summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVictor Morales <victor.morales@intel.com>2019-02-06 13:12:43 -0800
committerVictor Morales <victor.morales@intel.com>2019-02-06 13:12:43 -0800
commite711aa83716d2dcca5c0129602e9dc500b281e4b (patch)
treec721d96417fb6c7e7c6b8283e9488e13a3abdf4a
parentd53b95760be6a17d5b14de550eb638f4a1c095d5 (diff)
Add vFW scripts folder
The bash scripts that are used for testing the Firewall ONAP use case are hosted in an external repo. This change includes the latest working version for those scripts. Change-Id: Ic2d371a3e715d867cb4e61e0ad13da812edeea45 Signed-off-by: Victor Morales <victor.morales@intel.com> Issue-ID: MULTICLOUD-301
-rw-r--r--vagrant/tests/vFW/README.md50
-rw-r--r--vagrant/tests/vFW/Vagrantfile66
-rw-r--r--vagrant/tests/vFW/diagram.pngbin0 -> 246934 bytes
-rwxr-xr-xvagrant/tests/vFW/firewall96
-rwxr-xr-xvagrant/tests/vFW/packetgen83
-rwxr-xr-xvagrant/tests/vFW/sink48
6 files changed, 343 insertions, 0 deletions
diff --git a/vagrant/tests/vFW/README.md b/vagrant/tests/vFW/README.md
new file mode 100644
index 00000000..f54a555f
--- /dev/null
+++ b/vagrant/tests/vFW/README.md
@@ -0,0 +1,50 @@
+# vFirewall ONAP Use Case
+
+This use case is composed of three virtual functions (VFs) running in
+separate Ubuntu Virtual Machines:
+
+ * [Packet generator][1]: Sends packets to the packet sink through the
+firewall. This includes a script that periodically generates different
+volumes of traffic.
+ * [Firewall][2]: Reports the volume of traffic passing though to the
+ONAP DCAE collector.
+ * [Traffic sink][3]: Displays the traffic volume that lands at the sink
+VM using the link http://192.168.20.250:667 through your browser
+and enable automatic page refresh by clicking the "Off" button. You
+can see the traffic volume in the charts.
+
+![Diagram](diagram.png)
+
+## Adjust packet generator:
+
+The packet generator contains 10 streams: fw\_udp1, fw\_udp2,
+fw\_udp3, . . . , fw\_udp10. Each stream generates 100 packets every
+10 seconds. The */opt/run\_traffic\_fw\_demo.sh* script on the packet
+generator VM starts automatically and alternates high traffic (i.e.
+10 active streams at the same time) and low traffic (1 active stream)
+every 5 minutes.
+
+To enable a stream, include `{"id":"fw_udp1", "is-enabled":"true"}`
+in the *pg-stream* bracket.
+
+To adjust the traffic volume produced by the packet generator, run the
+following command in a shell:
+
+```
+ curl -X PUT \
+ -H "Authorization: Basic YWRtaW46YWRtaW4=" \
+ -H "Content-Type: application/json" \
+ -H "Cache-Control: no-cache" \
+ -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"}]}}' \
+ "http://192.168.10.200:8183/restconf/config/sample-plugin:sample-plugin/pg-streams"
+```
+
+The command above enables 5 streams.
+
+## License
+
+Apache-2.0
+
+[1]: packetgen
+[2]: firewall
+[3]: sink
diff --git a/vagrant/tests/vFW/Vagrantfile b/vagrant/tests/vFW/Vagrantfile
new file mode 100644
index 00000000..cabe6504
--- /dev/null
+++ b/vagrant/tests/vFW/Vagrantfile
@@ -0,0 +1,66 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+vars = {
+ "demo_artifacts_version" => "1.3.0",
+ 'vfw_private_ip_0' => '192.168.10.100',
+ 'vfw_private_ip_1' => '192.168.20.100',
+ 'vfw_private_ip_2' => '10.10.100.2',
+ 'vpg_private_ip_0' => '192.168.10.200',
+ 'vpg_private_ip_1' => '10.0.100.3',
+ 'vsn_private_ip_0' => '192.168.20.250',
+ 'vsn_private_ip_1' => '10.10.100.4',
+ 'dcae_collector_ip' => '10.0.4.1',
+ 'dcae_collector_port' => '8081',
+ 'protected_net_gw' => '192.168.20.100',
+ 'protected_net_cidr' => '192.168.20.0/24',
+ 'protected_private_net_cidr' => '192.168.10.0/24',
+ 'onap_private_net_cidr' => '10.10.0.0/16'
+}
+
+if ENV['no_proxy'] != nil or ENV['NO_PROXY']
+ $no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost"
+ $subnet = "192.168.121"
+ # NOTE: This range is based on vagrant-libivirt network definition
+ (1..27).each do |i|
+ $no_proxy += ",#{$subnet}.#{i}"
+ end
+end
+
+Vagrant.configure("2") do |config|
+ config.vm.box = "elastic/ubuntu-16.04-x86_64"
+
+ if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil
+ if not Vagrant.has_plugin?('vagrant-proxyconf')
+ system 'vagrant plugin install vagrant-proxyconf'
+ raise 'vagrant-proxyconf was installed but it requires to execute again'
+ end
+ config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || ""
+ config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || ""
+ config.proxy.no_proxy = $no_proxy
+ end
+
+ config.vm.provider 'libvirt' do |v|
+ v.cpu_mode = 'host-passthrough' # DPDK requires Supplemental Streaming SIMD Extensions 3 (SSSE3)
+ end
+
+ config.vm.define :packetgen do |packetgen|
+ packetgen.vm.hostname = "packetgen"
+ packetgen.vm.provision 'shell', path: 'packetgen', env: vars
+ packetgen.vm.network :private_network, :ip => vars['vpg_private_ip_0'], :type => :static, :netmask => "255.255.255.0" # unprotected_private_net_cidr
+ packetgen.vm.network :private_network, :ip => vars['vpg_private_ip_1'], :type => :static, :netmask => "255.255.0.0" # onap_private_net_cidr
+ end
+ config.vm.define :firewall do |firewall|
+ firewall.vm.hostname = "firewall"
+ firewall.vm.provision 'shell', path: 'firewall', env: vars
+ firewall.vm.network :private_network, :ip => vars['vfw_private_ip_0'], :type => :static, :netmask => "255.255.255.0" # unprotected_private_net_cidr
+ firewall.vm.network :private_network, :ip => vars['vfw_private_ip_1'], :type => :static, :netmask => "255.255.255.0" # protected_private_net_cidr
+ firewall.vm.network :private_network, :ip => vars['vfw_private_ip_2'], :type => :static, :netmask => "255.255.0.0" # onap_private_net_cidr
+ end
+ config.vm.define :sink do |sink|
+ sink.vm.hostname = "sink"
+ sink.vm.provision 'shell', path: 'sink', env: vars
+ sink.vm.network :private_network, :ip => vars['vsn_private_ip_0'], :type => :static, :netmask => "255.255.255.0" # protected_private_net_cidr
+ sink.vm.network :private_network, :ip => vars['vsn_private_ip_1'], :type => :static, :netmask => "255.255.0.0" # onap_private_net_cidr
+ end
+end
diff --git a/vagrant/tests/vFW/diagram.png b/vagrant/tests/vFW/diagram.png
new file mode 100644
index 00000000..4cf95f2f
--- /dev/null
+++ b/vagrant/tests/vFW/diagram.png
Binary files differ
diff --git a/vagrant/tests/vFW/firewall b/vagrant/tests/vFW/firewall
new file mode 100755
index 00000000..93d4f2a3
--- /dev/null
+++ b/vagrant/tests/vFW/firewall
@@ -0,0 +1,96 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+# install_dependencies() - Install required dependencies
+function install_dependencies {
+ apt-get update
+ apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools bsdmainutils make gcc libcurl4-gnutls-dev
+}
+
+# install_vpp() - Install VPP
+function install_vpp {
+ local RELEASE=".stable.1609"
+
+ apt-get update
+ apt-get install -y -qq apt-transport-https
+ echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io$RELEASE.ubuntu.$(lsb_release -c -s).main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list
+ apt-get update
+ apt-get install -y -qq vpp vpp-lib vpp-plugins vpp-dpdk-dkms
+}
+
+function _untar_url {
+ local repo_url="https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf/"
+ local file_subpath=$1
+
+ wget -q -O tmp_file.tar.gz "${repo_url}/${file_subpath}"
+ sha1=$(wget ${repo_url}/${file_subpath}.sha1 -q -O -)
+ if [[ $(sha1sum tmp_file.tar.gz | awk '{print $1}') != "$sha1" ]]; then
+ echo "The downloaded file is corrupted"
+ exit 1
+ fi
+ tar -zmxf tmp_file.tar.gz
+ rm tmp_file.tar.gz
+}
+
+# install_vfw_scripts() -
+function install_vfw_scripts {
+ local version=$(cat /opt/config/demo_artifacts_version.txt)
+ local ves_path=VES
+ local ves_reporting_path="${ves_path}/evel/evel-library"
+
+ pushd /opt
+ wget -q https://git.onap.org/demo/plain/vnfs/vFW/scripts/{v_firewall_init,vfirewall}.sh
+ chmod +x *.sh
+
+ _untar_url "sample-distribution/${version}/sample-distribution-${version}-hc.tar.gz"
+ mkdir -p honeycomb
+ mv sample-distribution-$version honeycomb
+
+ _untar_url "ves5/ves/${version}/ves-${version}-demo.tar.gz"
+ mv ves-$version $ves_path
+
+ _untar_url "ves5/ves_vfw_reporting/${version}/ves_vfw_reporting-${version}-demo.tar.gz"
+ mkdir -p $ves_reporting_path/code
+ mv ves_vfw_reporting-$version $ves_reporting_path/code/VESreporting
+
+ chmod +x $ves_reporting_path/code/VESreporting/go-client.sh
+ pushd $ves_reporting_path/bldjobs/
+ make clean
+ make
+ sleep 1
+ popd
+
+ # TODO(electrocucaracha) Fix it in upstream
+ sed -i 's/start vpp/systemctl start vpp/g' v_firewall_init.sh
+ mv vfirewall.sh /etc/init.d
+ update-rc.d vfirewall.sh defaults
+ systemctl start firewall
+ popd
+}
+
+mkdir -p /opt/config/
+echo "$protected_net_cidr" > /opt/config/protected_net_cidr.txt
+echo "$vfw_private_ip_0" > /opt/config/fw_ipaddr.txt
+echo "$vsn_private_ip_0" > /opt/config/sink_ipaddr.txt
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+echo "$dcae_collector_ip" > /opt/config/dcae_collector_ip.txt
+echo "$dcae_collector_port" > /opt/config/dcae_collector_port.txt
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+install_dependencies
+install_vpp
+install_vfw_scripts
diff --git a/vagrant/tests/vFW/packetgen b/vagrant/tests/vFW/packetgen
new file mode 100755
index 00000000..51d5c676
--- /dev/null
+++ b/vagrant/tests/vFW/packetgen
@@ -0,0 +1,83 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+# install_dependencies() - Install required dependencies
+function install_dependencies {
+ apt-get update
+ apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools bsdmainutils
+}
+
+# install_vpp() - Install VPP
+function install_vpp {
+ local RELEASE=".stable.1609"
+
+ apt-get update
+ apt-get install -y -qq apt-transport-https
+ echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io$RELEASE.ubuntu.$(lsb_release -c -s).main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list
+ apt-get update
+ apt-get install -y -qq vpp vpp-lib vpp-plugins vpp-dpdk-dkms
+}
+
+function _untar_url {
+ local repo_url="https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf/"
+ local file_subpath=$1
+
+ wget -q -O tmp_file.tar.gz "${repo_url}/${file_subpath}"
+ sha1=$(wget ${repo_url}/${file_subpath}.sha1 -q -O -)
+ if [[ $(sha1sum tmp_file.tar.gz | awk '{print $1}') != "$sha1" ]]; then
+ echo "The downloaded file is corrupted"
+ exit 1
+ fi
+ tar -zmxf tmp_file.tar.gz
+ rm tmp_file.tar.gz
+}
+
+# install_vfw_scripts() -
+function install_vfw_scripts {
+ local version=$(cat /opt/config/demo_artifacts_version.txt)
+
+ pushd /opt
+ wget -q https://git.onap.org/demo/plain/vnfs/vFW/scripts/{v_packetgen_init,vpacketgen,run_traffic_fw_demo}.sh
+ chmod +x *.sh
+
+ _untar_url "sample-distribution/${version}/sample-distribution-${version}-hc.tar.gz"
+ mv sample-distribution-$version honeycomb
+
+ _untar_url "vfw/vfw_pg_streams/$version/vfw_pg_streams-$version-demo.tar.gz"
+ mv vfw_pg_streams-$version pg_streams
+
+ sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+
+ # TODO(electrocucaracha) Fix it in upstream
+ sed -i 's/start vpp/systemctl start vpp/g' v_packetgen_init.sh
+ sed -i 's|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh
+ mv vpacketgen.sh /etc/init.d/
+ update-rc.d vpacketgen.sh defaults
+ systemctl start packetgen
+ popd
+}
+
+mkdir -p /opt/config/
+echo "$protected_net_cidr" > /opt/config/protected_net_cidr.txt
+echo "$vfw_private_ip_0" > /opt/config/fw_ipaddr.txt
+echo "$vsn_private_ip_0" > /opt/config/sink_ipaddr.txt
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+install_dependencies
+install_vpp
+install_vfw_scripts
diff --git a/vagrant/tests/vFW/sink b/vagrant/tests/vFW/sink
new file mode 100755
index 00000000..5604198f
--- /dev/null
+++ b/vagrant/tests/vFW/sink
@@ -0,0 +1,48 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+# install_dependencies() - Install required dependencies
+function install_dependencies {
+ apt-get update
+ apt install -y wget darkstat net-tools
+
+ # Configure and run Darkstat
+ sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g;s/INTERFACE=.*/INTERFACE=\"-i eth1\"/g" /etc/darkstat/init.cfg
+
+ systemctl restart darkstat
+}
+
+# install_vfw_scripts() -
+function install_vfw_scripts {
+ pushd /opt
+ wget -q https://git.onap.org/demo/plain/vnfs/vFW/scripts/{v_sink_init,vsink}.sh
+ chmod +x *.sh
+
+ mv vsink.sh /etc/init.d
+ update-rc.d vsink.sh defaults
+ systemctl start sink
+ popd
+}
+
+mkdir -p /opt/config/
+echo "$protected_net_cidr" > /opt/config/protected_net_cidr.txt
+echo "$vfw_private_ip_0" > /opt/config/fw_ipaddr.txt
+echo "$vsn_private_ip_0" > /opt/config/sink_ipaddr.txt
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+echo "$protected_net_gw" > /opt/config/protected_net_gw.txt
+echo "$protected_private_net_cidr" > /opt/config/unprotected_net.txt
+
+install_dependencies
+install_vfw_scripts