summaryrefslogtreecommitdiffstats
path: root/kud/tests/vFW
diff options
context:
space:
mode:
authorAkhila Kishore <akhila.kishore@intel.com>2019-03-06 06:34:09 -0800
committerAkhila Kishore <akhila.kishore@intel.com>2019-03-22 07:28:00 -0700
commit1fd5b3964a142be6c176dcc886d79a614c04ce70 (patch)
tree90e4c44d0c18ea51e1787627960556c6a1dcbe79 /kud/tests/vFW
parent7830bf49fbdcf1b726dc8dc3aca3638fb2195e66 (diff)
Restructuring the repo.
The idea is to restructure the existing repo create a deployment independent of Vagrant or other hosting providers. Renamed KRD to KUbernetes Deploy(Kud) including the ansible scripts Added new path to functional tests. Moved samples pdfs to sites. Minor changes to Readme. Updated aio.sh, moved sample config Corrected other nits. Updated and verified test cases. Addressed comments and changes associated with it. Updated Readme and minor change in Vagrantfile. Validated test cases again. Moved aio.sh into vagrant folder. Added new README for each hosting provider and project on the whole. Updated the installer script with relative path. Updated the name to deployment_infra, moved the cFW sripcts to tests. Updated the gitignore file. Issue-ID: MULTICLOUD-301 Change-Id: Ie48c26b12ab58b604493fba58a9c5b9f8ba10942 Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Diffstat (limited to 'kud/tests/vFW')
-rw-r--r--kud/tests/vFW/README.md50
-rw-r--r--kud/tests/vFW/Vagrantfile66
-rw-r--r--kud/tests/vFW/diagram.pngbin0 -> 246934 bytes
-rwxr-xr-xkud/tests/vFW/firewall96
-rwxr-xr-xkud/tests/vFW/packetgen83
-rwxr-xr-xkud/tests/vFW/sink48
6 files changed, 343 insertions, 0 deletions
diff --git a/kud/tests/vFW/README.md b/kud/tests/vFW/README.md
new file mode 100644
index 00000000..f54a555f
--- /dev/null
+++ b/kud/tests/vFW/README.md
@@ -0,0 +1,50 @@
+# vFirewall ONAP Use Case
+
+This use case is composed of three virtual functions (VFs) running in
+separate Ubuntu Virtual Machines:
+
+ * [Packet generator][1]: Sends packets to the packet sink through the
+firewall. This includes a script that periodically generates different
+volumes of traffic.
+ * [Firewall][2]: Reports the volume of traffic passing though to the
+ONAP DCAE collector.
+ * [Traffic sink][3]: Displays the traffic volume that lands at the sink
+VM using the link http://192.168.20.250:667 through your browser
+and enable automatic page refresh by clicking the "Off" button. You
+can see the traffic volume in the charts.
+
+![Diagram](diagram.png)
+
+## Adjust packet generator:
+
+The packet generator contains 10 streams: fw\_udp1, fw\_udp2,
+fw\_udp3, . . . , fw\_udp10. Each stream generates 100 packets every
+10 seconds. The */opt/run\_traffic\_fw\_demo.sh* script on the packet
+generator VM starts automatically and alternates high traffic (i.e.
+10 active streams at the same time) and low traffic (1 active stream)
+every 5 minutes.
+
+To enable a stream, include `{"id":"fw_udp1", "is-enabled":"true"}`
+in the *pg-stream* bracket.
+
+To adjust the traffic volume produced by the packet generator, run the
+following command in a shell:
+
+```
+ curl -X PUT \
+ -H "Authorization: Basic YWRtaW46YWRtaW4=" \
+ -H "Content-Type: application/json" \
+ -H "Cache-Control: no-cache" \
+ -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"}]}}' \
+ "http://192.168.10.200:8183/restconf/config/sample-plugin:sample-plugin/pg-streams"
+```
+
+The command above enables 5 streams.
+
+## License
+
+Apache-2.0
+
+[1]: packetgen
+[2]: firewall
+[3]: sink
diff --git a/kud/tests/vFW/Vagrantfile b/kud/tests/vFW/Vagrantfile
new file mode 100644
index 00000000..cabe6504
--- /dev/null
+++ b/kud/tests/vFW/Vagrantfile
@@ -0,0 +1,66 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+vars = {
+ "demo_artifacts_version" => "1.3.0",
+ 'vfw_private_ip_0' => '192.168.10.100',
+ 'vfw_private_ip_1' => '192.168.20.100',
+ 'vfw_private_ip_2' => '10.10.100.2',
+ 'vpg_private_ip_0' => '192.168.10.200',
+ 'vpg_private_ip_1' => '10.0.100.3',
+ 'vsn_private_ip_0' => '192.168.20.250',
+ 'vsn_private_ip_1' => '10.10.100.4',
+ 'dcae_collector_ip' => '10.0.4.1',
+ 'dcae_collector_port' => '8081',
+ 'protected_net_gw' => '192.168.20.100',
+ 'protected_net_cidr' => '192.168.20.0/24',
+ 'protected_private_net_cidr' => '192.168.10.0/24',
+ 'onap_private_net_cidr' => '10.10.0.0/16'
+}
+
+if ENV['no_proxy'] != nil or ENV['NO_PROXY']
+ $no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost"
+ $subnet = "192.168.121"
+ # NOTE: This range is based on vagrant-libivirt network definition
+ (1..27).each do |i|
+ $no_proxy += ",#{$subnet}.#{i}"
+ end
+end
+
+Vagrant.configure("2") do |config|
+ config.vm.box = "elastic/ubuntu-16.04-x86_64"
+
+ if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil
+ if not Vagrant.has_plugin?('vagrant-proxyconf')
+ system 'vagrant plugin install vagrant-proxyconf'
+ raise 'vagrant-proxyconf was installed but it requires to execute again'
+ end
+ config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || ""
+ config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || ""
+ config.proxy.no_proxy = $no_proxy
+ end
+
+ config.vm.provider 'libvirt' do |v|
+ v.cpu_mode = 'host-passthrough' # DPDK requires Supplemental Streaming SIMD Extensions 3 (SSSE3)
+ end
+
+ config.vm.define :packetgen do |packetgen|
+ packetgen.vm.hostname = "packetgen"
+ packetgen.vm.provision 'shell', path: 'packetgen', env: vars
+ packetgen.vm.network :private_network, :ip => vars['vpg_private_ip_0'], :type => :static, :netmask => "255.255.255.0" # unprotected_private_net_cidr
+ packetgen.vm.network :private_network, :ip => vars['vpg_private_ip_1'], :type => :static, :netmask => "255.255.0.0" # onap_private_net_cidr
+ end
+ config.vm.define :firewall do |firewall|
+ firewall.vm.hostname = "firewall"
+ firewall.vm.provision 'shell', path: 'firewall', env: vars
+ firewall.vm.network :private_network, :ip => vars['vfw_private_ip_0'], :type => :static, :netmask => "255.255.255.0" # unprotected_private_net_cidr
+ firewall.vm.network :private_network, :ip => vars['vfw_private_ip_1'], :type => :static, :netmask => "255.255.255.0" # protected_private_net_cidr
+ firewall.vm.network :private_network, :ip => vars['vfw_private_ip_2'], :type => :static, :netmask => "255.255.0.0" # onap_private_net_cidr
+ end
+ config.vm.define :sink do |sink|
+ sink.vm.hostname = "sink"
+ sink.vm.provision 'shell', path: 'sink', env: vars
+ sink.vm.network :private_network, :ip => vars['vsn_private_ip_0'], :type => :static, :netmask => "255.255.255.0" # protected_private_net_cidr
+ sink.vm.network :private_network, :ip => vars['vsn_private_ip_1'], :type => :static, :netmask => "255.255.0.0" # onap_private_net_cidr
+ end
+end
diff --git a/kud/tests/vFW/diagram.png b/kud/tests/vFW/diagram.png
new file mode 100644
index 00000000..4cf95f2f
--- /dev/null
+++ b/kud/tests/vFW/diagram.png
Binary files differ
diff --git a/kud/tests/vFW/firewall b/kud/tests/vFW/firewall
new file mode 100755
index 00000000..93d4f2a3
--- /dev/null
+++ b/kud/tests/vFW/firewall
@@ -0,0 +1,96 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+# install_dependencies() - Install required dependencies
+function install_dependencies {
+ apt-get update
+ apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools bsdmainutils make gcc libcurl4-gnutls-dev
+}
+
+# install_vpp() - Install VPP
+function install_vpp {
+ local RELEASE=".stable.1609"
+
+ apt-get update
+ apt-get install -y -qq apt-transport-https
+ echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io$RELEASE.ubuntu.$(lsb_release -c -s).main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list
+ apt-get update
+ apt-get install -y -qq vpp vpp-lib vpp-plugins vpp-dpdk-dkms
+}
+
+function _untar_url {
+ local repo_url="https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf/"
+ local file_subpath=$1
+
+ wget -q -O tmp_file.tar.gz "${repo_url}/${file_subpath}"
+ sha1=$(wget ${repo_url}/${file_subpath}.sha1 -q -O -)
+ if [[ $(sha1sum tmp_file.tar.gz | awk '{print $1}') != "$sha1" ]]; then
+ echo "The downloaded file is corrupted"
+ exit 1
+ fi
+ tar -zmxf tmp_file.tar.gz
+ rm tmp_file.tar.gz
+}
+
+# install_vfw_scripts() -
+function install_vfw_scripts {
+ local version=$(cat /opt/config/demo_artifacts_version.txt)
+ local ves_path=VES
+ local ves_reporting_path="${ves_path}/evel/evel-library"
+
+ pushd /opt
+ wget -q https://git.onap.org/demo/plain/vnfs/vFW/scripts/{v_firewall_init,vfirewall}.sh
+ chmod +x *.sh
+
+ _untar_url "sample-distribution/${version}/sample-distribution-${version}-hc.tar.gz"
+ mkdir -p honeycomb
+ mv sample-distribution-$version honeycomb
+
+ _untar_url "ves5/ves/${version}/ves-${version}-demo.tar.gz"
+ mv ves-$version $ves_path
+
+ _untar_url "ves5/ves_vfw_reporting/${version}/ves_vfw_reporting-${version}-demo.tar.gz"
+ mkdir -p $ves_reporting_path/code
+ mv ves_vfw_reporting-$version $ves_reporting_path/code/VESreporting
+
+ chmod +x $ves_reporting_path/code/VESreporting/go-client.sh
+ pushd $ves_reporting_path/bldjobs/
+ make clean
+ make
+ sleep 1
+ popd
+
+ # TODO(electrocucaracha) Fix it in upstream
+ sed -i 's/start vpp/systemctl start vpp/g' v_firewall_init.sh
+ mv vfirewall.sh /etc/init.d
+ update-rc.d vfirewall.sh defaults
+ systemctl start firewall
+ popd
+}
+
+mkdir -p /opt/config/
+echo "$protected_net_cidr" > /opt/config/protected_net_cidr.txt
+echo "$vfw_private_ip_0" > /opt/config/fw_ipaddr.txt
+echo "$vsn_private_ip_0" > /opt/config/sink_ipaddr.txt
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+echo "$dcae_collector_ip" > /opt/config/dcae_collector_ip.txt
+echo "$dcae_collector_port" > /opt/config/dcae_collector_port.txt
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+install_dependencies
+install_vpp
+install_vfw_scripts
diff --git a/kud/tests/vFW/packetgen b/kud/tests/vFW/packetgen
new file mode 100755
index 00000000..51d5c676
--- /dev/null
+++ b/kud/tests/vFW/packetgen
@@ -0,0 +1,83 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+# install_dependencies() - Install required dependencies
+function install_dependencies {
+ apt-get update
+ apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools bsdmainutils
+}
+
+# install_vpp() - Install VPP
+function install_vpp {
+ local RELEASE=".stable.1609"
+
+ apt-get update
+ apt-get install -y -qq apt-transport-https
+ echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io$RELEASE.ubuntu.$(lsb_release -c -s).main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list
+ apt-get update
+ apt-get install -y -qq vpp vpp-lib vpp-plugins vpp-dpdk-dkms
+}
+
+function _untar_url {
+ local repo_url="https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf/"
+ local file_subpath=$1
+
+ wget -q -O tmp_file.tar.gz "${repo_url}/${file_subpath}"
+ sha1=$(wget ${repo_url}/${file_subpath}.sha1 -q -O -)
+ if [[ $(sha1sum tmp_file.tar.gz | awk '{print $1}') != "$sha1" ]]; then
+ echo "The downloaded file is corrupted"
+ exit 1
+ fi
+ tar -zmxf tmp_file.tar.gz
+ rm tmp_file.tar.gz
+}
+
+# install_vfw_scripts() -
+function install_vfw_scripts {
+ local version=$(cat /opt/config/demo_artifacts_version.txt)
+
+ pushd /opt
+ wget -q https://git.onap.org/demo/plain/vnfs/vFW/scripts/{v_packetgen_init,vpacketgen,run_traffic_fw_demo}.sh
+ chmod +x *.sh
+
+ _untar_url "sample-distribution/${version}/sample-distribution-${version}-hc.tar.gz"
+ mv sample-distribution-$version honeycomb
+
+ _untar_url "vfw/vfw_pg_streams/$version/vfw_pg_streams-$version-demo.tar.gz"
+ mv vfw_pg_streams-$version pg_streams
+
+ sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+
+ # TODO(electrocucaracha) Fix it in upstream
+ sed -i 's/start vpp/systemctl start vpp/g' v_packetgen_init.sh
+ sed -i 's|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh
+ mv vpacketgen.sh /etc/init.d/
+ update-rc.d vpacketgen.sh defaults
+ systemctl start packetgen
+ popd
+}
+
+mkdir -p /opt/config/
+echo "$protected_net_cidr" > /opt/config/protected_net_cidr.txt
+echo "$vfw_private_ip_0" > /opt/config/fw_ipaddr.txt
+echo "$vsn_private_ip_0" > /opt/config/sink_ipaddr.txt
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+install_dependencies
+install_vpp
+install_vfw_scripts
diff --git a/kud/tests/vFW/sink b/kud/tests/vFW/sink
new file mode 100755
index 00000000..5604198f
--- /dev/null
+++ b/kud/tests/vFW/sink
@@ -0,0 +1,48 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+# install_dependencies() - Install required dependencies
+function install_dependencies {
+ apt-get update
+ apt install -y wget darkstat net-tools
+
+ # Configure and run Darkstat
+ sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g;s/INTERFACE=.*/INTERFACE=\"-i eth1\"/g" /etc/darkstat/init.cfg
+
+ systemctl restart darkstat
+}
+
+# install_vfw_scripts() -
+function install_vfw_scripts {
+ pushd /opt
+ wget -q https://git.onap.org/demo/plain/vnfs/vFW/scripts/{v_sink_init,vsink}.sh
+ chmod +x *.sh
+
+ mv vsink.sh /etc/init.d
+ update-rc.d vsink.sh defaults
+ systemctl start sink
+ popd
+}
+
+mkdir -p /opt/config/
+echo "$protected_net_cidr" > /opt/config/protected_net_cidr.txt
+echo "$vfw_private_ip_0" > /opt/config/fw_ipaddr.txt
+echo "$vsn_private_ip_0" > /opt/config/sink_ipaddr.txt
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+echo "$protected_net_gw" > /opt/config/protected_net_gw.txt
+echo "$protected_private_net_cidr" > /opt/config/unprotected_net.txt
+
+install_dependencies
+install_vfw_scripts