summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVictor Morales <victor.morales@intel.com>2018-10-15 10:25:02 -0700
committerVictor Morales <victor.morales@intel.com>2018-10-16 09:12:07 -0700
commit6942719b390a62695d6dd3efa09eadf6ec48aa7a (patch)
tree38563c2a9e27a050a6dd8a0687188a3e4482ff77
parenta4b27ed2f69b6643e5f9b6004e632f06db4d0653 (diff)
Hybrid Functional test for vFirewall
This change provides the bash instructions for running an hybrid scenario (Virtual Machine and Containers) of the ONAP vFirewall use case. Change-Id: I2bb7843118c31895d0b5fe1987cced2be29672cb Signed-off-by: Victor Morales <victor.morales@intel.com> Issue-ID: MULTICLOUD-301
-rwxr-xr-xvagrant/tests/_common.sh301
-rwxr-xr-xvagrant/tests/_functions.sh1
-rwxr-xr-xvagrant/tests/integration_vFW.sh3
-rwxr-xr-xvagrant/tests/integration_vcFW.sh46
4 files changed, 334 insertions, 17 deletions
diff --git a/vagrant/tests/_common.sh b/vagrant/tests/_common.sh
index 5635907c..21aad4d2 100755
--- a/vagrant/tests/_common.sh
+++ b/vagrant/tests/_common.sh
@@ -152,9 +152,6 @@ spec:
imagePullPolicy: IfNotPresent
tty: true
stdin: true
- resources:
- limits:
- memory: 160Mi
DEPLOYMENT
cat << DEPLOYMENT > $sink_deployment_name.yaml
@@ -185,17 +182,14 @@ spec:
imagePullPolicy: IfNotPresent
tty: true
stdin: true
- resources:
- limits:
- memory: 160Mi
DEPLOYMENT
-
popd
}
-# popule_CSAR_vms_vFW() - This function creates the content of CSAR file
-# required for vFirewal using only virtual machines
-function popule_CSAR_vms_vFW {
+# popule_CSAR_vms_containers_vFW() - This function creates the content of CSAR file
+# required for vFirewal using an hybrid combination between virtual machines and
+# cotainers
+function popule_CSAR_vms_containers_vFW {
local csar_id=$1
ssh_key=$(cat $HOME/.ssh/id_rsa.pub)
@@ -226,8 +220,10 @@ metadata:
labels:
app: vFirewall
spec:
+ type: NodePort
ports:
- port: 667
+ nodePort: 30667
selector:
app: vFirewall
SERVICE
@@ -331,6 +327,8 @@ spec:
labels:
app: vFirewall
annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
VirtletCloudInitUserData: |
ssh_pwauth: True
users:
@@ -350,6 +348,7 @@ spec:
- wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$packetgen_deployment_name | sudo -E bash
VirtletSSHKeys: |
$ssh_key
+ VirtletRootVolumeSize: 5Gi
kubernetes.v1.cni.cncf.io/networks: '[
{ "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
{ "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
@@ -371,11 +370,273 @@ spec:
imagePullPolicy: IfNotPresent
tty: true
stdin: true
+ ports:
+ - containerPort: 8183
resources:
limits:
- memory: 256Mi
+ memory: 4Gi
+DEPLOYMENT
+
+ cat << DEPLOYMENT > $firewall_deployment_name.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: $firewall_deployment_name
+ labels:
+ app: vFirewall
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: vFirewall
+ template:
+ metadata:
+ labels:
+ app: vFirewall
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ # the password is "admin"
+ passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ ssh_authorized_keys:
+ $ssh_key
+ $proxy
+ runcmd:
+ $cloud_init_proxy
+ - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$firewall_deployment_name | sudo -E bash
+ VirtletSSHKeys: |
+ $ssh_key
+ VirtletRootVolumeSize: 5Gi
+ kubernetes.v1.cni.cncf.io/networks: '[
+ { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
+ { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" },
+ { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" }
+ ]'
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: $firewall_deployment_name
+ image: $image_name
+ imagePullPolicy: IfNotPresent
+ tty: true
+ stdin: true
+ resources:
+ limits:
+ memory: 4Gi
+DEPLOYMENT
+
+ cat << DEPLOYMENT > $sink_deployment_name.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: $sink_deployment_name
+ labels:
+ app: vFirewall
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: vFirewall
+ template:
+ metadata:
+ labels:
+ app: vFirewall
+ annotations:
+ kubernetes.v1.cni.cncf.io/networks: '[
+ { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" },
+ { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
+ ]'
+ spec:
+ containers:
+ - name: $sink_deployment_name
+ image: electrocucaracha/sink
+ imagePullPolicy: IfNotPresent
+ tty: true
+ stdin: true
+ securityContext:
+ privileged: true
+ - name: darkstat
+ image: electrocucaracha/darkstat
+ imagePullPolicy: IfNotPresent
+ tty: true
+ stdin: true
+ ports:
+ - containerPort: 667
+DEPLOYMENT
+ popd
+}
+
+# popule_CSAR_vms_vFW() - This function creates the content of CSAR file
+# required for vFirewal using only virtual machines
+function popule_CSAR_vms_vFW {
+ local csar_id=$1
+ ssh_key=$(cat $HOME/.ssh/id_rsa.pub)
+
+ _checks_args $csar_id
+ pushd ${CSAR_DIR}/${csar_id}
+
+ cat << META > metadata.yaml
+resources:
+ network:
+ - unprotected-private-net-cidr-network.yaml
+ - protected-private-net-cidr-network.yaml
+ - onap-private-net-cidr-network.yaml
+ deployment:
+ - $packetgen_deployment_name.yaml
+ - $firewall_deployment_name.yaml
+ - $sink_deployment_name.yaml
+META
+
+ cat << NET > unprotected-private-net-cidr-network.yaml
+apiVersion: "kubernetes.cni.cncf.io/v1"
+kind: Network
+metadata:
+ name: unprotected-private-net-cidr
+spec:
+ config: '{
+ "name": "unprotected",
+ "type": "bridge",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "192.168.10.0/24"
+ }
+}'
+NET
+
+ cat << NET > protected-private-net-cidr-network.yaml
+apiVersion: "kubernetes.cni.cncf.io/v1"
+kind: Network
+metadata:
+ name: protected-private-net-cidr
+spec:
+ config: '{
+ "name": "protected",
+ "type": "bridge",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "192.168.20.0/24"
+ }
+}'
+NET
+
+ cat << NET > onap-private-net-cidr-network.yaml
+apiVersion: "kubernetes.cni.cncf.io/v1"
+kind: Network
+metadata:
+ name: onap-private-net-cidr
+spec:
+ config: '{
+ "name": "onap",
+ "type": "bridge",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "10.10.0.0/16"
+ }
+}'
+NET
+
+ proxy="apt:"
+ cloud_init_proxy=""
+ if [[ -n "${http_proxy+x}" ]]; then
+ proxy+="
+ http_proxy: $http_proxy"
+ cloud_init_proxy+="
+ - export http_proxy=$http_proxy"
+ fi
+ if [[ -n "${https_proxy+x}" ]]; then
+ proxy+="
+ https_proxy: $https_proxy"
+ cloud_init_proxy+="
+ - export https_proxy=$https_proxy"
+ fi
+ if [[ -n "${no_proxy+x}" ]]; then
+ cloud_init_proxy+="
+ - export no_proxy=$no_proxy"
+ fi
+
+ cat << DEPLOYMENT > $packetgen_deployment_name.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: $packetgen_deployment_name
+ labels:
+ app: vFirewall
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: vFirewall
+ template:
+ metadata:
+ labels:
+ app: vFirewall
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ # the password is "admin"
+ passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ ssh_authorized_keys:
+ $ssh_key
+ $proxy
+ runcmd:
+ $cloud_init_proxy
+ - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$packetgen_deployment_name | sudo -E bash
+ VirtletSSHKeys: |
+ $ssh_key
+ VirtletRootVolumeSize: 5Gi
+ kubernetes.v1.cni.cncf.io/networks: '[
+ { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
+ { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
+ ]'
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: $packetgen_deployment_name
+ image: $image_name
+ imagePullPolicy: IfNotPresent
+ tty: true
+ stdin: true
ports:
- containerPort: 8183
+ resources:
+ limits:
+ memory: 4Gi
DEPLOYMENT
cat << DEPLOYMENT > $firewall_deployment_name.yaml
@@ -395,6 +656,8 @@ spec:
labels:
app: vFirewall
annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
VirtletCloudInitUserData: |
ssh_pwauth: True
users:
@@ -412,6 +675,9 @@ spec:
runcmd:
$cloud_init_proxy
- wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$firewall_deployment_name | sudo -E bash
+ VirtletSSHKeys: |
+ $ssh_key
+ VirtletRootVolumeSize: 5Gi
kubernetes.v1.cni.cncf.io/networks: '[
{ "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
{ "name": "protected-private-net-cidr", "interfaceRequest": "eth2" },
@@ -436,7 +702,7 @@ spec:
stdin: true
resources:
limits:
- memory: 160Mi
+ memory: 4Gi
DEPLOYMENT
cat << DEPLOYMENT > $sink_deployment_name.yaml
@@ -456,6 +722,8 @@ spec:
labels:
app: vFirewall
annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
VirtletCloudInitUserData: |
ssh_pwauth: True
users:
@@ -475,6 +743,7 @@ spec:
- wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$sink_deployment_name | sudo -E bash
VirtletSSHKeys: |
$ssh_key
+ VirtletRootVolumeSize: 5Gi
kubernetes.v1.cni.cncf.io/networks: '[
{ "name": "protected-private-net-cidr", "interfaceRequest": "eth1" },
{ "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
@@ -496,11 +765,11 @@ spec:
imagePullPolicy: IfNotPresent
tty: true
stdin: true
- resources:
- limits:
- memory: 160Mi
ports:
- containerPort: 667
+ resources:
+ limits:
+ memory: 4Gi
DEPLOYMENT
popd
}
@@ -600,6 +869,8 @@ spec:
labels:
app: virtlet
annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-passthrough
# This tells CRI Proxy that this pod belongs to Virtlet runtime
kubernetes.io/target-runtime: virtlet.cloud
VirtletCloudInitUserData: |
diff --git a/vagrant/tests/_functions.sh b/vagrant/tests/_functions.sh
index 50473476..515bc6ec 100755
--- a/vagrant/tests/_functions.sh
+++ b/vagrant/tests/_functions.sh
@@ -29,6 +29,7 @@ function _checks_args {
function destroy_deployment {
local deployment_name=$1
+ echo "$(date +%H:%M:%S) - $deployment_name : Destroying deployment"
kubectl delete deployment $deployment_name --ignore-not-found=true --now
while kubectl get deployment $deployment_name &>/dev/null; do
echo "$(date +%H:%M:%S) - $deployment_name : Destroying deployment"
diff --git a/vagrant/tests/integration_vFW.sh b/vagrant/tests/integration_vFW.sh
index df27065a..237593f2 100755
--- a/vagrant/tests/integration_vFW.sh
+++ b/vagrant/tests/integration_vFW.sh
@@ -24,11 +24,10 @@ fi
popule_CSAR_vms_vFW $csar_id
pushd ${CSAR_DIR}/${csar_id}
-for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network sink-service sink-ingress; do
+for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network; do
kubectl apply -f $resource.yaml
done
setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name
-#kubectl port-forward deployment/$sink_deployment_name 667:667
# Test
for deployment_name in $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name; do
diff --git a/vagrant/tests/integration_vcFW.sh b/vagrant/tests/integration_vcFW.sh
new file mode 100755
index 00000000..82159b90
--- /dev/null
+++ b/vagrant/tests/integration_vcFW.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+source _common.sh
+source _functions.sh
+
+csar_id=aa443e7e-c8ba-11e8-8877-525400b164ff
+
+# Setup
+if [[ ! -f $HOME/.ssh/id_rsa.pub ]]; then
+ echo -e "\n\n\n" | ssh-keygen -t rsa -N ""
+fi
+popule_CSAR_vms_containers_vFW $csar_id
+
+pushd ${CSAR_DIR}/${csar_id}
+for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network sink-service sink-ingress; do
+ kubectl apply -f $resource.yaml
+done
+setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name
+#kubectl port-forward deployment/$sink_deployment_name 667:667
+
+# Test
+for deployment_name in $packetgen_deployment_name $firewall_deployment_name; do
+ pod_name=$(kubectl get pods | grep $deployment_name | awk '{print $1}')
+ vm=$(kubectl plugin virt virsh list | grep ".*$deployment_name" | awk '{print $2}')
+ echo "Pod name: $pod_name Virsh domain: $vm"
+ echo "ssh -i ~/.ssh/id_rsa.pub admin@$(kubectl get pods $pod_name -o jsonpath="{.status.podIP}")"
+ echo "kubectl attach -it $pod_name"
+ echo "=== Virtlet details ===="
+ echo "$(kubectl plugin virt virsh dumpxml $vm | grep VIRTLET_)\n"
+done
+popd
+
+# Teardown
+#teardown $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name