diff options
author | Bin Yang <bin.yang@windriver.com> | 2020-02-23 20:18:41 +0800 |
---|---|---|
committer | Bin Yang <bin.yang@windriver.com> | 2020-02-23 23:52:21 +0800 |
commit | 6547e45fd9f60437811ef35b9d101cdaef494542 (patch) | |
tree | 593f7a67769e9b5806a7bd7174c8858783d61d70 /starlingx/demo/firewall-sriov/charts/pktgen-sriov | |
parent | 0a13e91612de5fa590bdecb7b17ef79e7f220131 (diff) |
Add cnf for firewall with network of sriov
sriov driver can be either netdevice or vfio
start scripts support netdevice only yet
Change-Id: Ifa1e9acc558387d38245bd99669225fbf5fb8d05
Issue-ID: MULTICLOUD-999
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Diffstat (limited to 'starlingx/demo/firewall-sriov/charts/pktgen-sriov')
8 files changed, 317 insertions, 0 deletions
diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/.helmignore b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/Chart.yaml b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/Chart.yaml new file mode 100644 index 00000000..b07a1270 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy packet generator for vFirewall +name: pktgen-sriov +version: 0.1.0 diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/resources/scripts/init/vpg_start.sh b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/resources/scripts/init/vpg_start.sh new file mode 100644 index 00000000..936e9d53 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/resources/scripts/init/vpg_start.sh @@ -0,0 +1,100 @@ +#!/bin/bash + +apt-get update +apt-get install -y sudo curl net-tools iproute2 wget + +curl -s https://packagecloud.io/install/repositories/fdio/release/script.deb.sh | sudo bash + +export VPP_VER=19.01.2-release +apt-get install -y vpp=$VPP_VER vpp-lib=$VPP_VER + +apt-get install -y vpp-plugins=$VPP_VER + +if [ -e /run/vpp/cli-vpp1.sock ]; then + rm /run/vpp/cli-vpp1.sock +fi + +# root@vpktgen:/# taskset -p --cpu-list 1 +# pid 1's current affinity list: 1,2,29 + +corelist=`taskset -p -c 1 |cut -d : -f 2 | sed 's/^ *//' | sed 's/ *$//'` +#extract master core +mastercoreidx=`echo $corelist | cut -d , -f 1` +#extract worker cores +workercorelist=`echo $corelist | sed -E 's/^[0-9]*,//'` + +echo 'start... vpp' +vpp unix {cli-listen /run/vpp/cli-vpp1.sock} api-segment { prefix vpp1 } \ + cpu { main-core $mastercoreidx corelist-workers $workercorelist } + +echo 'wait vpp be up ...' +while [ ! -e /run/vpp/cli-vpp1.sock ]; do + sleep 1; +done + +echo 'configure vpp ...' + + +vppctl -s /run/vpp/cli-vpp1.sock show ver +vppctl -s /run/vpp/cli-vpp1.sock show threads + +vppctl -s /run/vpp/cli-vpp1.sock create host-interface name veth11 + +vppctl -s /run/vpp/cli-vpp1.sock set int state host-veth11 up + +vppctl -s /run/vpp/cli-vpp1.sock show int +vppctl -s /run/vpp/cli-vpp1.sock show hardware + +vppctl -s /run/vpp/cli-vpp1.sock set int ip address host-veth11 10.10.1.2/24 + +vppctl -s /run/vpp/cli-vpp1.sock show int addr + +vppctl -s /run/vpp/cli-vpp1.sock ip route add 10.10.2.0/24 via 10.10.1.1 + +vppctl -s /run/vpp/cli-vpp1.sock show ip fib + +#vppctl -s /run/vpp/cli-vpp1.sock trace add af-packet-input 10 + +echo "provision streams" +### pktgen config +vppctl -s /run/vpp/cli-vpp1.sock loop create +vppctl -s /run/vpp/cli-vpp1.sock set int ip address loop0 11.22.33.1/24 +vppctl -s /run/vpp/cli-vpp1.sock set int state loop0 up + +cd /opt + +mkdir /home/root +cat <<EOF> /home/root/stream_fw_udp1_loop0 +packet-generator new { + name fw_udp1 + rate 10 + node ip4-input + size 64-64 + no-recycle + interface loop0 + data { + UDP: 10.10.1.2 -> 10.10.2.2 + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } + } +EOF + +vppctl -s /run/vpp/cli-vpp1.sock exec /home/root/stream_fw_udp1_loop0 + +#vppctl -s /run/vpp/cli-vpp1.sock show packet-generator + +#vppctl -s /run/vpp/cli-vpp1.sock trace add pg-input 10 + +vppctl -s /run/vpp/cli-vpp1.sock packet-generator enable + +vppctl -s /run/vpp/cli-vpp1.sock show packet-generator + +vppctl -s /run/vpp/cli-vpp1.sock show int + +#vppctl -s /run/vpp/cli-vpp1.sock packet-generator disable + +#vppctl -s /run/vpp/cli-vpp1.sock packet-generator delete fw_udp1 + +echo "done" +sleep infinity
\ No newline at end of file diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/_helpers.tpl b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/_helpers.tpl new file mode 100644 index 00000000..322b7c68 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "packetgen.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "packetgen.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "packetgen.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/configmap.yaml b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/configmap.yaml new file mode 100644 index 00000000..731fabb0 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/configmap.yaml @@ -0,0 +1,27 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-scripts-configmap + labels: + release: {{ .Release.Name }} + app: {{ include "firewall.name" . }} + chart: {{ .Chart.Name }} +data: +{{ tpl (.Files.Glob "resources/scripts/init/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml new file mode 100644 index 00000000..6c7000a7 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml @@ -0,0 +1,89 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "packetgen.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "packetgen.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "packetgen.name" .}} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "packetgen.name" .}} + release: {{ .Release.Name }} + annotations: + k8s.v1.cni.cncf.io/networks: '[ + { "name": "sriov-device-{{ .Values.global.unprotectedNetName }}", + "interface": "veth11" } + ]' + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + env: + - name: unprotectedNetCidr + value: "{{.Values.global.unprotectedNetCidr}}" + - name: unprotectedNetGwIp + value: "{{.Values.global.unprotectedNetGwIp}}" + - name: protectedNetCidr + value: "{{.Values.global.protectedNetCidr}}" + - name: protectedNetGwIp + value: "{{.Values.global.protectedNetGwIp}}" + - name: dcaeCollectorIp + value: "{{.Values.global.dcaeCollectorIp}}" + - name: dcaeCollectorPort + value: "{{.Values.global.dcaeCollectorPort}}" + - name: unprotectedNetProviderDriver + value: "{{.Values.global.unprotectedNetProviderDriver}}" + - name: protectedNetProviderDriver + value: "{{.Values.global.protectedNetProviderDriver}}" + command: ["/bin/bash", "/opt/vpg_start.sh"] + securityContext: + privileged: true + capabilities: + add: + - CAP_SYS_ADMIN + volumeMounts: + - mountPath: /hugepages + name: hugepage + - name: lib-modules + mountPath: /lib/modules + - name: src + mountPath: /usr/src + - name: scripts + mountPath: /opt + resources: + requests: + cpu: {{ .Values.resources.cpu }} + memory: {{ .Values.resources.memory }} + hugepages-2Mi: {{ .Values.resources.hugepage }} + intel.com/pci_sriov_net_{{ .Values.global.unprotectedNetProviderName }}: '1' + limits: + cpu: {{ .Values.resources.cpu }} + memory: {{ .Values.resources.memory }} + hugepages-2Mi: {{ .Values.resources.hugepage }} + intel.com/pci_sriov_net_{{ .Values.global.unprotectedNetProviderName }}: '1' + volumes: + - name: hugepage + emptyDir: + medium: HugePages + - name: lib-modules + hostPath: + path: /lib/modules + - name: src + hostPath: + path: /usr/src + - name: scripts + configMap: + name: {{ .Chart.Name }}-scripts-configmap + imagePullSecrets: + - name: admin-registry-secret diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/service.yaml b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/service.yaml new file mode 100644 index 00000000..7b8fd9db --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: packetgen-service + labels: + app: {{ include "packetgen.name" . }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + selector: + app: {{ include "packetgen.name" . }} + release: {{ .Release.Name }} diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/values.yaml b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/values.yaml new file mode 100644 index 00000000..a6ce488e --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/values.yaml @@ -0,0 +1,26 @@ +# Default values for packetgen. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +### must be 1 in this case, since host-device are allocatd statically +replicaCount: 1 + +image: + repository: ubuntu + tag: latest + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +service: +#serivce port value for packetgen service + type: NodePort + ports: + port: 2831 + nodePort: 30831 + +resources: + cpu: 3 + memory: 4Gi + hugepage: 256Mi |