aboutsummaryrefslogtreecommitdiffstats
path: root/kud/tests/cFW
diff options
context:
space:
mode:
authorAkhila Kishore <akhila.kishore@intel.com>2019-03-06 06:34:09 -0800
committerAkhila Kishore <akhila.kishore@intel.com>2019-03-22 07:28:00 -0700
commit1fd5b3964a142be6c176dcc886d79a614c04ce70 (patch)
tree90e4c44d0c18ea51e1787627960556c6a1dcbe79 /kud/tests/cFW
parent7830bf49fbdcf1b726dc8dc3aca3638fb2195e66 (diff)
Restructuring the repo.
The idea is to restructure the existing repo create a deployment independent of Vagrant or other hosting providers. Renamed KRD to KUbernetes Deploy(Kud) including the ansible scripts Added new path to functional tests. Moved samples pdfs to sites. Minor changes to Readme. Updated aio.sh, moved sample config Corrected other nits. Updated and verified test cases. Addressed comments and changes associated with it. Updated Readme and minor change in Vagrantfile. Validated test cases again. Moved aio.sh into vagrant folder. Added new README for each hosting provider and project on the whole. Updated the installer script with relative path. Updated the name to deployment_infra, moved the cFW sripcts to tests. Updated the gitignore file. Issue-ID: MULTICLOUD-301 Change-Id: Ie48c26b12ab58b604493fba58a9c5b9f8ba10942 Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Diffstat (limited to 'kud/tests/cFW')
-rw-r--r--kud/tests/cFW/README.md10
-rw-r--r--kud/tests/cFW/Vagrantfile33
-rw-r--r--kud/tests/cFW/darkstat/Dockerfile14
-rw-r--r--kud/tests/cFW/docker-compose.yml38
-rw-r--r--kud/tests/cFW/firewall/Dockerfile49
-rw-r--r--kud/tests/cFW/packetgen/Dockerfile44
-rwxr-xr-xkud/tests/cFW/postinstall.sh83
-rw-r--r--kud/tests/cFW/sink/Dockerfile34
-rw-r--r--kud/tests/cFW/vpp/80-vpp.conf15
-rw-r--r--kud/tests/cFW/vpp/Dockerfile17
10 files changed, 337 insertions, 0 deletions
diff --git a/kud/tests/cFW/README.md b/kud/tests/cFW/README.md
new file mode 100644
index 00000000..c6ac9e20
--- /dev/null
+++ b/kud/tests/cFW/README.md
@@ -0,0 +1,10 @@
+# Cloud-Native Firewall Virtual Network Function
+
+[CNF][1] version of the ONAP vFirewall use case.
+
+## License
+
+Apache-2.0
+
+[1]: https://github.com/ligato/cn-infra/blob/master/docs/readmes/cn_virtual_function.md
+[2]: https://github.com/electrocucaracha/vFW-demo
diff --git a/kud/tests/cFW/Vagrantfile b/kud/tests/cFW/Vagrantfile
new file mode 100644
index 00000000..d02e7d01
--- /dev/null
+++ b/kud/tests/cFW/Vagrantfile
@@ -0,0 +1,33 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+ config.vm.box = "elastic/ubuntu-16.04-x86_64"
+ config.vm.hostname = "demo"
+ config.vm.provision 'shell', path: 'postinstall.sh'
+ config.vm.network :private_network, :ip => "192.168.10.5", :type => :static # unprotected_private_net_cidr
+ config.vm.network :private_network, :ip => "192.168.20.5", :type => :static # protected_private_net_cidr
+ config.vm.network :private_network, :ip => "10.10.12.5", :type => :static, :netmask => "16" # onap_private_net_cidr
+
+ if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil
+ if not Vagrant.has_plugin?('vagrant-proxyconf')
+ system 'vagrant plugin install vagrant-proxyconf'
+ raise 'vagrant-proxyconf was installed but it requires to execute again'
+ end
+ config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || ""
+ config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || ""
+ config.proxy.no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost"
+ config.proxy.enabled = { docker: false }
+ end
+
+ config.vm.provider 'virtualbox' do |v|
+ v.customize ["modifyvm", :id, "--memory", 8192]
+ v.customize ["modifyvm", :id, "--cpus", 2]
+ end
+ config.vm.provider 'libvirt' do |v|
+ v.memory = 8192
+ v.cpus = 2
+ v.nested = true
+ v.cpu_mode = 'host-passthrough'
+ end
+end
diff --git a/kud/tests/cFW/darkstat/Dockerfile b/kud/tests/cFW/darkstat/Dockerfile
new file mode 100644
index 00000000..d3a46b9c
--- /dev/null
+++ b/kud/tests/cFW/darkstat/Dockerfile
@@ -0,0 +1,14 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+RUN apt-get update && apt-get install -y -qq darkstat
+
+EXPOSE 667
+
+CMD ["/usr/sbin/darkstat", "-i", "eth1", "--no-daemon"]
diff --git a/kud/tests/cFW/docker-compose.yml b/kud/tests/cFW/docker-compose.yml
new file mode 100644
index 00000000..6d883fbd
--- /dev/null
+++ b/kud/tests/cFW/docker-compose.yml
@@ -0,0 +1,38 @@
+version: '3'
+
+services:
+ packetgen:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/packetgen
+ build:
+ context: ./packetgen
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ firewall:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/firewall
+ build:
+ context: ./firewall
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ sink:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/sink
+ build:
+ context: ./sink
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ darkstat:
+ network_mode: "host"
+ image: electrocucaracha/darkstat
+ build:
+ context: ./darkstat
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile
new file mode 100644
index 00000000..7d3e6ede
--- /dev/null
+++ b/kud/tests/cFW/firewall/Dockerfile
@@ -0,0 +1,49 @@
+FROM electrocucaracha/vpp
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+
+RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
+ bsdmainutils make gcc libcurl4-gnutls-dev
+
+WORKDIR /opt
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \
+ && chmod +x v_firewall_init.sh \
+ && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh
+
+RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
+ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && mv sample-distribution-${demo_artifacts_version} honeycomb \
+ && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+
+RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \
+ && rm ves-${demo_artifacts_version}-demo.tar.gz \
+ && mv ves-${demo_artifacts_version} VES
+
+RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \
+ && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \
+ && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \
+ && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \
+ && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd -
+
+RUN mkdir -p /opt/config/ \
+ && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+
+CMD ["./v_firewall_init.sh"]
diff --git a/kud/tests/cFW/packetgen/Dockerfile b/kud/tests/cFW/packetgen/Dockerfile
new file mode 100644
index 00000000..cb1da555
--- /dev/null
+++ b/kud/tests/cFW/packetgen/Dockerfile
@@ -0,0 +1,44 @@
+FROM electrocucaracha/vpp
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+
+RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
+ bsdmainutils
+
+WORKDIR /opt
+EXPOSE 8183
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_packetgen_init.sh" \
+ && wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/run_traffic_fw_demo.sh" \
+ && chmod +x *.sh \
+ && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g;s|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh
+
+RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
+ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && mv sample-distribution-${demo_artifacts_version} honeycomb \
+ && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+
+RUN wget "${repo_url}/vfw/vfw_pg_streams/${demo_artifacts_version}/vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \
+ && rm vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \
+ && mv vfw_pg_streams-${demo_artifacts_version} pg_streams
+
+RUN mkdir -p /opt/config/ \
+ && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+
+CMD ["./v_packetgen_init.sh"]
diff --git a/kud/tests/cFW/postinstall.sh b/kud/tests/cFW/postinstall.sh
new file mode 100755
index 00000000..5a1d5043
--- /dev/null
+++ b/kud/tests/cFW/postinstall.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+
+# install_docker() - Download and install docker-engine
+function install_docker {
+ local max_concurrent_downloads=${1:-3}
+
+ if $(docker version &>/dev/null); then
+ return
+ fi
+ apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+ apt-get update
+ apt-get install -y docker-ce
+
+ mkdir -p /etc/systemd/system/docker.service.d
+ if [ $http_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/http-proxy.conf
+[Service]
+Environment="HTTP_PROXY=$http_proxy"
+EOL
+ fi
+ if [ $https_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/https-proxy.conf
+[Service]
+Environment="HTTPS_PROXY=$https_proxy"
+EOL
+ fi
+ if [ $no_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/no-proxy.conf
+[Service]
+Environment="NO_PROXY=$no_proxy"
+EOL
+ fi
+ systemctl daemon-reload
+ echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker
+ usermod -aG docker $USER
+
+ systemctl restart docker
+ sleep 10
+}
+
+# install_docker_compose() - Installs docker compose python module
+function install_docker_compose {
+ if ! which pip; then
+ curl -sL https://bootstrap.pypa.io/get-pip.py | python
+ fi
+ pip install --upgrade pip
+ pip install docker-compose
+}
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+install_docker
+install_docker_compose
+
+cd /vagrant
+# build vpp docker image
+BUILD_ARGS="--no-cache"
+if [ $HTTP_PROXY ]; then
+ BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}"
+fi
+if [ $HTTPS_PROXY ]; then
+ BUILD_ARGS+=" --build-arg HTTPS_PROXY=${HTTPS_PROXY}"
+fi
+pushd vpp
+docker build ${BUILD_ARGS} -t electrocucaracha/vpp:latest .
+popd
+
+docker-compose up -d
diff --git a/kud/tests/cFW/sink/Dockerfile b/kud/tests/cFW/sink/Dockerfile
new file mode 100644
index 00000000..6b43ba61
--- /dev/null
+++ b/kud/tests/cFW/sink/Dockerfile
@@ -0,0 +1,34 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+ENV protected_net_gw "192.168.20.100"
+ENV unprotected_net "192.168.10.0/24"
+
+RUN apt-get update && apt-get install -y -qq wget net-tools
+
+WORKDIR /opt
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_sink_init.sh" \
+ && chmod +x v_sink_init.sh
+
+RUN mkdir -p config/ \
+ && echo $protected_net_cidr > config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > config/demo_artifacts_version.txt \
+ && echo $protected_net_gw > config/protected_net_gw.txt \
+ && echo $unprotected_net > config/unprotected_net.txt
+
+# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100
+# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists
+CMD ["./v_sink_init.sh"]
diff --git a/kud/tests/cFW/vpp/80-vpp.conf b/kud/tests/cFW/vpp/80-vpp.conf
new file mode 100644
index 00000000..8fdf184c
--- /dev/null
+++ b/kud/tests/cFW/vpp/80-vpp.conf
@@ -0,0 +1,15 @@
+# Number of 2MB hugepages desired
+vm.nr_hugepages=1024
+
+# Must be greater than or equal to (2 * vm.nr_hugepages).
+vm.max_map_count=3096
+
+# All groups allowed to access hugepages
+vm.hugetlb_shm_group=0
+
+# Shared Memory Max must be greator or equal to the total size of hugepages.
+# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024
+# If the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax)
+# is greater than the calculated TotalHugepageSize then set this parameter
+# to current shmmax value.
+kernel.shmmax=2147483648
diff --git a/kud/tests/cFW/vpp/Dockerfile b/kud/tests/cFW/vpp/Dockerfile
new file mode 100644
index 00000000..63b08b01
--- /dev/null
+++ b/kud/tests/cFW/vpp/Dockerfile
@@ -0,0 +1,17 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+RUN apt-get update && apt-get install -y -qq apt-transport-https \
+ && echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1609.ubuntu.xenial.main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list \
+ && apt-get update \
+ && apt-get install -y -qq vpp vpp-lib vpp-plugins
+
+COPY 80-vpp.conf /etc/sysctl.d/80-vpp.conf
+
+CMD ["/usr/bin/vpp", "-c", "/etc/vpp/startup.conf"]