aboutsummaryrefslogtreecommitdiffstats
path: root/kud/tests/cFW/firewall
diff options
context:
space:
mode:
authorVictor Morales <v.morales@samsung.com>2020-06-16 18:00:04 -0700
committerVictor Morales <v.morales@samsung.com>2020-06-17 08:15:40 -0700
commitdd79554660e0f81cc8723243235e82e8769490f7 (patch)
tree3bf0c12317e8cbd59a2ad85cfbc3cfa2284b76b1 /kud/tests/cFW/firewall
parent7b860ae60bf9686b449ab2fe3f18c33944bdd71c (diff)
Update cFW instruction set
The cFW example has been changed since 1.3.0 version. This commit reduces the steps to setup and provision this CNF. Its main goal is to simplify deployment process. Issue-ID: MULTICLOUD-301 Change-Id: Id96ea4b427aff4c42ecfd43b42fa5d6970c4a6df Signed-off-by: Victor Morales <v.morales@samsung.com>
Diffstat (limited to 'kud/tests/cFW/firewall')
-rw-r--r--kud/tests/cFW/firewall/Dockerfile48
-rwxr-xr-xkud/tests/cFW/firewall/init.sh43
2 files changed, 66 insertions, 25 deletions
diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile
index 7d3e6ede..086f30ce 100644
--- a/kud/tests/cFW/firewall/Dockerfile
+++ b/kud/tests/cFW/firewall/Dockerfile
@@ -1,32 +1,22 @@
-FROM electrocucaracha/vpp
+FROM ubuntu:18.04 as builder
MAINTAINER Victor Morales <electrocucaracha@gmail.com>
-ARG HTTP_PROXY=${HTTP_PROXY}
-ARG HTTPS_PROXY=${HTTPS_PROXY}
-
-ENV http_proxy $HTTP_PROXY
-ENV https_proxy $HTTPS_PROXY
+ENV demo_artifacts_version "1.6.0"
ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
-ENV protected_net_cidr "192.168.20.0/24"
-ENV fw_ipaddr "192.168.10.100"
-ENV sink_ipaddr "192.168.20.250"
-ENV demo_artifacts_version "1.3.0"
-
-RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
- bsdmainutils make gcc libcurl4-gnutls-dev
+RUN apt-get update && apt-get install -y -qq --no-install-recommends \
+ wget ca-certificates
WORKDIR /opt
-RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \
- && chmod +x v_firewall_init.sh \
- && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh
-
RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
&& tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
&& rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
&& mv sample-distribution-${demo_artifacts_version} honeycomb \
- && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+ && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json
+
+RUN apt-get install -y -qq --no-install-recommends \
+ make gcc libc6-dev libcurl4-gnutls-dev
RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \
&& tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \
@@ -38,12 +28,20 @@ RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_r
&& rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \
&& mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \
&& chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \
- && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd -
+ && make -C /opt/VES/evel/evel-library/bldjobs/
+
+FROM vpp
+
+COPY --from=builder /opt/honeycomb /opt/honeycomb
+COPY --from=builder /opt/VES/evel/evel-library/code/VESreporting /opt/VESreporting
+COPY --from=builder /opt/VES/evel/evel-library/libs/x86_64/libevel.so /usr/lib/x86_64-linux-gnu/
+COPY init.sh /opt/init.sh
+
+ENV DCAE_COLLECTOR_IP ""
+ENV DCAE_COLLECTOR_PORT ""
-RUN mkdir -p /opt/config/ \
- && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
- && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
- && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
- && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+RUN apt-get update && apt-get install -y -qq --no-install-recommends \
+ openjdk-8-jre iproute2 libcurl4-gnutls-dev
-CMD ["./v_firewall_init.sh"]
+ENTRYPOINT ["/bin/bash"]
+CMD ["/opt/init.sh"]
diff --git a/kud/tests/cFW/firewall/init.sh b/kud/tests/cFW/firewall/init.sh
new file mode 100755
index 00000000..71db2e2d
--- /dev/null
+++ b/kud/tests/cFW/firewall/init.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2020
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o pipefail
+set -o xtrace
+set -o errexit
+set -o nounset
+
+echo 'start... vpp'
+/usr/bin/vpp -c /etc/vpp/startup.conf
+echo 'wait vpp be up ...'
+until vppctl show ver; do
+ sleep 1;
+done
+
+# Configure VPP for vFirewall
+nic_protected=eth1
+nic_unprotected=eth2
+ip_protected_addr=$(ip addr show $nic_protected | grep inet | awk '{print $2}')
+ip_unprotected_addr=$(ip addr show $nic_unprotected | grep inet | awk '{print $2}')
+
+vppctl create host-interface name "$nic_protected"
+vppctl create host-interface name "$nic_unprotected"
+
+vppctl set int ip address "host-$nic_protected" "$ip_protected_addr"
+vppctl set int ip address "host-$nic_unprotected" "$ip_unprotected_addr"
+
+vppctl set int state "host-$nic_protected" up
+vppctl set int state "host-$nic_unprotected" up
+
+# Start HoneyComb
+#/opt/honeycomb/honeycomb &>/dev/null &disown
+/opt/honeycomb/honeycomb
+
+# Start VES client
+#/opt/VESreporting/vpp_measurement_reporter "$DCAE_COLLECTOR_IP" "$DCAE_COLLECTOR_PORT" eth1