_private_ip_0 }}]
+ fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet}, "ip_address": { get_param: vipsec_B_private_ip_0 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
vipsec_B_private_1_port:
type: OS::Neutron::Port
properties:
- #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
- network: { get_param: onap_private_net_id }
+ network: { get_resource: onap_private_net }
binding:vnic_type: { get_param: vipsec_private_1_port_vnic_type}
- fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vipsec_B_private_ip_1 }}]
+ fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vipsec_B_private_ip_1 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
vipsec_B_private_2_port:
type: OS::Neutron::Port
properties:
- network: { get_param: ipsec_private_net_id }
+ network: { get_resource: protected_ipsec_network }
binding:vnic_type: { get_param: vipsec_private_2_port_vnic_type}
- fixed_ips: [{"subnet": { get_param: ipsec_private_subnet_id }, "ip_address": { get_param: vipsec_B_private_ip_2 }}]
+ fixed_ips: [{"subnet": { get_resource: ipsec_private_subnet }, "ip_address": { get_param: vipsec_B_private_ip_2 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
vipsec_0:
type: OS::Nova::Server
properties:
- image: { get_param: vipsec_image_name }
+ image: { get_param: basic_image_name }
flavor: { get_param: ipsec_flavor_name }
name: { get_param: vipsec_name_0 }
key_name: { get_resource: my_keypair }
networks:
- - network: { get_param: public_net_id }
- port: { get_resource: vipsec_A_private_0_port }
- port: { get_resource: vipsec_A_private_1_port }
+ - port: { get_resource: vipsec_A_private_2_port }
metadata: { vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
user_data_format: RAW
user_data:
@@ -434,10 +488,23 @@ resources:
# Download and run install script
apt-get update
- cd /root/comms/dpdk/x86_64-native-linuxapp-gcc/kmod
- modeprobe uio
- insmod igb_uio.ko
+ wget https://packagecloud.io/install/repositories/fdio/release/script.deb.sh
+ bash ./script.deb.sh
+ apt install -y vpp
+ apt install -y vpp-plugin-dpdk
+ apt install -y make gcc libnuma-dev python
cd /opt
+ git clone http://dpdk.org/git/dpdk
+ cd dpdk
+ export RTE_TARGET=x86_64-native-linuxapp-gcc/
+ export DESTDIR=/opt/dpdk
+ export RTE_SDK=/opt/dpdk
+ make install T=x86_64-native-linux-gcc
+ modprobe uio
+ insmod x86_64-native-linux-gcc/kmod/igb_uio.ko
+ python ./usertools/dpdk-devbind.py -b igb_uio 00:06.0
+ python ./usertools/dpdk-devbind.py -b igb_uio 00:05.0
+ cd /opt/config
cat > __vpp_config__<< NEWFILE
unix {
@@ -470,7 +537,6 @@ resources:
}
vdev crypto_aesni_gcm0
- num-mbufs 370000
no-multi-seg
}
@@ -509,14 +575,14 @@ resources:
vipsec_1:
type: OS::Nova::Server
properties:
- image: { get_param: vipsec_image_name }
+ image: { get_param: basic_image_name }
flavor: { get_param: ipsec_flavor_name }
name: { get_param: vipsec_name_1 }
key_name: { get_resource: my_keypair }
networks:
- - network: { get_param: public_net_id }
- port: { get_resource: vipsec_B_private_0_port }
- port: { get_resource: vipsec_B_private_1_port }
+ - port: { get_resource: vipsec_B_private_2_port }
metadata: { vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
user_data_format: RAW
user_data:
@@ -564,10 +630,23 @@ resources:
# Download and run install script
apt-get update
- cd /root/comms/dpdk/x86_64-native-linuxapp-gcc/kmod
- modeprobe uio
- insmod igb_uio.ko
+ wget https://packagecloud.io/install/repositories/fdio/release/script.deb.sh
+ bash ./script.deb.sh
+ apt install -y vpp
+ apt install -y vpp-plugin-dpdk
+ apt install -y make gcc libnuma-dev python
cd /opt
+ git clone http://dpdk.org/git/dpdk
+ cd /opt/dpdk
+ export RTE_TARGET=x86_64-native-linuxapp-gcc/
+ export DESTDIR=/opt/dpdk
+ export RTE_SDK=/opt/dpdk
+ make install T=x86_64-native-linux-gcc
+ modprobe uio
+ insmod x86_64-native-linux-gcc/kmod/igb_uio.ko
+ python ./usertools/dpdk-devbind.py -b igb_uio 00:05.0
+ python ./usertools/dpdk-devbind.py -b igb_uio 00:06.0
+ cd /opt/config
cat > __vpp_config__<< NEWFILE
unix {
@@ -600,7 +679,6 @@ resources:
}
vdev crypto_aesni_gcm0
- num-mbufs 370000
no-multi-seg
}
@@ -645,70 +723,76 @@ resources:
binding:vnic_type: { get_param: vpg_private_0_port_vnic_type}
fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
vpg_private_1_port:
type: OS::Neutron::Port
properties:
- network: { get_param: onap_private_net_id }
+ network: { get_resource: onap_private_net }
binding:vnic_type: { get_param: vpg_private_1_port_vnic_type}
- fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}]
+ fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vpg_private_ip_1 }}]
security_groups:
- - { get_param: sec_group }
-
- vpg_0:
- type: OS::Nova::Server
- properties:
- image: { get_param: vipsec_image_name }
- flavor: { get_param: packetgen_flavor_name }
- name: { get_param: vpg_name_0 }
- key_name: { get_resource: my_keypair }
- networks:
- - network: { get_param: public_net_id }
- - port: { get_resource: vpg_private_0_port }
- - port: { get_resource: vpg_private_1_port }
- metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
- user_data_format: RAW
- user_data:
- str_replace:
- params:
- __ipsec_ipaddr__: { get_param: vipsec_A_private_ip_0 }
- __protected_clientB_net_cidr__: { get_param: protected_clientB_private_net_cidr }
- __sink_ipaddr__: { get_param: vsn_private_ip_0 }
- __demo_artifacts_version__ : { get_param: demo_artifacts_version }
- __install_script_version__ : { get_param: install_script_version }
- __vpg_private_ip_0__ : { get_param: vpg_private_ip_0 }
- __vpg_private_ip_1__ : { get_param: vpg_private_ip_1 }
- __protected_clientA_net_cidr__ : { get_param: protected_clientA_private_net_cidr }
- __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
- __cloud_env__ : { get_param: cloud_env }
- __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
- template: |
- #!/bin/bash
+ - { get_resource: security_group_ipsec }
- # Create configuration files
- mkdir /opt/config
- echo "__ipsec_ipaddr__" > /opt/config/vipsec_ipaddr.txt
- echo "__protected_clientB_net_cidr__" > /opt/config/protected_clientB_net_cidr.txt
- echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt
- echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
- echo "__install_script_version__" > /opt/config/install_script_version.txt
- echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt
- echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt
- echo "__protected_clientA__net_cidr__" > /opt/config/protected_clientA_net_cidr.txt
- echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
- echo "__cloud_env__" > /opt/config/cloud_env.txt
- echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
- # Download and run install script
- apt-get update
- apt-get -y install unzip
- if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
- curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip
- unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh
- cd /opt
- chmod +x v_packetgen_install.sh
- ./v_packetgen_install.sh
+ vpg_0_floating_ip:
+ type: OS::Neutron::FloatingIP
+ properties:
+ floating_network_id: { get_param: public_net_id }
+ port_id: { get_resource: vpg_private_1_port }
+
+ vpg_0:
+ type: OS::Nova::Server
+ properties:
+ image: { get_param: basic_image_name }
+ flavor: { get_param: packetgen_flavor_name }
+ name: { get_param: vpg_name_0 }
+ key_name: { get_resource: my_keypair }
+ networks:
+ - port: { get_resource: vpg_private_0_port }
+ - port: { get_resource: vpg_private_1_port }
+ metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
+ user_data_format: RAW
+ user_data:
+ str_replace:
+ params:
+ __ipsec_ipaddr__: { get_param: vipsec_A_private_ip_0 }
+ __protected_clientB_net_cidr__: { get_param: protected_clientB_private_net_cidr }
+ __sink_ipaddr__: { get_param: vsn_private_ip_0 }
+ __demo_artifacts_version__ : { get_param: demo_artifacts_version }
+ __install_script_version__ : { get_param: install_script_version }
+ __vpg_private_ip_0__ : { get_param: vpg_private_ip_0 }
+ __vpg_private_ip_1__ : { get_param: vpg_private_ip_1 }
+ __protected_clientA_net_cidr__ : { get_param: protected_clientA_private_net_cidr }
+ __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
+ __cloud_env__ : { get_param: cloud_env }
+ __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
+ template: |
+ #!/bin/bash
+
+ # Create configuration files
+ mkdir /opt/config
+ echo "__ipsec_ipaddr__" > /opt/config/vipsec_ipaddr.txt
+ echo "__protected_clientB_net_cidr__" > /opt/config/protected_clientB_net_cidr.txt
+ echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt
+ echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
+ echo "__install_script_version__" > /opt/config/install_script_version.txt
+ echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt
+ echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt
+ echo "__protected_clientA__net_cidr__" > /opt/config/protected_clientA_net_cidr.txt
+ echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
+ echo "__cloud_env__" > /opt/config/cloud_env.txt
+ echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
+
+ # Download and run install script
+ apt-get update
+ apt-get -y install unzip
+ if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
+ curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip
+ unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh
+ cd /opt
+ chmod +x v_packetgen_install.sh
+ ./v_packetgen_install.sh
# Virtual Sink instantiation
@@ -719,63 +803,68 @@ resources:
binding:vnic_type: { get_param: vsn_private_0_port_vnic_type}
fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
vsn_private_1_port:
type: OS::Neutron::Port
properties:
- network: { get_param: onap_private_net_id }
+ network: { get_resource: onap_private_net }
binding:vnic_type: { get_param: vsn_private_1_port_vnic_type}
- fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}]
+ fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vsn_private_ip_1 }}]
security_groups:
- - { get_param: sec_group }
+ - { get_resource: security_group_ipsec }
- vsn_0:
- type: OS::Nova::Server
+ vsn_floating_ip:
+ type: OS::Neutron::FloatingIP
properties:
- image: { get_param: vipsec_image_name }
- flavor: { get_param: sink_flavor_name }
- name: { get_param: vsn_name_0 }
- key_name: { get_resource: my_keypair }
- networks:
- - network: { get_param: public_net_id }
- - port: { get_resource: vsn_private_0_port }
- - port: { get_resource: vsn_private_1_port }
- metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
- user_data_format: RAW
- user_data:
- str_replace:
- params:
- __protected_net_gw__: { get_param: vipsec_B_private_ip_0 }
- __protected_net_A__: { get_param: protected_clientA_private_net_cidr }
- __install_script_version__ : { get_param: install_script_version }
- __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 }
- __vsn_private_ip_1__ : { get_param: vsn_private_ip_1 }
- __protected_clientB_private_net_cidr__ : { get_param: protected_clientB_private_net_cidr }
- __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
- __cloud_env__ : { get_param: cloud_env }
- __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
- template: |
- #!/bin/bash
-
- # Create configuration files
- mkdir /opt/config
- echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt
- echo "__protected_net_A__" > /opt/config/protected_net_A.txt
- echo "__install_script_version__" > /opt/config/install_script_version.txt
- echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt
- echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt
- echo "__protected_clientB_private_net_cidr__" > /opt/config/protected_clientB_private_net_cidr.txt
- echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
- echo "__cloud_env__" > /opt/config/cloud_env.txt
- echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
-
- # Download and run install script
- apt-get update
- apt-get -y install unzip
- if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
- curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip
- unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_sink_install.sh
- cd /opt
- chmod +x v_sink_install.sh
- ./v_sink_install.sh
+ floating_network_id: { get_param: public_net_id }
+ port_id: { get_resource: vsn_private_1_port }
+
+ vsn_0:
+ type: OS::Nova::Server
+ properties:
+ image: { get_param: basic_image_name }
+ flavor: { get_param: sink_flavor_name }
+ name: { get_param: vsn_name_0 }
+ key_name: { get_resource: my_keypair }
+ networks:
+ - port: { get_resource: vsn_private_0_port }
+ - port: { get_resource: vsn_private_1_port }
+ metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
+ user_data_format: RAW
+ user_data:
+ str_replace:
+ params:
+ __protected_net_gw__: { get_param: vipsec_B_private_ip_0 }
+ __protected_net_A__: { get_param: protected_clientA_private_net_cidr }
+ __install_script_version__ : { get_param: install_script_version }
+ __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 }
+ __vsn_private_ip_1__ : { get_param: vsn_private_ip_1 }
+ __protected_clientB_private_net_cidr__ : { get_param: protected_clientB_private_net_cidr }
+ __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
+ __cloud_env__ : { get_param: cloud_env }
+ __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
+ template: |
+ #!/bin/bash
+
+ # Create configuration files
+ mkdir /opt/config
+ echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt
+ echo "__protected_net_A__" > /opt/config/protected_net_A.txt
+ echo "__install_script_version__" > /opt/config/install_script_version.txt
+ echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt
+ echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt
+ echo "__protected_clientB_private_net_cidr__" > /opt/config/protected_clientB_private_net_cidr.txt
+ echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
+ echo "__cloud_env__" > /opt/config/cloud_env.txt
+ echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
+
+ # Download and run install script
+ apt-get update
+ apt-get -y install unzip
+ if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
+ curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip
+ unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_sink_install.sh
+ cd /opt
+ chmod +x v_sink_install.sh
+ ./v_sink_install.sh