summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVictor Morales <victor.morales@intel.com>2019-02-28 15:16:56 -0800
committerVictor Morales <victor.morales@intel.com>2019-02-28 15:19:18 -0800
commit9810b36a838c0db85b820d457b44c69bafcca6a0 (patch)
treed4764fe8cc904d4fd6fa8f5ef29b79404f76bb11
parent3fca6268234bd6d1ce749e8393e39cfd4a365003 (diff)
Add cFW scripts folder
The Dockerfiles that are used for building the Docker images during the testing the Hybrid Firewall ONAP use case are hosted in an external repo. This change includes the latest working version for those scripts. Change-Id: I92c10c3161820ac09a94ff997c6bc39617278965 Signed-off-by: Victor Morales <victor.morales@intel.com> Issue-ID: MULTICLOUD-301
-rw-r--r--vagrant/tests/cFW/README.md10
-rw-r--r--vagrant/tests/cFW/Vagrantfile33
-rw-r--r--vagrant/tests/cFW/darkstat/Dockerfile14
-rw-r--r--vagrant/tests/cFW/docker-compose.yml38
-rw-r--r--vagrant/tests/cFW/firewall/Dockerfile49
-rw-r--r--vagrant/tests/cFW/packetgen/Dockerfile44
-rwxr-xr-xvagrant/tests/cFW/postinstall.sh83
-rw-r--r--vagrant/tests/cFW/sink/Dockerfile34
-rw-r--r--vagrant/tests/cFW/vpp/80-vpp.conf15
-rw-r--r--vagrant/tests/cFW/vpp/Dockerfile17
10 files changed, 337 insertions, 0 deletions
diff --git a/vagrant/tests/cFW/README.md b/vagrant/tests/cFW/README.md
new file mode 100644
index 00000000..c6ac9e20
--- /dev/null
+++ b/vagrant/tests/cFW/README.md
@@ -0,0 +1,10 @@
+# Cloud-Native Firewall Virtual Network Function
+
+[CNF][1] version of the ONAP vFirewall use case.
+
+## License
+
+Apache-2.0
+
+[1]: https://github.com/ligato/cn-infra/blob/master/docs/readmes/cn_virtual_function.md
+[2]: https://github.com/electrocucaracha/vFW-demo
diff --git a/vagrant/tests/cFW/Vagrantfile b/vagrant/tests/cFW/Vagrantfile
new file mode 100644
index 00000000..d02e7d01
--- /dev/null
+++ b/vagrant/tests/cFW/Vagrantfile
@@ -0,0 +1,33 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+ config.vm.box = "elastic/ubuntu-16.04-x86_64"
+ config.vm.hostname = "demo"
+ config.vm.provision 'shell', path: 'postinstall.sh'
+ config.vm.network :private_network, :ip => "192.168.10.5", :type => :static # unprotected_private_net_cidr
+ config.vm.network :private_network, :ip => "192.168.20.5", :type => :static # protected_private_net_cidr
+ config.vm.network :private_network, :ip => "10.10.12.5", :type => :static, :netmask => "16" # onap_private_net_cidr
+
+ if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil
+ if not Vagrant.has_plugin?('vagrant-proxyconf')
+ system 'vagrant plugin install vagrant-proxyconf'
+ raise 'vagrant-proxyconf was installed but it requires to execute again'
+ end
+ config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || ""
+ config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || ""
+ config.proxy.no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost"
+ config.proxy.enabled = { docker: false }
+ end
+
+ config.vm.provider 'virtualbox' do |v|
+ v.customize ["modifyvm", :id, "--memory", 8192]
+ v.customize ["modifyvm", :id, "--cpus", 2]
+ end
+ config.vm.provider 'libvirt' do |v|
+ v.memory = 8192
+ v.cpus = 2
+ v.nested = true
+ v.cpu_mode = 'host-passthrough'
+ end
+end
diff --git a/vagrant/tests/cFW/darkstat/Dockerfile b/vagrant/tests/cFW/darkstat/Dockerfile
new file mode 100644
index 00000000..d3a46b9c
--- /dev/null
+++ b/vagrant/tests/cFW/darkstat/Dockerfile
@@ -0,0 +1,14 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+RUN apt-get update && apt-get install -y -qq darkstat
+
+EXPOSE 667
+
+CMD ["/usr/sbin/darkstat", "-i", "eth1", "--no-daemon"]
diff --git a/vagrant/tests/cFW/docker-compose.yml b/vagrant/tests/cFW/docker-compose.yml
new file mode 100644
index 00000000..6d883fbd
--- /dev/null
+++ b/vagrant/tests/cFW/docker-compose.yml
@@ -0,0 +1,38 @@
+version: '3'
+
+services:
+ packetgen:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/packetgen
+ build:
+ context: ./packetgen
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ firewall:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/firewall
+ build:
+ context: ./firewall
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ sink:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/sink
+ build:
+ context: ./sink
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ darkstat:
+ network_mode: "host"
+ image: electrocucaracha/darkstat
+ build:
+ context: ./darkstat
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
diff --git a/vagrant/tests/cFW/firewall/Dockerfile b/vagrant/tests/cFW/firewall/Dockerfile
new file mode 100644
index 00000000..7d3e6ede
--- /dev/null
+++ b/vagrant/tests/cFW/firewall/Dockerfile
@@ -0,0 +1,49 @@
+FROM electrocucaracha/vpp
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+
+RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
+ bsdmainutils make gcc libcurl4-gnutls-dev
+
+WORKDIR /opt
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \
+ && chmod +x v_firewall_init.sh \
+ && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh
+
+RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
+ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && mv sample-distribution-${demo_artifacts_version} honeycomb \
+ && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+
+RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \
+ && rm ves-${demo_artifacts_version}-demo.tar.gz \
+ && mv ves-${demo_artifacts_version} VES
+
+RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \
+ && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \
+ && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \
+ && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \
+ && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd -
+
+RUN mkdir -p /opt/config/ \
+ && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+
+CMD ["./v_firewall_init.sh"]
diff --git a/vagrant/tests/cFW/packetgen/Dockerfile b/vagrant/tests/cFW/packetgen/Dockerfile
new file mode 100644
index 00000000..cb1da555
--- /dev/null
+++ b/vagrant/tests/cFW/packetgen/Dockerfile
@@ -0,0 +1,44 @@
+FROM electrocucaracha/vpp
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+
+RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
+ bsdmainutils
+
+WORKDIR /opt
+EXPOSE 8183
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_packetgen_init.sh" \
+ && wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/run_traffic_fw_demo.sh" \
+ && chmod +x *.sh \
+ && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g;s|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh
+
+RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
+ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && mv sample-distribution-${demo_artifacts_version} honeycomb \
+ && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+
+RUN wget "${repo_url}/vfw/vfw_pg_streams/${demo_artifacts_version}/vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \
+ && rm vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \
+ && mv vfw_pg_streams-${demo_artifacts_version} pg_streams
+
+RUN mkdir -p /opt/config/ \
+ && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+
+CMD ["./v_packetgen_init.sh"]
diff --git a/vagrant/tests/cFW/postinstall.sh b/vagrant/tests/cFW/postinstall.sh
new file mode 100755
index 00000000..5a1d5043
--- /dev/null
+++ b/vagrant/tests/cFW/postinstall.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+
+# install_docker() - Download and install docker-engine
+function install_docker {
+ local max_concurrent_downloads=${1:-3}
+
+ if $(docker version &>/dev/null); then
+ return
+ fi
+ apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+ apt-get update
+ apt-get install -y docker-ce
+
+ mkdir -p /etc/systemd/system/docker.service.d
+ if [ $http_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/http-proxy.conf
+[Service]
+Environment="HTTP_PROXY=$http_proxy"
+EOL
+ fi
+ if [ $https_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/https-proxy.conf
+[Service]
+Environment="HTTPS_PROXY=$https_proxy"
+EOL
+ fi
+ if [ $no_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/no-proxy.conf
+[Service]
+Environment="NO_PROXY=$no_proxy"
+EOL
+ fi
+ systemctl daemon-reload
+ echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker
+ usermod -aG docker $USER
+
+ systemctl restart docker
+ sleep 10
+}
+
+# install_docker_compose() - Installs docker compose python module
+function install_docker_compose {
+ if ! which pip; then
+ curl -sL https://bootstrap.pypa.io/get-pip.py | python
+ fi
+ pip install --upgrade pip
+ pip install docker-compose
+}
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+install_docker
+install_docker_compose
+
+cd /vagrant
+# build vpp docker image
+BUILD_ARGS="--no-cache"
+if [ $HTTP_PROXY ]; then
+ BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}"
+fi
+if [ $HTTPS_PROXY ]; then
+ BUILD_ARGS+=" --build-arg HTTPS_PROXY=${HTTPS_PROXY}"
+fi
+pushd vpp
+docker build ${BUILD_ARGS} -t electrocucaracha/vpp:latest .
+popd
+
+docker-compose up -d
diff --git a/vagrant/tests/cFW/sink/Dockerfile b/vagrant/tests/cFW/sink/Dockerfile
new file mode 100644
index 00000000..6b43ba61
--- /dev/null
+++ b/vagrant/tests/cFW/sink/Dockerfile
@@ -0,0 +1,34 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+ENV protected_net_gw "192.168.20.100"
+ENV unprotected_net "192.168.10.0/24"
+
+RUN apt-get update && apt-get install -y -qq wget net-tools
+
+WORKDIR /opt
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_sink_init.sh" \
+ && chmod +x v_sink_init.sh
+
+RUN mkdir -p config/ \
+ && echo $protected_net_cidr > config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > config/demo_artifacts_version.txt \
+ && echo $protected_net_gw > config/protected_net_gw.txt \
+ && echo $unprotected_net > config/unprotected_net.txt
+
+# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100
+# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists
+CMD ["./v_sink_init.sh"]
diff --git a/vagrant/tests/cFW/vpp/80-vpp.conf b/vagrant/tests/cFW/vpp/80-vpp.conf
new file mode 100644
index 00000000..8fdf184c
--- /dev/null
+++ b/vagrant/tests/cFW/vpp/80-vpp.conf
@@ -0,0 +1,15 @@
+# Number of 2MB hugepages desired
+vm.nr_hugepages=1024
+
+# Must be greater than or equal to (2 * vm.nr_hugepages).
+vm.max_map_count=3096
+
+# All groups allowed to access hugepages
+vm.hugetlb_shm_group=0
+
+# Shared Memory Max must be greator or equal to the total size of hugepages.
+# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024
+# If the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax)
+# is greater than the calculated TotalHugepageSize then set this parameter
+# to current shmmax value.
+kernel.shmmax=2147483648
diff --git a/vagrant/tests/cFW/vpp/Dockerfile b/vagrant/tests/cFW/vpp/Dockerfile
new file mode 100644
index 00000000..63b08b01
--- /dev/null
+++ b/vagrant/tests/cFW/vpp/Dockerfile
@@ -0,0 +1,17 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+RUN apt-get update && apt-get install -y -qq apt-transport-https \
+ && echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1609.ubuntu.xenial.main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list \
+ && apt-get update \
+ && apt-get install -y -qq vpp vpp-lib vpp-plugins
+
+COPY 80-vpp.conf /etc/sysctl.d/80-vpp.conf
+
+CMD ["/usr/bin/vpp", "-c", "/etc/vpp/startup.conf"]