diff options
22 files changed, 1242 insertions, 24 deletions
diff --git a/heat/vFWCL_arm64/vFWSNK/MANIFEST.json b/heat/vFWCL_arm64/vFWSNK/MANIFEST.json new file mode 100644 index 00000000..49383787 --- /dev/null +++ b/heat/vFWCL_arm64/vFWSNK/MANIFEST.json @@ -0,0 +1,17 @@ +{ + "name": "", + "description": "", + "data": [ + { + "file": "base_vfw.yaml", + "type": "HEAT", + "isBase": "true", + "data": [ + { + "file": "base_vfw.env", + "type": "HEAT_ENV" + } + ] + } + ] +} diff --git a/heat/vFWCL_arm64/vFWSNK/base_vfw.env b/heat/vFWCL_arm64/vFWSNK/base_vfw.env new file mode 100644 index 00000000..6b7e334c --- /dev/null +++ b/heat/vFWCL_arm64/vFWSNK/base_vfw.env @@ -0,0 +1,53 @@ +parameters: + + # VM_TYPE: vfw + vfw_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vfw_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + vfw_int_unprotected_private_ip_0: 192.168.10.100 + vfw_int_protected_private_ip_0: 192.168.20.100 + vfw_onap_private_ip_0: 10.0.100.1 + # vpg_private_ip_0: 192.168.10.200 + # this is the private ip 0 for vpg + vfw_int_protected_private_floating_ip: 192.168.10.200 + vfw_name_0: zdfw1fwl01fwl01 + + # VM_TYPE: vsn + vsn_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vsn_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + vsn_int_protected_private_ip_0: 192.168.20.250 + vsn_onap_private_ip_0: 10.0.100.3 + vsn_name_0: zdfw1fwl01snk01 + + # NETWORK_ROLE: public + public_net_id: PUT THE PUBLIC NETWORK ID HERE + + # NETWORK_ROLE: unprotected_private + int_unprotected_private_net_id: zdfw1fwl01_unprotected + int_unprotected_private_subnet_id: zdfw1fwl01_unprotected_sub + unprotected_private_net_cidr: 192.168.10.0/24 + + # NETWORK_ROLE: protected_private + int_protected_private_net_id: zdfw1fwl01_protected + int_protected_private_subnet_id: zdfw1fwl01_protected_sub + protected_private_net_cidr: 192.168.20.0/24 + + # NETWORK_ROLE: onap_private + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + + # METADATA + vnf_name: vFWSNK + vnf_id: vFirewall_demo_app + vf_module_id: vFirewallCL + + # APP/USER_DATA + dcae_collector_ip: 10.0.4.1 + dcae_collector_port: 30235 + demo_artifacts_version: 1.4.0-SNAPSHOT + install_script_version: 1.4.0-SNAPSHOT + key_name: vfw_key + pub_key: PUT YOUR KEY HERE + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE + nexus_artifact_repo: https://nexus.onap.org diff --git a/heat/vFWCL_arm64/vFWSNK/base_vfw.yaml b/heat/vFWCL_arm64/vFWSNK/base_vfw.yaml new file mode 100644 index 00000000..d30a64fc --- /dev/null +++ b/heat/vFWCL_arm64/vFWSNK/base_vfw.yaml @@ -0,0 +1,395 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Heat template that deploys vFirewall Closed Loop demo app (vFW and vSink) for ONAP + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + vfw_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vfw_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + vsn_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vsn_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + int_unprotected_private_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + int_unprotected_private_subnet_id: + type: string + label: Unprotected private subnetwork name or ID + description: Private subnetwork of the protected network + unprotected_private_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + int_protected_private_net_id: + type: string + label: Protected private network name or ID + description: Private network that connects vFirewall with vSink + int_protected_private_subnet_id: + type: string + label: Protected private subnetwork name or ID + description: Private subnetwork of the unprotected network + protected_private_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_int_unprotected_private_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vfw_int_protected_private_ip_0: + type: string + label: vFirewall private IP address towards the protected network + description: Private IP address that is assigned to the vFirewall to communicate with the vSink + vfw_onap_private_ip_0: + type: string + label: vFirewall private IP address towards the ONAP management network + description: Private IP address that is assigned to the vFirewall to communicate with ONAP components + vfw_int_protected_private_floating_ip: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vsn_int_protected_private_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vsn_onap_private_ip_0: + type: string + label: vSink private IP address towards the ONAP management network + description: Private IP address that is assigned to the vSink to communicate with ONAP components + vfw_name_0: + type: string + label: vFirewall name + description: Name of the vFirewall + vsn_name_0: + type: string + label: vSink name + description: Name of the vSink + vnf_name: + type: string + label: VNF NAME + description: The VNF NAME is provided by ONAP + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: vFirewall module ID + description: The vFirewall Module ID is provided by ONAP + dcae_collector_ip: + type: string + label: DCAE collector IP address + description: IP address of the DCAE collector + dcae_collector_port: + type: string + label: DCAE collector port + description: Port of the DCAE collector + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + +############# +# # +# RESOURCES # +# # +############# + +resources: + random-str: + type: OS::Heat::RandomString + properties: + length: 4 + + my_keypair: + type: OS::Nova::KeyPair + properties: + name: + str_replace: + template: vnfname_base_rand + params: + base: { get_param: key_name } + vnfname: { get_param: vnf_name } + rand: { get_resource: random-str } + public_key: { get_param: pub_key } + save_private_key: false + + int_unprotected_private_network: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: vnfname_netid + params: + netid: { get_param: int_unprotected_private_net_id } + vnfname: { get_param: vnf_name } + + int_unprotected_private_subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: vnfname_subnetid + params: + subnetid: { get_param: int_unprotected_private_subnet_id } + vnfname: { get_param: vnf_name } + network: { get_resource: int_unprotected_private_network } + cidr: { get_param: unprotected_private_net_cidr } + + int_protected_private_network: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: vnfname_netid + params: + netid: { get_param: int_protected_private_net_id } + vnfname: { get_param: vnf_name } + + int_protected_private_subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: vnfname_subnetid + params: + subnetid: { get_param: int_protected_private_subnet_id } + vnfname: { get_param: vnf_name } + network: { get_resource: int_protected_private_network } + cidr: { get_param: protected_private_net_cidr } + + # Virtual Firewall instantiation + vfw_0_int_unprotected_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_resource: int_unprotected_private_network } + fixed_ips: [{"subnet": { get_resource: int_unprotected_private_subnet }, "ip_address": { get_param: vfw_int_unprotected_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_0_int_protected_private_port_0: + type: OS::Neutron::Port + properties: + allowed_address_pairs: [{ "ip_address": { get_param: vfw_int_protected_private_floating_ip }}] + network: { get_resource: int_protected_private_network } + fixed_ips: [{"subnet": { get_resource: int_protected_private_subnet }, "ip_address": { get_param: vfw_int_protected_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_0_onap_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_onap_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_server_0: + type: OS::Nova::Server + properties: + image: { get_param: vfw_image_name } + flavor: { get_param: vfw_flavor_name } + name: { get_param: vfw_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vfw_0_int_unprotected_private_port_0 } + - port: { get_resource: vfw_0_int_protected_private_port_0 } + - port: { get_resource: vfw_0_onap_private_port_0 } + metadata: + vnf_name: { get_param: vnf_name } + vnf_id: { get_param: vnf_id } + vf_module_id: { get_param: vf_module_id } + user_data_format: RAW + user_data: + str_replace: + params: + __dcae_collector_ip__ : { get_param: dcae_collector_ip } + __dcae_collector_port__ : { get_param: dcae_collector_port } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vfw_private_ip_0__ : { get_param: vfw_int_unprotected_private_ip_0 } + __vfw_private_ip_1__ : { get_param: vfw_int_protected_private_ip_0 } + __vfw_private_ip_2__ : { get_param: vfw_onap_private_ip_0 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt + echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vfw_private_ip_0__" > /opt/config/vfw_private_ip_0.txt + echo "__vfw_private_ip_1__" > /opt/config/vfw_private_ip_1.txt + echo "__vfw_private_ip_2__" > /opt/config/vfw_private_ip_2.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_firewall_install_arm64.sh + cd /opt + chmod +x v_firewall_install_arm64.sh + ./v_firewall_install_arm64.sh + + + # Virtual Sink instantiation + vsn_0_int_protected_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_resource: int_protected_private_network } + fixed_ips: [{"subnet": { get_resource: int_protected_private_subnet }, "ip_address": { get_param: vsn_int_protected_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vsn_0_onap_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_onap_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vsn_server_0: + type: OS::Nova::Server + properties: + image: { get_param: vsn_image_name } + flavor: { get_param: vsn_flavor_name } + name: { get_param: vsn_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vsn_0_int_protected_private_port_0 } + - port: { get_resource: vsn_0_onap_private_port_0 } + metadata: + vnf_name: { get_param: vnf_name } + vnf_id: { get_param: vnf_id } + vf_module_id: { get_param: vf_module_id } + user_data_format: RAW + user_data: + str_replace: + params: + __protected_net_gw__: { get_param: vfw_int_protected_private_ip_0 } + __unprotected_net__: { get_param: unprotected_private_net_cidr } + __install_script_version__ : { get_param: install_script_version } + __vsn_private_ip_0__ : { get_param: vsn_int_protected_private_ip_0 } + __vsn_private_ip_1__ : { get_param: vsn_onap_private_ip_0 } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt + echo "__unprotected_net__" > /opt/config/unprotected_net.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt + echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_sink_install_arm64.sh + cd /opt + chmod +x v_sink_install_arm64.sh + ./v_sink_install_arm64.sh diff --git a/heat/vFWCL_arm64/vPKG/MANIFEST.json b/heat/vFWCL_arm64/vPKG/MANIFEST.json new file mode 100644 index 00000000..482b4294 --- /dev/null +++ b/heat/vFWCL_arm64/vPKG/MANIFEST.json @@ -0,0 +1,17 @@ +{ + "name": "", + "description": "", + "data": [ + { + "file": "base_vpkg.yaml", + "type": "HEAT", + "isBase": "true", + "data": [ + { + "file": "base_vpkg.env", + "type": "HEAT_ENV" + } + ] + } + ] +} diff --git a/heat/vFWCL_arm64/vPKG/base_vpkg.env b/heat/vFWCL_arm64/vPKG/base_vpkg.env new file mode 100644 index 00000000..72396cec --- /dev/null +++ b/heat/vFWCL_arm64/vPKG/base_vpkg.env @@ -0,0 +1,40 @@ +parameters: + + # VM_TYPE: vpg + vpg_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vpg_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + vpg_unprotected_private_ip_0: 192.168.10.200 + vpg_onap_private_ip_0: 10.0.100.2 + vpg_name_0: zdfw1fwl01pgn01 + + # NETWORK_ROLE: public + public_net_id: PUT THE PUBLIC NETWORK ID HERE + + # NETWORK_ROLE: unprotected_private + unprotected_private_net_id: vFWSNK_zdfw1fwl01_unprotected + unprotected_private_subnet_id: vFWSNK_zdfw1fwl01_unprotected_sub + unprotected_private_net_cidr: 192.168.10.0/24 + + # NETWORK_ROLE: onap_private + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + + # NETWORK_ROLE: protected_private + protected_private_net_cidr: 192.168.20.0/24 + + # METADATA + vnf_name: vPGK + vnf_id: vPNG_Firewall_demo_app + vf_module_id: vTrafficPNG + + # APP/USER_DATA + vfw_private_ip_0: 192.168.10.100 + vsn_private_ip_0: 192.168.20.250 + demo_artifacts_version: 1.4.0-SNAPSHOT + install_script_version: 1.4.0-SNAPSHOT + key_name: vfw_key + pub_key: PUT YOUR PUBLIC KEY HERE + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE + nexus_artifact_repo: https://nexus.onap.org
\ No newline at end of file diff --git a/heat/vFWCL_arm64/vPKG/base_vpkg.yaml b/heat/vFWCL_arm64/vPKG/base_vpkg.yaml new file mode 100644 index 00000000..2a3c36d1 --- /dev/null +++ b/heat/vFWCL_arm64/vPKG/base_vpkg.yaml @@ -0,0 +1,233 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Heat template that deploys the vFirewall Traffic Generator demo app for ONAP + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + vpg_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vpg_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + unprotected_private_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + unprotected_private_subnet_id: + type: string + label: Unprotected private sub-network name or ID + description: Private subnetwork for the unprotected network + unprotected_private_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + protected_private_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_private_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vsn_private_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vpg_unprotected_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vpg_onap_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the ONAP management network + description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components + vpg_name_0: + type: string + label: vPacketGenerator name + description: Name of the vPacketGenerator + vnf_name: + type: string + label: VNF NAME + description: The VNF NAME is provided by ONAP + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: vPNG Traffic Generator module ID + description: The vPNG Module ID is provided by ONAP + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + +############# +# # +# RESOURCES # +# # +############# + +resources: + random-str: + type: OS::Heat::RandomString + properties: + length: 4 + + my_keypair: + type: OS::Nova::KeyPair + properties: + name: + str_replace: + template: vnfname_base_rand + params: + vnfname: { get_param: vnf_name } + base: { get_param: key_name } + rand: { get_resource: random-str } + public_key: { get_param: pub_key } + save_private_key: false + + + # Virtual Packet Generator instantiation + vpg_0_unprotected_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: unprotected_private_net_id } + fixed_ips: [{"subnet": { get_param: unprotected_private_subnet_id }, "ip_address": { get_param: vpg_unprotected_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vpg_0_onap_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_onap_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vpg_server_0: + type: OS::Nova::Server + properties: + image: { get_param: vpg_image_name } + flavor: { get_param: vpg_flavor_name } + name: { get_param: vpg_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vpg_0_unprotected_private_port_0 } + - port: { get_resource: vpg_0_onap_private_port_0 } + metadata: + vnf_name: { get_param: vnf_name } + vnf_id: { get_param: vnf_id } + vf_module_id: { get_param: vf_module_id } + user_data_format: RAW + user_data: + str_replace: + params: + __fw_ipaddr__: { get_param: vfw_private_ip_0 } + __protected_net_cidr__: { get_param: protected_private_net_cidr } + __sink_ipaddr__: { get_param: vsn_private_ip_0 } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vpg_private_ip_0__ : { get_param: vpg_unprotected_private_ip_0 } + __vpg_private_ip_1__ : { get_param: vpg_onap_private_ip_0 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__fw_ipaddr__" > /opt/config/fw_ipaddr.txt + echo "__protected_net_cidr__" > /opt/config/protected_net_cidr.txt + echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt + echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_packetgen_install_arm64.sh + cd /opt + chmod +x v_packetgen_install_arm64.sh + ./v_packetgen_install_arm64.sh diff --git a/vnfs/VES/bldjobs/Makefile b/vnfs/VES/bldjobs/Makefile index 659f02fb..058deca7 100644 --- a/vnfs/VES/bldjobs/Makefile +++ b/vnfs/VES/bldjobs/Makefile @@ -26,13 +26,14 @@ #****************************************************************************** ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/.. EVELLIB_ROOT=$(CODE_ROOT)/code/evel_library EVELDEMO_ROOT=$(CODE_ROOT)/code/evel_demo EVELUNIT_ROOT=$(CODE_ROOT)/code/evel_unit EVELTRAINING_ROOT=$(CODE_ROOT)/code/evel_training -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) -OUTPUT_DIR=$(CODE_ROOT)/output/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) +OUTPUT_DIR=$(CODE_ROOT)/output/$(MACHINE_ARCH) DOCS_ROOT=$(CODE_ROOT)/docs CC=gcc SCP=scp @@ -46,8 +47,13 @@ PLANTFLAGS=-tsvg # Standard compiler flags. * #****************************************************************************** CPPFLAGS=-I $(EVELLIB_ROOT) -CFLAGS=-Wall -Wextra -m$(ARCH) -g -fPIC -LIBCFLAGS=-Wall -Wextra -m$(ARCH) -g -shared -fPIC +ifeq ($(MACHINE_ARCH), aarch64) + CFLAGS=-Wall -Wextra -march=native -g -fPIC + LIBCFLAGS=-Wall -Wextra -march=native -g -shared -fPIC +else + CFLAGS=-Wall -Wextra -m$(ARCH) -g -fPIC + LIBCFLAGS=-Wall -Wextra -m$(ARCH) -g -shared -fPIC +endif #****************************************************************************** # The testbed is a VM instance where we can install the EVEL example under * @@ -251,7 +257,7 @@ evel_test_centos: evel_install_centos @echo Testing EVEL Demo application on CentOS... @$(SSH) $(VNF_TESTBED_CENTOS_USER)@$(VNF_TESTBED_CENTOS) \ source .bash_profile \; \ - $(TESTBED_CENTOS_INSTALL_PATH)/output/x86_$(ARCH)/evel_demo \ + $(TESTBED_CENTOS_INSTALL_PATH)/output/$(MACHINE_ARCH)/evel_demo \ --fqdn $(VNF_COLLECTOR_HOST) \ --port $(VNF_COLLECTOR_PORT) \ --verbose @@ -265,7 +271,7 @@ evel_test_ubuntu: evel_install_ubuntu @echo Testing EVEL Demo application on Ubuntu... @$(SSH) $(VNF_TESTBED_UBUNTU_USER)@$(VNF_TESTBED_UBUNTU) \ source .profile \; \ - $(TESTBED_UBUNTU_INSTALL_PATH)/output/x86_$(ARCH)/evel_demo \ + $(TESTBED_UBUNTU_INSTALL_PATH)/output/$(MACHINE_ARCH)/evel_demo \ --fqdn $(VNF_COLLECTOR_HOST) \ --port $(VNF_COLLECTOR_PORT) \ --verbose @@ -293,8 +299,8 @@ package: api_library_clean \ @cd $(CODE_ROOT) && tar cfz output/evel-library-package.tgz bldjobs \ code \ docs \ - libs/x86_64/README \ - output/x86_64/README \ + libs/$(MACHINE_ARCH)/README \ + output/$(MACHINE_ARCH)/README \ readme.md package_clean: diff --git a/vnfs/VES5.0/evel/evel-library/bldjobs/Makefile b/vnfs/VES5.0/evel/evel-library/bldjobs/Makefile index 1c327d3d..fe06f81a 100644 --- a/vnfs/VES5.0/evel/evel-library/bldjobs/Makefile +++ b/vnfs/VES5.0/evel/evel-library/bldjobs/Makefile @@ -26,12 +26,13 @@ #****************************************************************************/ ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/.. EVELLIB_ROOT=$(CODE_ROOT)/code/evel_library EVELUNIT_ROOT=$(CODE_ROOT)/code/evel_unit EVELTRAINING_ROOT=$(CODE_ROOT)/code -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) -OUTPUT_DIR=$(CODE_ROOT)/output/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) +OUTPUT_DIR=$(CODE_ROOT)/output/$(MACHINE_ARCH) DOCS_ROOT=$(CODE_ROOT)/docs CC=gcc SCP=scp @@ -45,8 +46,13 @@ PLANTFLAGS=-tsvg # Standard compiler flags. * #****************************************************************************** CPPFLAGS=-I $(EVELLIB_ROOT) -CFLAGS=-Wall -Wextra -m$(ARCH) -g -fPIC -LIBCFLAGS=-Wall -Wextra -m$(ARCH) -g -shared -fPIC +ifeq ($(MACHINE_ARCH), aarch64) + CFLAGS=-Wall -Wextra -march=native -g -fPIC + LIBCFLAGS=-Wall -Wextra -march=native -g -shared -fPIC +else + CFLAGS=-Wall -Wextra -m$(ARCH) -g -fPIC + LIBCFLAGS=-Wall -Wextra -m$(ARCH) -g -shared -fPIC +endif #****************************************************************************** # The testbed is a VM instance where we can install the EVEL example under * @@ -253,7 +259,7 @@ evel_test_centos: evel_install_centos @echo Testing EVEL Demo application on CentOS... @$(SSH) $(VNF_TESTBED_CENTOS_USER)@$(VNF_TESTBED_CENTOS) \ source .bash_profile \; \ - $(TESTBED_CENTOS_INSTALL_PATH)/output/x86_$(ARCH)/evel_demo \ + $(TESTBED_CENTOS_INSTALL_PATH)/output/$(MACHINE_ARCH)/evel_demo \ --fqdn $(VNF_COLLECTOR_HOST) \ --port $(VNF_COLLECTOR_PORT) \ --verbose @@ -267,7 +273,7 @@ evel_test_ubuntu: evel_install_ubuntu @echo Testing EVEL Demo application on Ubuntu... @$(SSH) $(VNF_TESTBED_UBUNTU_USER)@$(VNF_TESTBED_UBUNTU) \ source .profile \; \ - $(TESTBED_UBUNTU_INSTALL_PATH)/output/x86_$(ARCH)/evel_demo \ + $(TESTBED_UBUNTU_INSTALL_PATH)/output/$(MACHINE_ARCH)/evel_demo \ --fqdn $(VNF_COLLECTOR_HOST) \ --port $(VNF_COLLECTOR_PORT) \ --verbose @@ -292,8 +298,8 @@ package: api_library_clean \ @cd $(CODE_ROOT) && tar cfz output/evel-library-package.tgz bldjobs \ code \ docs \ - libs/x86_64/README \ - output/x86_64/README \ + libs/$(MACHINE_ARCH)/README \ + output/$(MACHINE_ARCH)/README \ readme.md package_clean: diff --git a/vnfs/VES5.0/evel/evel-library/code/VESreporting_HB/Makefile b/vnfs/VES5.0/evel/evel-library/code/VESreporting_HB/Makefile index e0077597..1119f59a 100644 --- a/vnfs/VES5.0/evel/evel-library/code/VESreporting_HB/Makefile +++ b/vnfs/VES5.0/evel/evel-library/code/VESreporting_HB/Makefile @@ -17,9 +17,10 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. #CODE_ROOT=../code/evel-library -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) #LIBS_DIR=/usr/lib INCLUDE_DIR= -I $(CODE_ROOT)/code/evel_library -I . diff --git a/vnfs/VES5.0/evel/evel-library/code/VESreporting_fault/Makefile b/vnfs/VES5.0/evel/evel-library/code/VESreporting_fault/Makefile index 4837c7d1..87e0d4ac 100644 --- a/vnfs/VES5.0/evel/evel-library/code/VESreporting_fault/Makefile +++ b/vnfs/VES5.0/evel/evel-library/code/VESreporting_fault/Makefile @@ -17,9 +17,10 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. #CODE_ROOT=../code/evel-library -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) #LIBS_DIR=/usr/lib INCLUDE_DIR= -I $(CODE_ROOT)/code/evel_library -I . diff --git a/vnfs/VES5.0/evel/evel-library/code/VESreporting_syslog/Makefile b/vnfs/VES5.0/evel/evel-library/code/VESreporting_syslog/Makefile index 4b0fd85d..f0b4ed3b 100644 --- a/vnfs/VES5.0/evel/evel-library/code/VESreporting_syslog/Makefile +++ b/vnfs/VES5.0/evel/evel-library/code/VESreporting_syslog/Makefile @@ -17,9 +17,10 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. #CODE_ROOT=../code/evel-library -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) #LIBS_DIR=/usr/lib INCLUDE_DIR= -I $(CODE_ROOT)/code/evel_library -I . diff --git a/vnfs/VES5.0/evel/evel-library/code/VESreporting_vFW/Makefile b/vnfs/VES5.0/evel/evel-library/code/VESreporting_vFW/Makefile index 9d1812fa..f5e3c463 100644 --- a/vnfs/VES5.0/evel/evel-library/code/VESreporting_vFW/Makefile +++ b/vnfs/VES5.0/evel/evel-library/code/VESreporting_vFW/Makefile @@ -17,9 +17,10 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. #CODE_ROOT=../code/evel-library -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) #LIBS_DIR=/usr/lib INCLUDE_DIR= -I $(CODE_ROOT)/code/evel_library -I . diff --git a/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a b/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a Binary files differnew file mode 100755 index 00000000..0e17b9f8 --- /dev/null +++ b/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a diff --git a/vnfs/VESreporting_vFW/Makefile b/vnfs/VESreporting_vFW/Makefile index 77ca5742..f821b442 100644 --- a/vnfs/VESreporting_vFW/Makefile +++ b/vnfs/VESreporting_vFW/Makefile @@ -18,8 +18,9 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../../.. -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) INCLUDE_DIR=$(CODE_ROOT)/code/evel_library #****************************************************************************** diff --git a/vnfs/VESreporting_vFW5.0/Makefile b/vnfs/VESreporting_vFW5.0/Makefile index c9776e0e..66240d61 100644 --- a/vnfs/VESreporting_vFW5.0/Makefile +++ b/vnfs/VESreporting_vFW5.0/Makefile @@ -18,8 +18,9 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) INCLUDE_DIR=$(CODE_ROOT)/code/evel_library #****************************************************************************** diff --git a/vnfs/VESreporting_vLB/Makefile b/vnfs/VESreporting_vLB/Makefile index 094adabe..172e81c5 100644 --- a/vnfs/VESreporting_vLB/Makefile +++ b/vnfs/VESreporting_vLB/Makefile @@ -19,8 +19,9 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../../.. -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) INCLUDE_DIR=$(CODE_ROOT)/code/evel_library #****************************************************************************** diff --git a/vnfs/VESreporting_vLB5.0/Makefile b/vnfs/VESreporting_vLB5.0/Makefile index a9eb05e1..76029120 100644 --- a/vnfs/VESreporting_vLB5.0/Makefile +++ b/vnfs/VESreporting_vLB5.0/Makefile @@ -18,8 +18,9 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) INCLUDE_DIR=$(CODE_ROOT)/code/evel_library #****************************************************************************** diff --git a/vnfs/vFW/scripts/v_firewall_init_arm64.sh b/vnfs/vFW/scripts/v_firewall_init_arm64.sh new file mode 100755 index 00000000..7fce884c --- /dev/null +++ b/vnfs/vFW/scripts/v_firewall_init_arm64.sh @@ -0,0 +1,82 @@ +#!/bin/bash +set -x + +# Convert Network CIDR to Netmask +mask2cidr() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + *) echo "Error: $dec is not recognized"; exit 1 + esac + done + echo "$nbits" +} + +# Start VPP +if ! which start; then + echo "#!/bin/bash" > /usr/local/sbin/start + echo "systemctl start \$1" >> /usr/local/sbin/start + chmod u+x /usr/local/sbin/start +fi +start vpp +sleep 1 + +# Configure VPP for vFirewall +IPADDR1=$(ifconfig enp2s0 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +IPADDR2=$(ifconfig enp3s0 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +HWADDR1=$(ifconfig enp2s0 | grep -Po "HWaddr \K(.*)") +HWADDR2=$(ifconfig enp3s0 | grep -Po "HWaddr \K(.*)") +FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') +FAKE_HWADDR2=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') + +IPADDR1_MASK=$(ifconfig enp2s0 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR1_CIDR=$(mask2cidr $IPADDR1_MASK) +IPADDR2_MASK=$(ifconfig enp3s0 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR2_CIDR=$(mask2cidr $IPADDR2_MASK) + +ifconfig enp2s0 down +ifconfig enp3s0 down +ifconfig enp2s0 hw ether $FAKE_HWADDR1 +ifconfig enp3s0 hw ether $FAKE_HWADDR2 +ip addr flush dev enp2s0 +ip addr flush dev enp3s0 +ifconfig enp2s0 up +ifconfig enp3s0 up +vppctl tap connect tap111 hwaddr $HWADDR1 +vppctl tap connect tap222 hwaddr $HWADDR2 +vppctl set int ip address tapcli-0 $IPADDR1"/"$IPADDR1_CIDR +vppctl set int ip address tapcli-1 $IPADDR2"/"$IPADDR2_CIDR +vppctl set int state tapcli-0 up +vppctl set int state tapcli-1 up +brctl addbr br0 +brctl addif br0 tap111 +brctl addif br0 enp2s0 +brctl addbr br1 +brctl addif br1 tap222 +brctl addif br1 enp3s0 +ifconfig br0 up +ifconfig br1 up +sleep 1 + +# Start HoneyComb +VERSION=$(cat /opt/config/demo_artifacts_version.txt) +mkdir -p /var/lib/honeycomb/persist/{config,context}/ +echo "" > /var/lib/honeycomb/persist/context/data.json +echo "" > /var/lib/honeycomb/persist/config/data.json +# /opt/honeycomb/sample-distribution-$VERSION/honeycomb &>/dev/null &disown +systemctl restart honeycomb +sleep 1 + +# Start VES client +cd /opt/VES/evel/evel-library/code/VESreporting/ +./go-client.sh &>/dev/null &disown diff --git a/vnfs/vFW/scripts/v_firewall_install_arm64.sh b/vnfs/vFW/scripts/v_firewall_install_arm64.sh new file mode 100755 index 00000000..c97fa91f --- /dev/null +++ b/vnfs/vFW/scripts/v_firewall_install_arm64.sh @@ -0,0 +1,110 @@ +#!/bin/bash +set -x + +NEXUS_ARTIFACT_REPO=$(cat /opt/config/nexus_artifact_repo.txt) +DEMO_ARTIFACTS_VERSION=$(cat /opt/config/demo_artifacts_version.txt) +if [[ "$DEMO_ARTIFACTS_VERSION" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi +INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) +CLOUD_ENV=$(cat /opt/config/cloud_env.txt) + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# OpenStack network configuration +if [[ $CLOUD_ENV == "openstack" ]] +then + echo 127.0.0.1 $(hostname) >> /etc/hosts + + # Allow remote login as root + mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk + cp /home/ubuntu/.ssh/authorized_keys /root/.ssh + + MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + + IP=$(cat /opt/config/vfw_private_ip_0.txt) + BITS=$(cat /opt/config/unprotected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp2s0" >> /etc/network/interfaces + echo "iface enp2s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vfw_private_ip_1.txt) + BITS=$(cat /opt/config/protected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp3s0" >> /etc/network/interfaces + echo "iface enp3s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vfw_private_ip_2.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp4s0" >> /etc/network/interfaces + echo "iface enp4s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + ifup enp2s0 + ifup enp3s0 + ifup enp4s0 +fi + +# Download required dependencies +echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +apt-get update +apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk gcc libcurl4-openssl-dev python-pip bridge-utils apt-transport-https ca-certificates +pip install jsonschema + +# Download artifacts for virtual firewall +mkdir /opt/honeycomb +cd /opt + +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip v_firewall_init_arm64.sh > /opt/v_firewall_init.sh +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip vfirewall.sh > /opt/vfirewall.sh +wget -O sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf&a=sample-distribution&c=hc&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" +wget -O ves-$DEMO_ARTIFACTS_VERSION-demo.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.ves5&a=ves&c=demo&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" +wget -O ves_vfw_reporting-$DEMO_ARTIFACTS_VERSION-demo.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.ves5&a=ves_vfw_reporting&c=demo&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" + +tar -zmxvf ves-$DEMO_ARTIFACTS_VERSION-demo.tar.gz +mv ves-$DEMO_ARTIFACTS_VERSION VES +tar -zmxvf ves_vfw_reporting-$DEMO_ARTIFACTS_VERSION-demo.tar.gz +mv ves_vfw_reporting-$DEMO_ARTIFACTS_VERSION /opt/VES/evel/evel-library/code/VESreporting +tar -zmxvf sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz + +mv sample-distribution-$DEMO_ARTIFACTS_VERSION honeycomb +sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' honeycomb/sample-distribution-$DEMO_ARTIFACTS_VERSION/config/honeycomb.json +rm *.tar.gz + +chmod +x v_firewall_init.sh +chmod +x vfirewall.sh +chmod +x /opt/VES/evel/evel-library/code/VESreporting/go-client.sh + +# Install VPP +rm /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] http://linux.enea.com/apt-mk/xenial nightly extra" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/queens/main ./" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +apt-get update +apt-get -o Dpkg::Options::="--force-overwrite" install -y vpp vpp-lib vpp-dbg vpp-plugins vpp-dev dpdk dpdk-dev dpdk-igb-uio-dkms dpdk-rte-kni-dkms honeycomb +sleep 1 + +# Install VES +cd /opt/VES/evel/evel-library/bldjobs/ +make clean +make +sleep 1 + +# Run instantiation script +cd /opt +mv vfirewall.sh /etc/init.d +update-rc.d vfirewall.sh defaults +./v_firewall_init.sh diff --git a/vnfs/vFW/scripts/v_packetgen_init_arm64.sh b/vnfs/vFW/scripts/v_packetgen_init_arm64.sh new file mode 100755 index 00000000..ca2cb7c1 --- /dev/null +++ b/vnfs/vFW/scripts/v_packetgen_init_arm64.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -x + +# Convert Network CIDR to Netmask +mask2cidr() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + *) echo "Error: $dec is not recognized"; exit 1 + esac + done + echo "$nbits" +} + +# Start VPP +if ! which start; then + echo "#!/bin/bash" > /usr/local/sbin/start + echo "systemctl start \$1" >> /usr/local/sbin/start + chmod u+x /usr/local/sbin/start +fi +start vpp +sleep 1 + +# Configure VPP for vPacketGenerator +IPADDR1=$(ifconfig enp2s0 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +HWADDR1=$(ifconfig enp2s0 | grep -Po "HWaddr \K(.*)") +FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') +PROTECTED_NET_CIDR=$(cat /opt/config/protected_net_cidr.txt) +FW_IPADDR=$(cat /opt/config/fw_ipaddr.txt) +SINK_IPADDR=$(cat /opt/config/sink_ipaddr.txt) + +IPADDR1_MASK=$(ifconfig enp2s0 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR1_CIDR=$(mask2cidr $IPADDR1_MASK) + +ifconfig enp2s0 down +ifconfig enp2s0 hw ether $FAKE_HWADDR1 +ip addr flush dev enp2s0 +ifconfig enp2s0 up +vppctl tap connect tap111 hwaddr $HWADDR1 +vppctl set int ip address tapcli-0 $IPADDR1"/"$IPADDR1_CIDR +vppctl set int state tapcli-0 up +brctl addbr br0 +brctl addif br0 tap111 +brctl addif br0 enp2s0 +ifconfig br0 up +vppctl ip route add $PROTECTED_NET_CIDR via $FW_IPADDR +sleep 1 + +# Install packet streams +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp1 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp2 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp3 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp4 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp5 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp6 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp7 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp8 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp9 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp10 +vppctl exec /opt/pg_streams/stream_fw_udp1 +vppctl exec /opt/pg_streams/stream_fw_udp2 +vppctl exec /opt/pg_streams/stream_fw_udp3 +vppctl exec /opt/pg_streams/stream_fw_udp4 +vppctl exec /opt/pg_streams/stream_fw_udp5 +vppctl exec /opt/pg_streams/stream_fw_udp6 +vppctl exec /opt/pg_streams/stream_fw_udp7 +vppctl exec /opt/pg_streams/stream_fw_udp8 +vppctl exec /opt/pg_streams/stream_fw_udp9 +vppctl exec /opt/pg_streams/stream_fw_udp10 +sleep 1 + +# Start HoneyComb +#VERSION=$(cat /opt/config/demo_artifacts_version.txt) +mkdir -p /var/lib/honeycomb/persist/{config,context}/ +echo "" > /var/lib/honeycomb/persist/context/data.json +echo "" > /var/lib/honeycomb/persist/config/data.json +#/opt/honeycomb/sample-distribution-$VERSION/honeycomb &>/dev/null &disown +systemctl restart honeycomb +sleep 20 + +# Enable traffic flows +cd /opt +chmod +x run_traffic_fw_demo.sh +./run_traffic_fw_demo.sh &>/dev/null &disown diff --git a/vnfs/vFW/scripts/v_packetgen_install_arm64.sh b/vnfs/vFW/scripts/v_packetgen_install_arm64.sh new file mode 100755 index 00000000..8dee6977 --- /dev/null +++ b/vnfs/vFW/scripts/v_packetgen_install_arm64.sh @@ -0,0 +1,89 @@ +#!/bin/bash +set -x + +NEXUS_ARTIFACT_REPO=$(cat /opt/config/nexus_artifact_repo.txt) +DEMO_ARTIFACTS_VERSION=$(cat /opt/config/demo_artifacts_version.txt) +if [[ "$DEMO_ARTIFACTS_VERSION" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi +INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) +CLOUD_ENV=$(cat /opt/config/cloud_env.txt) + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# OpenStack network configuration +if [[ $CLOUD_ENV == "openstack" ]] +then + echo 127.0.0.1 $(hostname) >> /etc/hosts + + # Allow remote login as root + mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk + cp /home/ubuntu/.ssh/authorized_keys /root/.ssh + + MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + + IP=$(cat /opt/config/vpg_private_ip_0.txt) + BITS=$(cat /opt/config/unprotected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp1s0" >> /etc/network/interfaces + echo "iface enp1s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vpg_private_ip_1.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp2s0" >> /etc/network/interfaces + echo "iface enp2s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + ifup enp1s0 + ifup enp2s0 +fi + +# Download required dependencies +echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +apt-get update +apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk gcc libcurl4-openssl-dev python-pip bridge-utils apt-transport-https ca-certificates +pip install jsonschema + +# Download code for packet generator +mkdir /opt/honeycomb +cd /opt + +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip v_packetgen_init_arm64.sh > /opt/v_packetgen_init.sh +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip vpacketgen.sh > /opt/vpacketgen.sh +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip run_traffic_fw_demo.sh > /opt/run_traffic_fw_demo.sh +wget -O sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf&a=sample-distribution&c=hc&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" +wget -O vfw_pg_streams-$DEMO_ARTIFACTS_VERSION-demo.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw_pg_streams&c=demo&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" + +tar -zmxvf sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz +tar -zmxvf vfw_pg_streams-$DEMO_ARTIFACTS_VERSION-demo.tar.gz +mv vfw_pg_streams-$DEMO_ARTIFACTS_VERSION pg_streams +mv sample-distribution-$DEMO_ARTIFACTS_VERSION honeycomb +sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' honeycomb/sample-distribution-$DEMO_ARTIFACTS_VERSION/config/honeycomb.json +rm *.tar.gz +chmod +x v_packetgen_init.sh +chmod +x vpacketgen.sh + +# Install VPP +rm /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] http://linux.enea.com/apt-mk/xenial nightly extra" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/queens/main ./" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +apt-get update +apt-get -o Dpkg::Options::="--force-overwrite" install -y vpp vpp-lib vpp-dbg vpp-plugins vpp-dev dpdk dpdk-dev dpdk-igb-uio-dkms dpdk-rte-kni-dkms honeycomb +sleep 1 + +# Run instantiation script +cd /opt +mv vpacketgen.sh /etc/init.d +update-rc.d vpacketgen.sh defaults +./v_packetgen_init.sh diff --git a/vnfs/vFW/scripts/v_sink_install_arm64.sh b/vnfs/vFW/scripts/v_sink_install_arm64.sh new file mode 100755 index 00000000..73f6ee53 --- /dev/null +++ b/vnfs/vFW/scripts/v_sink_install_arm64.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) +CLOUD_ENV=$(cat /opt/config/cloud_env.txt) + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# OpenStack network configuration +if [[ $CLOUD_ENV == "openstack" ]] +then + echo 127.0.0.1 $(hostname) >> /etc/hosts + + # Allow remote login as root + mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk + cp /home/ubuntu/.ssh/authorized_keys /root/.ssh + + MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + + IP=$(cat /opt/config/vsn_private_ip_0.txt) + BITS=$(cat /opt/config/protected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp2s0" >> /etc/network/interfaces + echo "iface enp2s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vsn_private_ip_1.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp3s0" >> /etc/network/interfaces + echo "iface enp3s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + ifup enp2s0 + ifup enp3s0 +fi + +# Download required dependencies +echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +apt-get update +apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk apt-transport-https ca-certificates darkstat + +# Configure and run Darkstat +sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g" /etc/darkstat/init.cfg +sed -i "s/INTERFACE=.*/INTERFACE=\"-i enp2s0\"/g" /etc/darkstat/init.cfg +/etc/init.d/darkstat start + +# Download scripts for virtual sink +cd /opt +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip v_sink_init.sh > /opt/v_sink_init.sh +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip vsink.sh > /opt/vsink.sh +chmod +x v_sink_init.sh +chmod +x vsink.sh + +# Run instantiation script +mv vsink.sh /etc/init.d +update-rc.d vsink.sh defaults +./v_sink_init.sh |