summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kud/tests/cFW/README.md8
-rw-r--r--kud/tests/cFW/Vagrantfile93
-rw-r--r--kud/tests/cFW/darkstat/Dockerfile14
-rw-r--r--kud/tests/cFW/docker-compose.yml80
-rw-r--r--kud/tests/cFW/firewall/Dockerfile48
-rwxr-xr-xkud/tests/cFW/firewall/init.sh43
-rw-r--r--kud/tests/cFW/packetgen/Dockerfile47
-rwxr-xr-xkud/tests/cFW/packetgen/init.sh58
-rwxr-xr-xkud/tests/cFW/postinstall.sh83
-rw-r--r--kud/tests/cFW/sink/Dockerfile28
-rwxr-xr-xkud/tests/cFW/sink/init.sh17
-rw-r--r--kud/tests/cFW/sink/wrapper_v_sink_init.sh10
-rw-r--r--kud/tests/cFW/vpp/80-vpp.conf15
-rw-r--r--kud/tests/cFW/vpp/Dockerfile19
-rw-r--r--kud/tests/cFW/vpp/startup.conf156
15 files changed, 464 insertions, 255 deletions
diff --git a/kud/tests/cFW/README.md b/kud/tests/cFW/README.md
index c6ac9e20..87edbd56 100644
--- a/kud/tests/cFW/README.md
+++ b/kud/tests/cFW/README.md
@@ -1,10 +1,8 @@
-# Cloud-Native Firewall Virtual Network Function
+# Firewall Cloud-Native Network Function Demo
-[CNF][1] version of the ONAP vFirewall use case.
+This is the implementation of the ONAP vFirewall use case as
+Cloud-Native Network Function.
## License
Apache-2.0
-
-[1]: https://github.com/ligato/cn-infra/blob/master/docs/readmes/cn_virtual_function.md
-[2]: https://github.com/electrocucaracha/vFW-demo
diff --git a/kud/tests/cFW/Vagrantfile b/kud/tests/cFW/Vagrantfile
index d02e7d01..de0031cd 100644
--- a/kud/tests/cFW/Vagrantfile
+++ b/kud/tests/cFW/Vagrantfile
@@ -1,33 +1,84 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
+##############################################################################
+# Copyright (c) 2020
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+$no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost"
+# NOTE: This range is based on vagrant-libvirt network definition CIDR 192.168.121.0/24
+(1..254).each do |i|
+ $no_proxy += ",192.168.121.#{i}"
+end
+$no_proxy += ",10.0.2.15"
+$socks_proxy = ENV['socks_proxy'] || ENV['SOCKS_PROXY'] || ""
Vagrant.configure("2") do |config|
- config.vm.box = "elastic/ubuntu-16.04-x86_64"
- config.vm.hostname = "demo"
- config.vm.provision 'shell', path: 'postinstall.sh'
- config.vm.network :private_network, :ip => "192.168.10.5", :type => :static # unprotected_private_net_cidr
- config.vm.network :private_network, :ip => "192.168.20.5", :type => :static # protected_private_net_cidr
- config.vm.network :private_network, :ip => "10.10.12.5", :type => :static, :netmask => "16" # onap_private_net_cidr
+ config.vm.provider :libvirt
+ config.vm.provider :virtualbox
- if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil
- if not Vagrant.has_plugin?('vagrant-proxyconf')
- system 'vagrant plugin install vagrant-proxyconf'
- raise 'vagrant-proxyconf was installed but it requires to execute again'
+ config.vm.box = "generic/ubuntu1804"
+ config.vm.box_version = "3.0.8"
+ config.vm.synced_folder './', '/vagrant'
+
+ [:virtualbox, :libvirt].each do |provider|
+ config.vm.provider provider do |p|
+ p.cpus = 2
+ p.memory = 4096
end
- config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || ""
- config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || ""
- config.proxy.no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost"
- config.proxy.enabled = { docker: false }
end
- config.vm.provider 'virtualbox' do |v|
- v.customize ["modifyvm", :id, "--memory", 8192]
- v.customize ["modifyvm", :id, "--cpus", 2]
+ config.vm.provider "virtualbox" do |v|
+ v.gui = false
end
- config.vm.provider 'libvirt' do |v|
- v.memory = 8192
- v.cpus = 2
- v.nested = true
+
+ config.vm.provider :libvirt do |v|
v.cpu_mode = 'host-passthrough'
+ v.random_hostname = true
+ v.management_network_address = "192.168.121.0/24"
end
+
+ if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil
+ if Vagrant.has_plugin?('vagrant-proxyconf')
+ config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || ""
+ config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || ""
+ config.proxy.no_proxy = $no_proxy
+ config.proxy.enabled = { docker: false, git: false }
+ end
+ end
+ # Install requirements
+ config.vm.provision 'shell', privileged: false, inline: <<-SHELL
+ source /etc/os-release || source /usr/lib/os-release
+ case ${ID,,} in
+ ubuntu|debian)
+ sudo apt-get update
+ sudo apt-get install -y -qq -o=Dpkg::Use-Pty=0 curl
+ ;;
+ esac
+ # NOTE: Shorten link -> https://github.com/electrocucaracha/pkg-mgr_scripts
+ curl -fsSL http://bit.ly/install_pkg | PKG="docker docker-compose" bash
+ SHELL
+
+ # Deploy services
+ config.vm.provision 'shell', inline: <<-SHELL
+ set -o pipefail
+ set -o errexit
+
+ cd /vagrant
+ docker network create --subnet 10.10.0.0/16 --opt com.docker.network.bridge.name=docker_gwbridge docker_gwbridge
+ docker swarm init --advertise-addr 10.0.2.15
+ docker build --no-cache -t vpp vpp/
+ docker-compose up -d
+ docker image prune --force
+ #curl -X PUT \
+ # -H "Authorization: Basic YWRtaW46YWRtaW4=" \
+ # -H "Content-Type: application/json" \
+ # -H "Cache-Control: no-cache" \
+ # -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"}]}}' \
+ # "http://127.0.0.1:8083/restconf/config/sample-plugin:sample-plugin/pg-streams"
+ SHELL
+ config.vm.network :forwarded_port, guest: 8080, host: 8080
end
diff --git a/kud/tests/cFW/darkstat/Dockerfile b/kud/tests/cFW/darkstat/Dockerfile
deleted file mode 100644
index d3a46b9c..00000000
--- a/kud/tests/cFW/darkstat/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-FROM ubuntu:16.04
-MAINTAINER Victor Morales <electrocucaracha@gmail.com>
-
-ARG HTTP_PROXY=${HTTP_PROXY}
-ARG HTTPS_PROXY=${HTTPS_PROXY}
-
-ENV http_proxy $HTTP_PROXY
-ENV https_proxy $HTTPS_PROXY
-
-RUN apt-get update && apt-get install -y -qq darkstat
-
-EXPOSE 667
-
-CMD ["/usr/sbin/darkstat", "-i", "eth1", "--no-daemon"]
diff --git a/kud/tests/cFW/docker-compose.yml b/kud/tests/cFW/docker-compose.yml
index 6d883fbd..29db821c 100644
--- a/kud/tests/cFW/docker-compose.yml
+++ b/kud/tests/cFW/docker-compose.yml
@@ -1,38 +1,70 @@
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2020
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
version: '3'
services:
packetgen:
+ image: packetgen:1.6.0
privileged: true
- network_mode: "host"
- image: electrocucaracha/packetgen
+ environment:
+ - PROTECTED_NET_CIDR=192.168.20.0/24
+ - FW_IPADDR=192.168.10.100
+ - SINK_IPADDR=192.168.20.250
+ ports:
+ - 8083:8183
build:
context: ./packetgen
- args:
- HTTP_PROXY: $HTTP_PROXY
- HTTPS_PROXY: $HTTPS_PROXY
+ networks:
+ unprotected:
+ ipv4_address: 192.168.10.200
firewall:
+ image: firewall:1.6.0
privileged: true
- network_mode: "host"
- image: electrocucaracha/firewall
+ environment:
+ - DCAE_COLLECTOR_IP=""
+ - DCAE_COLLECTOR_PORT=""
+ ports:
+ - 8083
build:
context: ./firewall
- args:
- HTTP_PROXY: $HTTP_PROXY
- HTTPS_PROXY: $HTTPS_PROXY
+ networks:
+ unprotected:
+ ipv4_address: 192.168.10.100
+ protected:
+ ipv4_address: 192.168.20.100
sink:
- privileged: true
- network_mode: "host"
- image: electrocucaracha/sink
+ image: sink:1.6.0
+ cap_add:
+ - NET_ADMIN
+ environment:
+ - UNPROTECTED_NET=192.168.10.0/24
+ - PROTECTED_NET_GW=192.168.20.100
+ ports:
+ - 8080:667
build:
context: ./sink
- args:
- HTTP_PROXY: $HTTP_PROXY
- HTTPS_PROXY: $HTTPS_PROXY
- darkstat:
- network_mode: "host"
- image: electrocucaracha/darkstat
- build:
- context: ./darkstat
- args:
- HTTP_PROXY: $HTTP_PROXY
- HTTPS_PROXY: $HTTPS_PROXY
+ networks:
+ protected:
+ ipv4_address: 192.168.20.250
+
+networks:
+ unprotected:
+ driver: overlay
+ ipam:
+ driver: default
+ config:
+ - subnet: 192.168.10.0/24
+ protected:
+ driver: overlay
+ ipam:
+ driver: default
+ config:
+ - subnet: 192.168.20.0/24
diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile
index 7d3e6ede..086f30ce 100644
--- a/kud/tests/cFW/firewall/Dockerfile
+++ b/kud/tests/cFW/firewall/Dockerfile
@@ -1,32 +1,22 @@
-FROM electrocucaracha/vpp
+FROM ubuntu:18.04 as builder
MAINTAINER Victor Morales <electrocucaracha@gmail.com>
-ARG HTTP_PROXY=${HTTP_PROXY}
-ARG HTTPS_PROXY=${HTTPS_PROXY}
-
-ENV http_proxy $HTTP_PROXY
-ENV https_proxy $HTTPS_PROXY
+ENV demo_artifacts_version "1.6.0"
ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
-ENV protected_net_cidr "192.168.20.0/24"
-ENV fw_ipaddr "192.168.10.100"
-ENV sink_ipaddr "192.168.20.250"
-ENV demo_artifacts_version "1.3.0"
-
-RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
- bsdmainutils make gcc libcurl4-gnutls-dev
+RUN apt-get update && apt-get install -y -qq --no-install-recommends \
+ wget ca-certificates
WORKDIR /opt
-RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \
- && chmod +x v_firewall_init.sh \
- && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh
-
RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
&& tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
&& rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
&& mv sample-distribution-${demo_artifacts_version} honeycomb \
- && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+ && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json
+
+RUN apt-get install -y -qq --no-install-recommends \
+ make gcc libc6-dev libcurl4-gnutls-dev
RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \
&& tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \
@@ -38,12 +28,20 @@ RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_r
&& rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \
&& mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \
&& chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \
- && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd -
+ && make -C /opt/VES/evel/evel-library/bldjobs/
+
+FROM vpp
+
+COPY --from=builder /opt/honeycomb /opt/honeycomb
+COPY --from=builder /opt/VES/evel/evel-library/code/VESreporting /opt/VESreporting
+COPY --from=builder /opt/VES/evel/evel-library/libs/x86_64/libevel.so /usr/lib/x86_64-linux-gnu/
+COPY init.sh /opt/init.sh
+
+ENV DCAE_COLLECTOR_IP ""
+ENV DCAE_COLLECTOR_PORT ""
-RUN mkdir -p /opt/config/ \
- && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
- && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
- && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
- && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+RUN apt-get update && apt-get install -y -qq --no-install-recommends \
+ openjdk-8-jre iproute2 libcurl4-gnutls-dev
-CMD ["./v_firewall_init.sh"]
+ENTRYPOINT ["/bin/bash"]
+CMD ["/opt/init.sh"]
diff --git a/kud/tests/cFW/firewall/init.sh b/kud/tests/cFW/firewall/init.sh
new file mode 100755
index 00000000..71db2e2d
--- /dev/null
+++ b/kud/tests/cFW/firewall/init.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2020
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o pipefail
+set -o xtrace
+set -o errexit
+set -o nounset
+
+echo 'start... vpp'
+/usr/bin/vpp -c /etc/vpp/startup.conf
+echo 'wait vpp be up ...'
+until vppctl show ver; do
+ sleep 1;
+done
+
+# Configure VPP for vFirewall
+nic_protected=eth1
+nic_unprotected=eth2
+ip_protected_addr=$(ip addr show $nic_protected | grep inet | awk '{print $2}')
+ip_unprotected_addr=$(ip addr show $nic_unprotected | grep inet | awk '{print $2}')
+
+vppctl create host-interface name "$nic_protected"
+vppctl create host-interface name "$nic_unprotected"
+
+vppctl set int ip address "host-$nic_protected" "$ip_protected_addr"
+vppctl set int ip address "host-$nic_unprotected" "$ip_unprotected_addr"
+
+vppctl set int state "host-$nic_protected" up
+vppctl set int state "host-$nic_unprotected" up
+
+# Start HoneyComb
+#/opt/honeycomb/honeycomb &>/dev/null &disown
+/opt/honeycomb/honeycomb
+
+# Start VES client
+#/opt/VESreporting/vpp_measurement_reporter "$DCAE_COLLECTOR_IP" "$DCAE_COLLECTOR_PORT" eth1
diff --git a/kud/tests/cFW/packetgen/Dockerfile b/kud/tests/cFW/packetgen/Dockerfile
index cb1da555..074fec02 100644
--- a/kud/tests/cFW/packetgen/Dockerfile
+++ b/kud/tests/cFW/packetgen/Dockerfile
@@ -1,44 +1,33 @@
-FROM electrocucaracha/vpp
+FROM ubuntu:18.04 as builder
MAINTAINER Victor Morales <electrocucaracha@gmail.com>
-ARG HTTP_PROXY=${HTTP_PROXY}
-ARG HTTPS_PROXY=${HTTPS_PROXY}
-
-ENV http_proxy $HTTP_PROXY
-ENV https_proxy $HTTPS_PROXY
+ENV demo_artifacts_version "1.6.0"
ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
-ENV protected_net_cidr "192.168.20.0/24"
-ENV fw_ipaddr "192.168.10.100"
-ENV sink_ipaddr "192.168.20.250"
-ENV demo_artifacts_version "1.3.0"
-
-RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
- bsdmainutils
+RUN apt-get update && apt-get install -y -qq --no-install-recommends \
+ wget ca-certificates
WORKDIR /opt
EXPOSE 8183
-RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_packetgen_init.sh" \
- && wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/run_traffic_fw_demo.sh" \
- && chmod +x *.sh \
- && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g;s|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh
-
RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
&& tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
&& rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
&& mv sample-distribution-${demo_artifacts_version} honeycomb \
- && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+ && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json
+
+FROM vpp
+
+COPY --from=builder /opt/honeycomb /opt/honeycomb
+COPY init.sh /opt/init.sh
-RUN wget "${repo_url}/vfw/vfw_pg_streams/${demo_artifacts_version}/vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz" \
- && tar -zmxf vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \
- && rm vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \
- && mv vfw_pg_streams-${demo_artifacts_version} pg_streams
+ENV PROTECTED_NET_CIDR "192.168.20.0/24"
+ENV FW_IPADDR "192.168.10.100"
+ENV SINK_IPADDR "192.168.20.250"
-RUN mkdir -p /opt/config/ \
- && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
- && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
- && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
- && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+RUN apt-get update && apt-get install -y -qq --no-install-recommends \
+ openjdk-8-jre iproute2 \
+ && mkdir -p /opt/pg_streams
-CMD ["./v_packetgen_init.sh"]
+ENTRYPOINT ["/bin/bash"]
+CMD ["/opt/init.sh"]
diff --git a/kud/tests/cFW/packetgen/init.sh b/kud/tests/cFW/packetgen/init.sh
new file mode 100755
index 00000000..1df98424
--- /dev/null
+++ b/kud/tests/cFW/packetgen/init.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2020
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o pipefail
+set -o xtrace
+set -o errexit
+set -o nounset
+
+echo 'start... vpp'
+/usr/bin/vpp -c /etc/vpp/startup.conf
+echo 'wait vpp be up ...'
+until vppctl show ver; do
+ sleep 1;
+done
+
+# Configure VPP for vPacketGenerator
+nic=eth0
+ip_addr=$(ip addr show $nic | grep inet | awk '{print $2}')
+
+vppctl create host-interface name "$nic"
+vppctl set int state "host-$nic" up
+vppctl set int ip address "host-$nic" "$ip_addr"
+vppctl ip route add "$PROTECTED_NET_CIDR" via "$FW_IPADDR"
+
+vppctl loop create
+vppctl set int ip address loop0 11.22.33.1/24
+vppctl set int state loop0 up
+
+# Install packet streams
+for i in $(seq 1 10); do
+ cat <<EOL > "/opt/pg_streams/stream_fw_udp"
+packet-generator new {
+ name fw_udp$i
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ interface loop0
+ data {
+ UDP: ${ip_addr%/*} -> $SINK_IPADDR
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
+EOL
+ vppctl exec "/opt/pg_streams/stream_fw_udp"
+done
+vppctl packet-generator enable
+
+# Start HoneyComb
+/opt/honeycomb/honeycomb
diff --git a/kud/tests/cFW/postinstall.sh b/kud/tests/cFW/postinstall.sh
deleted file mode 100755
index ec2cba49..00000000
--- a/kud/tests/cFW/postinstall.sh
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/bash
-# SPDX-license-identifier: Apache-2.0
-##############################################################################
-# Copyright (c) 2018
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-# http://www.apache.org/licenses/LICENSE-2.0
-##############################################################################
-
-set -o nounset
-set -o pipefail
-set -o xtrace
-
-# install_docker() - Download and install docker-engine
-function install_docker {
- local max_concurrent_downloads=${1:-3}
-
- if $(docker version &>/dev/null); then
- return
- fi
- apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- apt-get update
- apt-get install -y docker-ce
-
- mkdir -p /etc/systemd/system/docker.service.d
- if [ $http_proxy ]; then
- cat <<EOL > /etc/systemd/system/docker.service.d/http-proxy.conf
-[Service]
-Environment="HTTP_PROXY=$http_proxy"
-EOL
- fi
- if [ $https_proxy ]; then
- cat <<EOL > /etc/systemd/system/docker.service.d/https-proxy.conf
-[Service]
-Environment="HTTPS_PROXY=$https_proxy"
-EOL
- fi
- if [ $no_proxy ]; then
- cat <<EOL > /etc/systemd/system/docker.service.d/no-proxy.conf
-[Service]
-Environment="NO_PROXY=$no_proxy"
-EOL
- fi
- systemctl daemon-reload
- echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker
- usermod -aG docker $USER
-
- systemctl restart docker
- sleep 10
-}
-
-# install_docker_compose() - Installs docker compose python module
-function install_docker_compose {
- if ! which pip; then
- curl -sL https://bootstrap.pypa.io/get-pip.py | python
- fi
- pip install --no-cache-dir --upgrade pip
- pip install --no-cache-dir docker-compose
-}
-
-echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
-sysctl -p
-
-install_docker
-install_docker_compose
-
-cd /vagrant
-# build vpp docker image
-BUILD_ARGS="--no-cache"
-if [ $HTTP_PROXY ]; then
- BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}"
-fi
-if [ $HTTPS_PROXY ]; then
- BUILD_ARGS+=" --build-arg HTTPS_PROXY=${HTTPS_PROXY}"
-fi
-pushd vpp
-docker build ${BUILD_ARGS} -t electrocucaracha/vpp:latest .
-popd
-
-docker-compose up -d
diff --git a/kud/tests/cFW/sink/Dockerfile b/kud/tests/cFW/sink/Dockerfile
index 5e3da088..3d934135 100644
--- a/kud/tests/cFW/sink/Dockerfile
+++ b/kud/tests/cFW/sink/Dockerfile
@@ -1,24 +1,14 @@
-FROM ubuntu:16.04
+FROM ubuntu:18.04
MAINTAINER Ritu Sood <ritu.sood@intel.com>
-ARG HTTP_PROXY=${HTTP_PROXY}
-ARG HTTPS_PROXY=${HTTPS_PROXY}
+COPY init.sh /opt/init.sh
-ENV http_proxy $HTTP_PROXY
-ENV https_proxy $HTTPS_PROXY
+ENV PROTECTED_NET_GW "192.168.20.100"
+ENV UNPROTECTED_NET "192.168.10.0/24"
-ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
-ENV demo_artifacts_version "1.5.0"
+RUN apt-get update && apt-get install -y -qq --no-install-recommends \
+ iproute2 darkstat
+EXPOSE 667
-RUN apt-get update && apt-get install -y -qq wget net-tools unzip
-
-WORKDIR /opt
-
-RUN wget "${repo_url}/vfw/vfw-scripts/${demo_artifacts_version}/vfw-scripts-${demo_artifacts_version}.zip" \
- && unzip "vfw-scripts-${demo_artifacts_version}.zip" \
- && chmod +x v_sink_init.sh
-
-COPY wrapper_v_sink_init.sh .
-RUN chmod +x wrapper_v_sink_init.sh
-
-CMD ["./wrapper_v_sink_init.sh"]
+ENTRYPOINT ["/bin/bash"]
+CMD ["/opt/init.sh"]
diff --git a/kud/tests/cFW/sink/init.sh b/kud/tests/cFW/sink/init.sh
new file mode 100755
index 00000000..58c32bdc
--- /dev/null
+++ b/kud/tests/cFW/sink/init.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2020
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o pipefail
+set -o xtrace
+set -o errexit
+set -o nounset
+
+ip route add $UNPROTECTED_NET via $PROTECTED_NET_GW
+/usr/sbin/darkstat --no-daemon --verbose -i eth0
diff --git a/kud/tests/cFW/sink/wrapper_v_sink_init.sh b/kud/tests/cFW/sink/wrapper_v_sink_init.sh
deleted file mode 100644
index e3a3e35e..00000000
--- a/kud/tests/cFW/sink/wrapper_v_sink_init.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-mkdir -p /opt/config/
-echo "$protected_net_gw" > /opt/config/protected_net_gw.txt
-echo "$protected_private_net_cidr" > /opt/config/unprotected_net.txt
-
-# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100
-# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists
-./v_sink_init.sh
-sleep infinity
diff --git a/kud/tests/cFW/vpp/80-vpp.conf b/kud/tests/cFW/vpp/80-vpp.conf
deleted file mode 100644
index 8fdf184c..00000000
--- a/kud/tests/cFW/vpp/80-vpp.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# Number of 2MB hugepages desired
-vm.nr_hugepages=1024
-
-# Must be greater than or equal to (2 * vm.nr_hugepages).
-vm.max_map_count=3096
-
-# All groups allowed to access hugepages
-vm.hugetlb_shm_group=0
-
-# Shared Memory Max must be greator or equal to the total size of hugepages.
-# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024
-# If the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax)
-# is greater than the calculated TotalHugepageSize then set this parameter
-# to current shmmax value.
-kernel.shmmax=2147483648
diff --git a/kud/tests/cFW/vpp/Dockerfile b/kud/tests/cFW/vpp/Dockerfile
index 63b08b01..a04e0236 100644
--- a/kud/tests/cFW/vpp/Dockerfile
+++ b/kud/tests/cFW/vpp/Dockerfile
@@ -1,17 +1,16 @@
-FROM ubuntu:16.04
+FROM ubuntu:18.04
MAINTAINER Victor Morales <electrocucaracha@gmail.com>
-ARG HTTP_PROXY=${HTTP_PROXY}
-ARG HTTPS_PROXY=${HTTPS_PROXY}
+ENV VERSION "19.01.2-release"
-ENV http_proxy $HTTP_PROXY
-ENV https_proxy $HTTPS_PROXY
-
-RUN apt-get update && apt-get install -y -qq apt-transport-https \
- && echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1609.ubuntu.xenial.main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list \
+RUN apt-get update \
+ && apt-get install -y -qq --no-install-recommends curl ca-certificates gnupg2 \
+ && echo "deb [trusted=yes] https://packagecloud.io/fdio/release/ubuntu bionic main" | tee /etc/apt/sources.list.d/99fd.io.list \
+ && curl -L https://packagecloud.io/fdio/release/gpgkey | apt-key add - \
+ && mkdir -p /var/log/vpp/ \
&& apt-get update \
- && apt-get install -y -qq vpp vpp-lib vpp-plugins
+ && apt-get install -y -qq --no-install-recommends vpp=$VERSION vpp-lib=$VERSION vpp-plugins=$VERSION
-COPY 80-vpp.conf /etc/sysctl.d/80-vpp.conf
+COPY startup.conf /etc/vpp/startup.conf
CMD ["/usr/bin/vpp", "-c", "/etc/vpp/startup.conf"]
diff --git a/kud/tests/cFW/vpp/startup.conf b/kud/tests/cFW/vpp/startup.conf
new file mode 100644
index 00000000..bdeb594c
--- /dev/null
+++ b/kud/tests/cFW/vpp/startup.conf
@@ -0,0 +1,156 @@
+
+unix {
+ log /var/log/vpp/vpp.log
+ full-coredump
+ cli-listen /run/vpp/cli.sock
+ gid vpp
+}
+
+api-trace {
+## This stanza controls binary API tracing. Unless there is a very strong reason,
+## please leave this feature enabled.
+ on
+## Additional parameters:
+##
+## To set the number of binary API trace records in the circular buffer, configure nitems
+##
+## nitems <nnn>
+##
+## To save the api message table decode tables, configure a filename. Results in /tmp/<filename>
+## Very handy for understanding api message changes between versions, identifying missing
+## plugins, and so forth.
+##
+## save-api-table <filename>
+}
+
+api-segment {
+ gid vpp
+}
+
+socksvr {
+ default
+}
+
+cpu {
+ ## In the VPP there is one main thread and optionally the user can create worker(s)
+ ## The main thread and worker thread(s) can be pinned to CPU core(s) manually or automatically
+
+ ## Manual pinning of thread(s) to CPU core(s)
+
+ ## Set logical CPU core where main thread runs, if main core is not set
+ ## VPP will use core 1 if available
+ # main-core 1
+
+ ## Set logical CPU core(s) where worker threads are running
+ # corelist-workers 2-3,18-19
+
+ ## Automatic pinning of thread(s) to CPU core(s)
+
+ ## Sets number of CPU core(s) to be skipped (1 ... N-1)
+ ## Skipped CPU core(s) are not used for pinning main thread and working thread(s).
+ ## The main thread is automatically pinned to the first available CPU core and worker(s)
+ ## are pinned to next free CPU core(s) after core assigned to main thread
+ # skip-cores 4
+
+ ## Specify a number of workers to be created
+ ## Workers are pinned to N consecutive CPU cores while skipping "skip-cores" CPU core(s)
+ ## and main thread's CPU core
+ # workers 2
+
+ ## Set scheduling policy and priority of main and worker threads
+
+ ## Scheduling policy options are: other (SCHED_OTHER), batch (SCHED_BATCH)
+ ## idle (SCHED_IDLE), fifo (SCHED_FIFO), rr (SCHED_RR)
+ # scheduler-policy fifo
+
+ ## Scheduling priority is used only for "real-time policies (fifo and rr),
+ ## and has to be in the range of priorities supported for a particular policy
+ # scheduler-priority 50
+}
+
+# dpdk {
+ ## Change default settings for all interfaces
+ # dev default {
+ ## Number of receive queues, enables RSS
+ ## Default is 1
+ # num-rx-queues 3
+
+ ## Number of transmit queues, Default is equal
+ ## to number of worker threads or 1 if no workers treads
+ # num-tx-queues 3
+
+ ## Number of descriptors in transmit and receive rings
+ ## increasing or reducing number can impact performance
+ ## Default is 1024 for both rx and tx
+ # num-rx-desc 512
+ # num-tx-desc 512
+
+ ## VLAN strip offload mode for interface
+ ## Default is off
+ # vlan-strip-offload on
+ # }
+
+ ## Whitelist specific interface by specifying PCI address
+ # dev 0000:02:00.0
+
+ ## Blacklist specific device type by specifying PCI vendor:device
+ ## Whitelist entries take precedence
+ # blacklist 8086:10fb
+
+ ## Set interface name
+ # dev 0000:02:00.1 {
+ # name eth0
+ # }
+
+ ## Whitelist specific interface by specifying PCI address and in
+ ## addition specify custom parameters for this interface
+ # dev 0000:02:00.1 {
+ # num-rx-queues 2
+ # }
+
+ ## Specify bonded interface and its slaves via PCI addresses
+ ##
+ ## Bonded interface in XOR load balance mode (mode 2) with L3 and L4 headers
+ # vdev eth_bond0,mode=2,slave=0000:02:00.0,slave=0000:03:00.0,xmit_policy=l34
+ # vdev eth_bond1,mode=2,slave=0000:02:00.1,slave=0000:03:00.1,xmit_policy=l34
+ ##
+ ## Bonded interface in Active-Back up mode (mode 1)
+ # vdev eth_bond0,mode=1,slave=0000:02:00.0,slave=0000:03:00.0
+ # vdev eth_bond1,mode=1,slave=0000:02:00.1,slave=0000:03:00.1
+
+ ## Change UIO driver used by VPP, Options are: igb_uio, vfio-pci,
+ ## uio_pci_generic or auto (default)
+ # uio-driver vfio-pci
+
+ ## Disable multi-segment buffers, improves performance but
+ ## disables Jumbo MTU support
+ # no-multi-seg
+
+ ## Increase number of buffers allocated, needed only in scenarios with
+ ## large number of interfaces and worker threads. Value is per CPU socket.
+ ## Default is 16384
+ # num-mbufs 128000
+
+ ## Change hugepages allocation per-socket, needed only if there is need for
+ ## larger number of mbufs. Default is 256M on each detected CPU socket
+ # socket-mem 2048,2048
+
+ ## Disables UDP / TCP TX checksum offload. Typically needed for use
+ ## faster vector PMDs (together with no-multi-seg)
+ # no-tx-checksum-offload
+# }
+
+
+# plugins {
+ ## Adjusting the plugin path depending on where the VPP plugins are
+ # path /ws/vpp/build-root/install-vpp-native/vpp/lib/vpp_plugins
+
+ ## Disable all plugins by default and then selectively enable specific plugins
+ # plugin default { disable }
+ # plugin dpdk_plugin.so { enable }
+ # plugin acl_plugin.so { enable }
+
+ ## Enable all plugins by default and then selectively disable specific plugins
+ # plugin dpdk_plugin.so { disable }
+ # plugin acl_plugin.so { disable }
+# }