diff options
24 files changed, 800 insertions, 2 deletions
diff --git a/heat/vIPsec/vIPsec/base_vipsec.yaml b/heat/vIPsec/vIPsec/base_vipsec.yaml index 993612e3..6d401415 100644 --- a/heat/vIPsec/vIPsec/base_vipsec.yaml +++ b/heat/vIPsec/vIPsec/base_vipsec.yaml @@ -688,14 +688,14 @@ resources: # Create configuration files mkdir /opt/config - echo "__ipsec_ipaddr__" > /opt/config/fw_ipaddr.txt + echo "__ipsec_ipaddr__" > /opt/config/vipsec_ipaddr.txt echo "__protected_clientB_net_cidr__" > /opt/config/protected_clientB_net_cidr.txt echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt echo "__install_script_version__" > /opt/config/install_script_version.txt echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt - echo "__protected_clientB_private_net_cidr__" > /opt/config/protected_clientA_net_cidr.txt + echo "__protected_clientA__net_cidr__" > /opt/config/protected_clientA_net_cidr.txt echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt echo "__cloud_env__" > /opt/config/cloud_env.txt echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt diff --git a/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a b/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a Binary files differindex 0e17b9f8..a3783eef 100755 --- a/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a +++ b/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a diff --git a/vnfs/vIPSEC/pg_streams/dep.xml b/vnfs/vIPSEC/pg_streams/dep.xml new file mode 100644 index 00000000..5355773f --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/dep.xml @@ -0,0 +1,17 @@ +<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd"> + <id>demo</id> + <formats> + <format>tar.gz</format> + </formats> + <fileSets> + <fileSet> + <directory>.</directory> + <outputDirectory>/</outputDirectory> + <includes> + <include>stream*</include> + </includes> + </fileSet> + </fileSets> +</assembly> diff --git a/vnfs/vIPSEC/pg_streams/pom.xml b/vnfs/vIPSEC/pg_streams/pom.xml new file mode 100644 index 00000000..724e44a7 --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/pom.xml @@ -0,0 +1,83 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- + ============LICENSE_START========================================== + =================================================================== + Copyright © 2019 Intel Intellectual Property. All rights reserved. + =================================================================== + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END============================================ +--> + +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + + <parent> + <groupId>org.onap.demo.vnf</groupId> + <artifactId>demo-aggregator</artifactId> + <version>1.4.0-SNAPSHOT</version> + <relativePath>../../../pom.xml</relativePath> + </parent> + + <modelVersion>4.0.0</modelVersion> + <groupId>org.onap.demo.vnf.vipsec</groupId> + <artifactId>vipsec_pg_streams</artifactId> + + <build> + <plugins> + + <plugin> + <artifactId>maven-jar-plugin</artifactId> + <version>2.3.2</version> + <executions> + <execution> + <id>default-jar</id> + <phase>never</phase> + </execution> + </executions> + </plugin> + + <plugin> + <artifactId>maven-assembly-plugin</artifactId> + <version>2.5.3</version> + <configuration> + <descriptor>dep.xml</descriptor> + </configuration> + <executions> + <execution> + <id>create-archive</id> + <phase>package</phase> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> + + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>exec-maven-plugin</artifactId> + <executions> + <execution> + <phase>none</phase> + </execution> + </executions> + <configuration> + <skip>true</skip> + </configuration> + </plugin> + + </plugins> + </build> + +</project> diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp1 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp1 new file mode 100644 index 00000000..da1cce06 --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp1 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp1 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp10 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp10 new file mode 100644 index 00000000..fd0847a1 --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp10 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp10 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp2 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp2 new file mode 100644 index 00000000..c6c80369 --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp2 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp2 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp3 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp3 new file mode 100644 index 00000000..c7c5bd4f --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp3 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp3 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp4 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp4 new file mode 100644 index 00000000..4fc03372 --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp4 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp4 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp5 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp5 new file mode 100644 index 00000000..cdd8d8ea --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp5 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp5 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp6 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp6 new file mode 100644 index 00000000..731a0df2 --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp6 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp6 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp7 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp7 new file mode 100644 index 00000000..7afb478e --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp7 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp7 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp8 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp8 new file mode 100644 index 00000000..feaa5d45 --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp8 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp8 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp9 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp9 new file mode 100644 index 00000000..8f8bd742 --- /dev/null +++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp9 @@ -0,0 +1,12 @@ +packet-generator new { + name ipsec_udp9 + rate 10 + node ip4-input + size 64-64 + no-recycle + data { + UDP: 192.168.10.31 -> 192.168.20.32 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} diff --git a/vnfs/vIPSEC/scripts/assembly.xml b/vnfs/vIPSEC/scripts/assembly.xml new file mode 100644 index 00000000..cbdb5680 --- /dev/null +++ b/vnfs/vIPSEC/scripts/assembly.xml @@ -0,0 +1,23 @@ +<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd"> + <id>scripts</id> + <formats> + <format>zip</format> + </formats> + <includeBaseDirectory>false</includeBaseDirectory> + <fileSets> + <fileSet> + <directory>${basedir}</directory> + <includes> + <include>*</include> + </includes> + <excludes> + <exclude>assembly.xml</exclude> + <exclude>pom.xml</exclude> + <exclude>target</exclude> + <exclude>.*</exclude> + </excludes> + </fileSet> + </fileSets> +</assembly> diff --git a/vnfs/vIPSEC/scripts/pom.xml b/vnfs/vIPSEC/scripts/pom.xml new file mode 100644 index 00000000..4c0e9e15 --- /dev/null +++ b/vnfs/vIPSEC/scripts/pom.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- + ============LICENSE_START========================================== + =================================================================== + Copyright © 2019 Intel Intellectual Property. All rights reserved. + =================================================================== + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END============================================ +--> + +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + + <parent> + <groupId>org.onap.demo.vnf</groupId> + <artifactId>demo-aggregator</artifactId> + <version>1.4.0-SNAPSHOT</version> + <relativePath>../../../pom.xml</relativePath> + </parent> + + <modelVersion>4.0.0</modelVersion> + <groupId>org.onap.demo.vnf.vipsec</groupId> + <artifactId>vipsec-scripts</artifactId> + <packaging>pom</packaging> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-assembly-plugin</artifactId> + <version>3.1.0</version> + <configuration> + <descriptors> + <descriptor>assembly.xml</descriptor> + </descriptors> + <appendAssemblyId>false</appendAssemblyId> + </configuration> + <executions> + <execution> + <id>make-assembly</id> <!-- this is used for inheritance merges --> + <phase>package</phase> <!-- bind to the packaging phase --> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + +</project> diff --git a/vnfs/vIPSEC/scripts/run_traffic_ipsec_demo.sh b/vnfs/vIPSEC/scripts/run_traffic_ipsec_demo.sh new file mode 100755 index 00000000..e8f1bcf2 --- /dev/null +++ b/vnfs/vIPSEC/scripts/run_traffic_ipsec_demo.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +while [ 1 ] +do +curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"streams": {"active-streams": 10}}' http://localhost:8183/restconf/config/stream-count:stream-count/streams +sleep 300 +curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"streams": {"active-streams": 1}}' http://localhost:8183/restconf/config/stream-count:stream-count/streams +sleep 300 +done
\ No newline at end of file diff --git a/vnfs/vIPSEC/scripts/update_running_streams.sh b/vnfs/vIPSEC/scripts/update_running_streams.sh new file mode 100644 index 00000000..e21a6ba1 --- /dev/null +++ b/vnfs/vIPSEC/scripts/update_running_streams.sh @@ -0,0 +1,18 @@ +#/bin/bash + +if [ ! "$#" -eq 1 ] +then + echo "Usage: ./update_running_streams.sh [number of active streams]" + exit +fi + +STREAMS=$1 +BODY="" + +for((i=1; $i<= $STREAMS; i++)); do + BODY+="{\"id\":\"ipsec_udp$i\", \"is-enabled\":\"true\"}," +done + +BODY='{"pg-streams":{"pg-stream": ['${BODY%?}']}}' + +curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d "$BODY" "http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams" diff --git a/vnfs/vIPSEC/scripts/v_packetgen_init.sh b/vnfs/vIPSEC/scripts/v_packetgen_init.sh new file mode 100755 index 00000000..324df0b6 --- /dev/null +++ b/vnfs/vIPSEC/scripts/v_packetgen_init.sh @@ -0,0 +1,87 @@ +#!/bin/bash + +# Convert Network CIDR to Netmask +mask2cidr() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + *) echo "Error: $dec is not recognized"; exit 1 + esac + done + echo "$nbits" +} + +# Start VPP +start vpp +sleep 1 + +# Configure VPP for vPacketGenerator +IPADDR1=$(ifconfig eth1 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +HWADDR1=$(ifconfig eth1 | grep HWaddr | tr -s ' ' | cut -d' ' -f5) +FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') +PROTECTED_NET_CIDR=$(cat /opt/config/protected_clientA_private_net_cidr.txt) +IPSEC_IPADDR=$(cat /opt/config/ipsec_ipaddr.txt) +SINK_IPADDR=$(cat /opt/config/sink_ipaddr.txt) + +IPADDR1_MASK=$(ifconfig eth1 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR1_CIDR=$(mask2cidr $IPADDR1_MASK) + +ifconfig eth1 down +ifconfig eth1 hw ether $FAKE_HWADDR1 +ip addr flush dev eth1 +ifconfig eth1 up +vppctl tap connect tap111 hwaddr $HWADDR1 +vppctl set int ip address tap-0 $IPADDR1"/"$IPADDR1_CIDR +vppctl set int state tap-0 up +brctl addbr br0 +brctl addif br0 tap111 +brctl addif br0 eth1 +ifconfig br0 up +vppctl ip route add $PROTECTED_NET_CIDR via $IPSEC_IPADDR +sleep 1 + +# Install packet streams +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp1 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp2 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp3 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp4 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp5 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp6 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp7 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp8 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp9 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp10 +vppctl exec /opt/pg_streams/stream_ipsec_udp1 +vppctl exec /opt/pg_streams/stream_ipsec_udp2 +vppctl exec /opt/pg_streams/stream_ipsec_udp3 +vppctl exec /opt/pg_streams/stream_ipsec_udp4 +vppctl exec /opt/pg_streams/stream_ipsec_udp5 +vppctl exec /opt/pg_streams/stream_ipsec_udp6 +vppctl exec /opt/pg_streams/stream_ipsec_udp7 +vppctl exec /opt/pg_streams/stream_ipsec_udp8 +vppctl exec /opt/pg_streams/stream_ipsec_udp9 +vppctl exec /opt/pg_streams/stream_ipsec_udp10 +sleep 1 + +# Start HoneyComb +VERSION=$(cat /opt/config/demo_artifacts_version.txt) +mkdir -p /var/lib/honeycomb/persist/{config,context}/ +echo "" > /var/lib/honeycomb/persist/context/data.json +echo "" > /var/lib/honeycomb/persist/config/data.json +/opt/honeycomb/sample-distribution-$VERSION/honeycomb &>/dev/null &disown +sleep 20 + +# Enable traffic flows +cd /opt +chmod +x run_traffic_ipsec_demo.sh +./run_traffic_ipsec_demo.sh &>/dev/null &disown diff --git a/vnfs/vIPSEC/scripts/v_packetgen_install.sh b/vnfs/vIPSEC/scripts/v_packetgen_install.sh new file mode 100755 index 00000000..1e35b768 --- /dev/null +++ b/vnfs/vIPSEC/scripts/v_packetgen_install.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +NEXUS_ARTIFACT_REPO=$(cat /opt/config/nexus_artifact_repo.txt) +DEMO_ARTIFACTS_VERSION=$(cat /opt/config/demo_artifacts_version.txt) +if [[ "$DEMO_ARTIFACTS_VERSION" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi +INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) +CLOUD_ENV=$(cat /opt/config/cloud_env.txt) + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# OpenStack network configuration +if [[ $CLOUD_ENV == "openstack" ]] +then + echo 127.0.0.1 $(hostname) >> /etc/hosts + + # Allow remote login as root + mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk + cp /home/ubuntu/.ssh/authorized_keys /root/.ssh + + MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + + IP=$(cat /opt/config/vpg_private_ip_0.txt) + BITS=$(cat /opt/config/protected_clientA_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto eth1" >> /etc/network/interfaces + echo "iface eth1 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vpg_private_ip_1.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto eth2" >> /etc/network/interfaces + echo "iface eth2 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + ifup eth1 + ifup eth2 +fi + +# Download required dependencies +echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +apt-get update +apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk gcc libcurl4-openssl-dev python-pip bridge-utils apt-transport-https ca-certificates +pip install jsonschema + +# Download code for packet generator +mkdir /opt/honeycomb +cd /opt + +unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip v_packetgen_init.sh > /opt/v_packetgen_init.sh +unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip vpacketgen.sh > /opt/vpacketgen.sh +unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip run_traffic_ipsec_demo.sh > /opt/run_traffic_ipsec_demo.sh +wget -O sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf&a=sample-distribution&c=hc&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" +wget -O vipsec_pg_streams-$DEMO_ARTIFACTS_VERSION-demo.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec_pg_streams&c=demo&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" + +tar -zmxvf sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz +tar -zmxvf vipsec_pg_streams-$DEMO_ARTIFACTS_VERSION-demo.tar.gz +mv vipsec_pg_streams-$DEMO_ARTIFACTS_VERSION pg_streams +mv sample-distribution-$DEMO_ARTIFACTS_VERSION honeycomb +sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' honeycomb/sample-distribution-$DEMO_ARTIFACTS_VERSION/config/honeycomb.json +rm *.tar.gz +chmod +x v_packetgen_init.sh +chmod +x vpacketgen.sh + +# Install VPP +export UBUNTU="trusty" +export RELEASE=".stable.1609" +rm /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io$RELEASE.ubuntu.$UBUNTU.main/ ./" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +apt-get update +apt-get install -y vpp vpp-dpdk-dkms vpp-lib vpp-dbg vpp-plugins vpp-dev +sleep 1 + +# Install honeycomb restart script (workaround due to honeycomb file handle leak) +cat > /etc/cron.hourly/honeycomb <<EOF +#!/bin/bash +VERSION=$(cat /opt/config/demo_artifacts_version.txt) +pkill java +/opt/honeycomb/sample-distribution-$VERSION/honeycomb &>/dev/null &disown +EOF +chmod +x /etc/cron.hourly/honeycomb + +# Run instantiation script +cd /opt +mv vpacketgen.sh /etc/init.d +update-rc.d vpacketgen.sh defaults +./v_packetgen_init.sh diff --git a/vnfs/vIPSEC/scripts/v_sink_init.sh b/vnfs/vIPSEC/scripts/v_sink_init.sh new file mode 100755 index 00000000..85c9073b --- /dev/null +++ b/vnfs/vIPSEC/scripts/v_sink_init.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# Set the IP address of the protected network interface of the vIPsec as a default gateway to the unprotected network +PROTECTED_NET_GW=$(cat /opt/config/protected_net_gw.txt) +PROTECTED_NET_A=$(cat /opt/config/protected_net_A.txt | cut -d'/' -f1) +BITS=$(cat /opt/config/protected_net_A.txt | cut -d"/" -f2) +NETMASK=$(cdr2mask $BITS) + +route add -net $PROTECTED_NET_A netmask $NETMASK gw $PROTECTED_NET_GW diff --git a/vnfs/vIPSEC/scripts/v_sink_install.sh b/vnfs/vIPSEC/scripts/v_sink_install.sh new file mode 100755 index 00000000..a6f18790 --- /dev/null +++ b/vnfs/vIPSEC/scripts/v_sink_install.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) +CLOUD_ENV=$(cat /opt/config/cloud_env.txt) + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# OpenStack network configuration +if [[ $CLOUD_ENV == "openstack" ]] +then + echo 127.0.0.1 $(hostname) >> /etc/hosts + + # Allow remote login as root + mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk + cp /home/ubuntu/.ssh/authorized_keys /root/.ssh + + MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + + IP=$(cat /opt/config/vsn_private_ip_0.txt) + BITS=$(cat /opt/config/protected_clientB_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto eth1" >> /etc/network/interfaces + echo "iface eth1 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vsn_private_ip_1.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto eth2" >> /etc/network/interfaces + echo "iface eth2 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + ifup eth1 + ifup eth2 +fi + +# Download required dependencies +echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +apt-get update +apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk apt-transport-https ca-certificates darkstat + +# Configure and run Darkstat +sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g" /etc/darkstat/init.cfg +sed -i "s/INTERFACE=.*/INTERFACE=\"-i eth1\"/g" /etc/darkstat/init.cfg +/etc/init.d/darkstat start + +# Download scripts for virtual sink +cd /opt +unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip v_sink_init.sh > /opt/v_sink_init.sh +unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip vsink.sh > /opt/vsink.sh +chmod +x v_sink_init.sh +chmod +x vsink.sh + +# Run instantiation script +mv vsink.sh /etc/init.d +update-rc.d vsink.sh defaults +./v_sink_init.sh diff --git a/vnfs/vIPSEC/scripts/vpacketgen.sh b/vnfs/vIPSEC/scripts/vpacketgen.sh new file mode 100755 index 00000000..38770310 --- /dev/null +++ b/vnfs/vIPSEC/scripts/vpacketgen.sh @@ -0,0 +1,98 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: packetgen +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO + +dir="/opt" +cmd="./v_packetgen_init.sh" +user="root" + +name=`basename $0` +pid_file="/var/run/$name.pid" +stdout_log="/var/log/$name.log" +stderr_log="/var/log/$name.err" + +get_pid() { + cat "$pid_file" +} + +is_running() { + [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1 +} + +case "$1" in + start) + if is_running; then + echo "Already started" + else + echo "Starting $name" + cd "$dir" + if [ -z "$user" ]; then + sudo $cmd >> "$stdout_log" 2>> "$stderr_log" & + else + sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" & + fi + echo $! > "$pid_file" + if ! is_running; then + echo "Unable to start, see $stdout_log and $stderr_log" + exit 1 + fi + fi + ;; + stop) + if is_running; then + echo -n "Stopping $name.." + kill `get_pid` + for i in {1..10} + do + if ! is_running; then + break + fi + + echo -n "." + sleep 1 + done + echo + + if is_running; then + echo "Not stopped; may still be shutting down or shutdown may have failed" + exit 1 + else + echo "Stopped" + if [ -f "$pid_file" ]; then + rm "$pid_file" + fi + fi + else + echo "Not running" + fi + ;; + restart) + $0 stop + if is_running; then + echo "Unable to stop, will not attempt to start" + exit 1 + fi + $0 start + ;; + status) + if is_running; then + echo "Running" + else + echo "Stopped" + exit 1 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/vnfs/vIPSEC/scripts/vsink.sh b/vnfs/vIPSEC/scripts/vsink.sh new file mode 100755 index 00000000..047f1df8 --- /dev/null +++ b/vnfs/vIPSEC/scripts/vsink.sh @@ -0,0 +1,98 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: sink +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO + +dir="/opt" +cmd="./v_sink_init.sh" +user="root" + +name=`basename $0` +pid_file="/var/run/$name.pid" +stdout_log="/var/log/$name.log" +stderr_log="/var/log/$name.err" + +get_pid() { + cat "$pid_file" +} + +is_running() { + [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1 +} + +case "$1" in + start) + if is_running; then + echo "Already started" + else + echo "Starting $name" + cd "$dir" + if [ -z "$user" ]; then + sudo $cmd >> "$stdout_log" 2>> "$stderr_log" & + else + sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" & + fi + echo $! > "$pid_file" + if ! is_running; then + echo "Unable to start, see $stdout_log and $stderr_log" + exit 1 + fi + fi + ;; + stop) + if is_running; then + echo -n "Stopping $name.." + kill `get_pid` + for i in {1..10} + do + if ! is_running; then + break + fi + + echo -n "." + sleep 1 + done + echo + + if is_running; then + echo "Not stopped; may still be shutting down or shutdown may have failed" + exit 1 + else + echo "Stopped" + if [ -f "$pid_file" ]; then + rm "$pid_file" + fi + fi + else + echo "Not running" + fi + ;; + restart) + $0 stop + if is_running; then + echo "Unable to stop, will not attempt to start" + exit 1 + fi + $0 start + ;; + status) + if is_running; then + echo "Running" + else + echo "Stopped" + exit 1 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + +exit 0 |