diff options
author | Akhila Kishore <akhila.kishore@intel.com> | 2019-03-06 06:34:09 -0800 |
---|---|---|
committer | Akhila Kishore <akhila.kishore@intel.com> | 2019-03-22 07:28:00 -0700 |
commit | 1fd5b3964a142be6c176dcc886d79a614c04ce70 (patch) | |
tree | 90e4c44d0c18ea51e1787627960556c6a1dcbe79 /kud/tests/cFW | |
parent | 7830bf49fbdcf1b726dc8dc3aca3638fb2195e66 (diff) |
Restructuring the repo.
The idea is to restructure the existing repo create a deployment
independent of Vagrant or other hosting providers.
Renamed KRD to KUbernetes Deploy(Kud) including the ansible scripts
Added new path to functional tests.
Moved samples pdfs to sites.
Minor changes to Readme.
Updated aio.sh, moved sample config
Corrected other nits. Updated and verified test cases.
Addressed comments and changes associated with it.
Updated Readme and minor change in Vagrantfile.
Validated test cases again. Moved aio.sh into vagrant folder.
Added new README for each hosting provider and project on the whole.
Updated the installer script with relative path.
Updated the name to deployment_infra, moved the cFW sripcts to tests.
Updated the gitignore file.
Issue-ID: MULTICLOUD-301
Change-Id: Ie48c26b12ab58b604493fba58a9c5b9f8ba10942
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Diffstat (limited to 'kud/tests/cFW')
-rw-r--r-- | kud/tests/cFW/README.md | 10 | ||||
-rw-r--r-- | kud/tests/cFW/Vagrantfile | 33 | ||||
-rw-r--r-- | kud/tests/cFW/darkstat/Dockerfile | 14 | ||||
-rw-r--r-- | kud/tests/cFW/docker-compose.yml | 38 | ||||
-rw-r--r-- | kud/tests/cFW/firewall/Dockerfile | 49 | ||||
-rw-r--r-- | kud/tests/cFW/packetgen/Dockerfile | 44 | ||||
-rwxr-xr-x | kud/tests/cFW/postinstall.sh | 83 | ||||
-rw-r--r-- | kud/tests/cFW/sink/Dockerfile | 34 | ||||
-rw-r--r-- | kud/tests/cFW/vpp/80-vpp.conf | 15 | ||||
-rw-r--r-- | kud/tests/cFW/vpp/Dockerfile | 17 |
10 files changed, 337 insertions, 0 deletions
diff --git a/kud/tests/cFW/README.md b/kud/tests/cFW/README.md new file mode 100644 index 00000000..c6ac9e20 --- /dev/null +++ b/kud/tests/cFW/README.md @@ -0,0 +1,10 @@ +# Cloud-Native Firewall Virtual Network Function + +[CNF][1] version of the ONAP vFirewall use case. + +## License + +Apache-2.0 + +[1]: https://github.com/ligato/cn-infra/blob/master/docs/readmes/cn_virtual_function.md +[2]: https://github.com/electrocucaracha/vFW-demo diff --git a/kud/tests/cFW/Vagrantfile b/kud/tests/cFW/Vagrantfile new file mode 100644 index 00000000..d02e7d01 --- /dev/null +++ b/kud/tests/cFW/Vagrantfile @@ -0,0 +1,33 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + config.vm.box = "elastic/ubuntu-16.04-x86_64" + config.vm.hostname = "demo" + config.vm.provision 'shell', path: 'postinstall.sh' + config.vm.network :private_network, :ip => "192.168.10.5", :type => :static # unprotected_private_net_cidr + config.vm.network :private_network, :ip => "192.168.20.5", :type => :static # protected_private_net_cidr + config.vm.network :private_network, :ip => "10.10.12.5", :type => :static, :netmask => "16" # onap_private_net_cidr + + if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil + if not Vagrant.has_plugin?('vagrant-proxyconf') + system 'vagrant plugin install vagrant-proxyconf' + raise 'vagrant-proxyconf was installed but it requires to execute again' + end + config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || "" + config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || "" + config.proxy.no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost" + config.proxy.enabled = { docker: false } + end + + config.vm.provider 'virtualbox' do |v| + v.customize ["modifyvm", :id, "--memory", 8192] + v.customize ["modifyvm", :id, "--cpus", 2] + end + config.vm.provider 'libvirt' do |v| + v.memory = 8192 + v.cpus = 2 + v.nested = true + v.cpu_mode = 'host-passthrough' + end +end diff --git a/kud/tests/cFW/darkstat/Dockerfile b/kud/tests/cFW/darkstat/Dockerfile new file mode 100644 index 00000000..d3a46b9c --- /dev/null +++ b/kud/tests/cFW/darkstat/Dockerfile @@ -0,0 +1,14 @@ +FROM ubuntu:16.04 +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY + +RUN apt-get update && apt-get install -y -qq darkstat + +EXPOSE 667 + +CMD ["/usr/sbin/darkstat", "-i", "eth1", "--no-daemon"] diff --git a/kud/tests/cFW/docker-compose.yml b/kud/tests/cFW/docker-compose.yml new file mode 100644 index 00000000..6d883fbd --- /dev/null +++ b/kud/tests/cFW/docker-compose.yml @@ -0,0 +1,38 @@ +version: '3' + +services: + packetgen: + privileged: true + network_mode: "host" + image: electrocucaracha/packetgen + build: + context: ./packetgen + args: + HTTP_PROXY: $HTTP_PROXY + HTTPS_PROXY: $HTTPS_PROXY + firewall: + privileged: true + network_mode: "host" + image: electrocucaracha/firewall + build: + context: ./firewall + args: + HTTP_PROXY: $HTTP_PROXY + HTTPS_PROXY: $HTTPS_PROXY + sink: + privileged: true + network_mode: "host" + image: electrocucaracha/sink + build: + context: ./sink + args: + HTTP_PROXY: $HTTP_PROXY + HTTPS_PROXY: $HTTPS_PROXY + darkstat: + network_mode: "host" + image: electrocucaracha/darkstat + build: + context: ./darkstat + args: + HTTP_PROXY: $HTTP_PROXY + HTTPS_PROXY: $HTTPS_PROXY diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile new file mode 100644 index 00000000..7d3e6ede --- /dev/null +++ b/kud/tests/cFW/firewall/Dockerfile @@ -0,0 +1,49 @@ +FROM electrocucaracha/vpp +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY +ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" + +ENV protected_net_cidr "192.168.20.0/24" +ENV fw_ipaddr "192.168.10.100" +ENV sink_ipaddr "192.168.20.250" +ENV demo_artifacts_version "1.3.0" + +RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ + bsdmainutils make gcc libcurl4-gnutls-dev + +WORKDIR /opt + +RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \ + && chmod +x v_firewall_init.sh \ + && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh + +RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ + && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ + && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ + && mv sample-distribution-${demo_artifacts_version} honeycomb \ + && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + +RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \ + && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \ + && rm ves-${demo_artifacts_version}-demo.tar.gz \ + && mv ves-${demo_artifacts_version} VES + +RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz" \ + && tar -zmxf ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ + && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ + && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \ + && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \ + && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd - + +RUN mkdir -p /opt/config/ \ + && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ + && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ + && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ + && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt + +CMD ["./v_firewall_init.sh"] diff --git a/kud/tests/cFW/packetgen/Dockerfile b/kud/tests/cFW/packetgen/Dockerfile new file mode 100644 index 00000000..cb1da555 --- /dev/null +++ b/kud/tests/cFW/packetgen/Dockerfile @@ -0,0 +1,44 @@ +FROM electrocucaracha/vpp +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY +ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" + +ENV protected_net_cidr "192.168.20.0/24" +ENV fw_ipaddr "192.168.10.100" +ENV sink_ipaddr "192.168.20.250" +ENV demo_artifacts_version "1.3.0" + +RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ + bsdmainutils + +WORKDIR /opt +EXPOSE 8183 + +RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_packetgen_init.sh" \ + && wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/run_traffic_fw_demo.sh" \ + && chmod +x *.sh \ + && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g;s|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh + +RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ + && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ + && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ + && mv sample-distribution-${demo_artifacts_version} honeycomb \ + && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + +RUN wget "${repo_url}/vfw/vfw_pg_streams/${demo_artifacts_version}/vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz" \ + && tar -zmxf vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \ + && rm vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \ + && mv vfw_pg_streams-${demo_artifacts_version} pg_streams + +RUN mkdir -p /opt/config/ \ + && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ + && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ + && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ + && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt + +CMD ["./v_packetgen_init.sh"] diff --git a/kud/tests/cFW/postinstall.sh b/kud/tests/cFW/postinstall.sh new file mode 100755 index 00000000..5a1d5043 --- /dev/null +++ b/kud/tests/cFW/postinstall.sh @@ -0,0 +1,83 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o nounset +set -o pipefail +set -o xtrace + +# install_docker() - Download and install docker-engine +function install_docker { + local max_concurrent_downloads=${1:-3} + + if $(docker version &>/dev/null); then + return + fi + apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + apt-get update + apt-get install -y docker-ce + + mkdir -p /etc/systemd/system/docker.service.d + if [ $http_proxy ]; then + cat <<EOL > /etc/systemd/system/docker.service.d/http-proxy.conf +[Service] +Environment="HTTP_PROXY=$http_proxy" +EOL + fi + if [ $https_proxy ]; then + cat <<EOL > /etc/systemd/system/docker.service.d/https-proxy.conf +[Service] +Environment="HTTPS_PROXY=$https_proxy" +EOL + fi + if [ $no_proxy ]; then + cat <<EOL > /etc/systemd/system/docker.service.d/no-proxy.conf +[Service] +Environment="NO_PROXY=$no_proxy" +EOL + fi + systemctl daemon-reload + echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker + usermod -aG docker $USER + + systemctl restart docker + sleep 10 +} + +# install_docker_compose() - Installs docker compose python module +function install_docker_compose { + if ! which pip; then + curl -sL https://bootstrap.pypa.io/get-pip.py | python + fi + pip install --upgrade pip + pip install docker-compose +} + +echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf +sysctl -p + +install_docker +install_docker_compose + +cd /vagrant +# build vpp docker image +BUILD_ARGS="--no-cache" +if [ $HTTP_PROXY ]; then + BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}" +fi +if [ $HTTPS_PROXY ]; then + BUILD_ARGS+=" --build-arg HTTPS_PROXY=${HTTPS_PROXY}" +fi +pushd vpp +docker build ${BUILD_ARGS} -t electrocucaracha/vpp:latest . +popd + +docker-compose up -d diff --git a/kud/tests/cFW/sink/Dockerfile b/kud/tests/cFW/sink/Dockerfile new file mode 100644 index 00000000..6b43ba61 --- /dev/null +++ b/kud/tests/cFW/sink/Dockerfile @@ -0,0 +1,34 @@ +FROM ubuntu:16.04 +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY + +ENV protected_net_cidr "192.168.20.0/24" +ENV fw_ipaddr "192.168.10.100" +ENV sink_ipaddr "192.168.20.250" +ENV demo_artifacts_version "1.3.0" +ENV protected_net_gw "192.168.20.100" +ENV unprotected_net "192.168.10.0/24" + +RUN apt-get update && apt-get install -y -qq wget net-tools + +WORKDIR /opt + +RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_sink_init.sh" \ + && chmod +x v_sink_init.sh + +RUN mkdir -p config/ \ + && echo $protected_net_cidr > config/protected_net_cidr.txt \ + && echo $fw_ipaddr > config/fw_ipaddr.txt \ + && echo $sink_ipaddr > config/sink_ipaddr.txt \ + && echo $demo_artifacts_version > config/demo_artifacts_version.txt \ + && echo $protected_net_gw > config/protected_net_gw.txt \ + && echo $unprotected_net > config/unprotected_net.txt + +# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100 +# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists +CMD ["./v_sink_init.sh"] diff --git a/kud/tests/cFW/vpp/80-vpp.conf b/kud/tests/cFW/vpp/80-vpp.conf new file mode 100644 index 00000000..8fdf184c --- /dev/null +++ b/kud/tests/cFW/vpp/80-vpp.conf @@ -0,0 +1,15 @@ +# Number of 2MB hugepages desired +vm.nr_hugepages=1024 + +# Must be greater than or equal to (2 * vm.nr_hugepages). +vm.max_map_count=3096 + +# All groups allowed to access hugepages +vm.hugetlb_shm_group=0 + +# Shared Memory Max must be greator or equal to the total size of hugepages. +# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024 +# If the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax) +# is greater than the calculated TotalHugepageSize then set this parameter +# to current shmmax value. +kernel.shmmax=2147483648 diff --git a/kud/tests/cFW/vpp/Dockerfile b/kud/tests/cFW/vpp/Dockerfile new file mode 100644 index 00000000..63b08b01 --- /dev/null +++ b/kud/tests/cFW/vpp/Dockerfile @@ -0,0 +1,17 @@ +FROM ubuntu:16.04 +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY + +RUN apt-get update && apt-get install -y -qq apt-transport-https \ + && echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1609.ubuntu.xenial.main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list \ + && apt-get update \ + && apt-get install -y -qq vpp vpp-lib vpp-plugins + +COPY 80-vpp.conf /etc/sysctl.d/80-vpp.conf + +CMD ["/usr/bin/vpp", "-c", "/etc/vpp/startup.conf"] |