diff options
author | Victor Morales <v.morales@samsung.com> | 2020-06-16 18:00:04 -0700 |
---|---|---|
committer | Victor Morales <v.morales@samsung.com> | 2020-06-17 08:15:40 -0700 |
commit | dd79554660e0f81cc8723243235e82e8769490f7 (patch) | |
tree | 3bf0c12317e8cbd59a2ad85cfbc3cfa2284b76b1 /kud/tests/cFW/firewall | |
parent | 7b860ae60bf9686b449ab2fe3f18c33944bdd71c (diff) |
Update cFW instruction set
The cFW example has been changed since 1.3.0 version. This commit
reduces the steps to setup and provision this CNF. Its main goal
is to simplify deployment process.
Issue-ID: MULTICLOUD-301
Change-Id: Id96ea4b427aff4c42ecfd43b42fa5d6970c4a6df
Signed-off-by: Victor Morales <v.morales@samsung.com>
Diffstat (limited to 'kud/tests/cFW/firewall')
-rw-r--r-- | kud/tests/cFW/firewall/Dockerfile | 48 | ||||
-rwxr-xr-x | kud/tests/cFW/firewall/init.sh | 43 |
2 files changed, 66 insertions, 25 deletions
diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile index 7d3e6ede..086f30ce 100644 --- a/kud/tests/cFW/firewall/Dockerfile +++ b/kud/tests/cFW/firewall/Dockerfile @@ -1,32 +1,22 @@ -FROM electrocucaracha/vpp +FROM ubuntu:18.04 as builder MAINTAINER Victor Morales <electrocucaracha@gmail.com> -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV demo_artifacts_version "1.6.0" ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV protected_net_cidr "192.168.20.0/24" -ENV fw_ipaddr "192.168.10.100" -ENV sink_ipaddr "192.168.20.250" -ENV demo_artifacts_version "1.3.0" - -RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ - bsdmainutils make gcc libcurl4-gnutls-dev +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + wget ca-certificates WORKDIR /opt -RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \ - && chmod +x v_firewall_init.sh \ - && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh - RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && mv sample-distribution-${demo_artifacts_version} honeycomb \ - && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json + +RUN apt-get install -y -qq --no-install-recommends \ + make gcc libc6-dev libcurl4-gnutls-dev RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \ && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \ @@ -38,12 +28,20 @@ RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_r && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \ && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \ - && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd - + && make -C /opt/VES/evel/evel-library/bldjobs/ + +FROM vpp + +COPY --from=builder /opt/honeycomb /opt/honeycomb +COPY --from=builder /opt/VES/evel/evel-library/code/VESreporting /opt/VESreporting +COPY --from=builder /opt/VES/evel/evel-library/libs/x86_64/libevel.so /usr/lib/x86_64-linux-gnu/ +COPY init.sh /opt/init.sh + +ENV DCAE_COLLECTOR_IP "" +ENV DCAE_COLLECTOR_PORT "" -RUN mkdir -p /opt/config/ \ - && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ - && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ - && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ - && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + openjdk-8-jre iproute2 libcurl4-gnutls-dev -CMD ["./v_firewall_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/firewall/init.sh b/kud/tests/cFW/firewall/init.sh new file mode 100755 index 00000000..71db2e2d --- /dev/null +++ b/kud/tests/cFW/firewall/init.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +echo 'start... vpp' +/usr/bin/vpp -c /etc/vpp/startup.conf +echo 'wait vpp be up ...' +until vppctl show ver; do + sleep 1; +done + +# Configure VPP for vFirewall +nic_protected=eth1 +nic_unprotected=eth2 +ip_protected_addr=$(ip addr show $nic_protected | grep inet | awk '{print $2}') +ip_unprotected_addr=$(ip addr show $nic_unprotected | grep inet | awk '{print $2}') + +vppctl create host-interface name "$nic_protected" +vppctl create host-interface name "$nic_unprotected" + +vppctl set int ip address "host-$nic_protected" "$ip_protected_addr" +vppctl set int ip address "host-$nic_unprotected" "$ip_unprotected_addr" + +vppctl set int state "host-$nic_protected" up +vppctl set int state "host-$nic_unprotected" up + +# Start HoneyComb +#/opt/honeycomb/honeycomb &>/dev/null &disown +/opt/honeycomb/honeycomb + +# Start VES client +#/opt/VESreporting/vpp_measurement_reporter "$DCAE_COLLECTOR_IP" "$DCAE_COLLECTOR_PORT" eth1 |