diff options
-rw-r--r-- | kud/tests/cFW/README.md | 8 | ||||
-rw-r--r-- | kud/tests/cFW/Vagrantfile | 93 | ||||
-rw-r--r-- | kud/tests/cFW/darkstat/Dockerfile | 14 | ||||
-rw-r--r-- | kud/tests/cFW/docker-compose.yml | 80 | ||||
-rw-r--r-- | kud/tests/cFW/firewall/Dockerfile | 48 | ||||
-rwxr-xr-x | kud/tests/cFW/firewall/init.sh | 43 | ||||
-rw-r--r-- | kud/tests/cFW/packetgen/Dockerfile | 47 | ||||
-rwxr-xr-x | kud/tests/cFW/packetgen/init.sh | 58 | ||||
-rwxr-xr-x | kud/tests/cFW/postinstall.sh | 83 | ||||
-rw-r--r-- | kud/tests/cFW/sink/Dockerfile | 28 | ||||
-rwxr-xr-x | kud/tests/cFW/sink/init.sh | 17 | ||||
-rw-r--r-- | kud/tests/cFW/sink/wrapper_v_sink_init.sh | 10 | ||||
-rw-r--r-- | kud/tests/cFW/vpp/80-vpp.conf | 15 | ||||
-rw-r--r-- | kud/tests/cFW/vpp/Dockerfile | 19 | ||||
-rw-r--r-- | kud/tests/cFW/vpp/startup.conf | 156 |
15 files changed, 464 insertions, 255 deletions
diff --git a/kud/tests/cFW/README.md b/kud/tests/cFW/README.md index c6ac9e20..87edbd56 100644 --- a/kud/tests/cFW/README.md +++ b/kud/tests/cFW/README.md @@ -1,10 +1,8 @@ -# Cloud-Native Firewall Virtual Network Function +# Firewall Cloud-Native Network Function Demo -[CNF][1] version of the ONAP vFirewall use case. +This is the implementation of the ONAP vFirewall use case as +Cloud-Native Network Function. ## License Apache-2.0 - -[1]: https://github.com/ligato/cn-infra/blob/master/docs/readmes/cn_virtual_function.md -[2]: https://github.com/electrocucaracha/vFW-demo diff --git a/kud/tests/cFW/Vagrantfile b/kud/tests/cFW/Vagrantfile index d02e7d01..de0031cd 100644 --- a/kud/tests/cFW/Vagrantfile +++ b/kud/tests/cFW/Vagrantfile @@ -1,33 +1,84 @@ # -*- mode: ruby -*- # vi: set ft=ruby : +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +$no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost" +# NOTE: This range is based on vagrant-libvirt network definition CIDR 192.168.121.0/24 +(1..254).each do |i| + $no_proxy += ",192.168.121.#{i}" +end +$no_proxy += ",10.0.2.15" +$socks_proxy = ENV['socks_proxy'] || ENV['SOCKS_PROXY'] || "" Vagrant.configure("2") do |config| - config.vm.box = "elastic/ubuntu-16.04-x86_64" - config.vm.hostname = "demo" - config.vm.provision 'shell', path: 'postinstall.sh' - config.vm.network :private_network, :ip => "192.168.10.5", :type => :static # unprotected_private_net_cidr - config.vm.network :private_network, :ip => "192.168.20.5", :type => :static # protected_private_net_cidr - config.vm.network :private_network, :ip => "10.10.12.5", :type => :static, :netmask => "16" # onap_private_net_cidr + config.vm.provider :libvirt + config.vm.provider :virtualbox - if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil - if not Vagrant.has_plugin?('vagrant-proxyconf') - system 'vagrant plugin install vagrant-proxyconf' - raise 'vagrant-proxyconf was installed but it requires to execute again' + config.vm.box = "generic/ubuntu1804" + config.vm.box_version = "3.0.8" + config.vm.synced_folder './', '/vagrant' + + [:virtualbox, :libvirt].each do |provider| + config.vm.provider provider do |p| + p.cpus = 2 + p.memory = 4096 end - config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || "" - config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || "" - config.proxy.no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost" - config.proxy.enabled = { docker: false } end - config.vm.provider 'virtualbox' do |v| - v.customize ["modifyvm", :id, "--memory", 8192] - v.customize ["modifyvm", :id, "--cpus", 2] + config.vm.provider "virtualbox" do |v| + v.gui = false end - config.vm.provider 'libvirt' do |v| - v.memory = 8192 - v.cpus = 2 - v.nested = true + + config.vm.provider :libvirt do |v| v.cpu_mode = 'host-passthrough' + v.random_hostname = true + v.management_network_address = "192.168.121.0/24" end + + if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil + if Vagrant.has_plugin?('vagrant-proxyconf') + config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || "" + config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || "" + config.proxy.no_proxy = $no_proxy + config.proxy.enabled = { docker: false, git: false } + end + end + # Install requirements + config.vm.provision 'shell', privileged: false, inline: <<-SHELL + source /etc/os-release || source /usr/lib/os-release + case ${ID,,} in + ubuntu|debian) + sudo apt-get update + sudo apt-get install -y -qq -o=Dpkg::Use-Pty=0 curl + ;; + esac + # NOTE: Shorten link -> https://github.com/electrocucaracha/pkg-mgr_scripts + curl -fsSL http://bit.ly/install_pkg | PKG="docker docker-compose" bash + SHELL + + # Deploy services + config.vm.provision 'shell', inline: <<-SHELL + set -o pipefail + set -o errexit + + cd /vagrant + docker network create --subnet 10.10.0.0/16 --opt com.docker.network.bridge.name=docker_gwbridge docker_gwbridge + docker swarm init --advertise-addr 10.0.2.15 + docker build --no-cache -t vpp vpp/ + docker-compose up -d + docker image prune --force + #curl -X PUT \ + # -H "Authorization: Basic YWRtaW46YWRtaW4=" \ + # -H "Content-Type: application/json" \ + # -H "Cache-Control: no-cache" \ + # -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"}]}}' \ + # "http://127.0.0.1:8083/restconf/config/sample-plugin:sample-plugin/pg-streams" + SHELL + config.vm.network :forwarded_port, guest: 8080, host: 8080 end diff --git a/kud/tests/cFW/darkstat/Dockerfile b/kud/tests/cFW/darkstat/Dockerfile deleted file mode 100644 index d3a46b9c..00000000 --- a/kud/tests/cFW/darkstat/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM ubuntu:16.04 -MAINTAINER Victor Morales <electrocucaracha@gmail.com> - -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY - -RUN apt-get update && apt-get install -y -qq darkstat - -EXPOSE 667 - -CMD ["/usr/sbin/darkstat", "-i", "eth1", "--no-daemon"] diff --git a/kud/tests/cFW/docker-compose.yml b/kud/tests/cFW/docker-compose.yml index 6d883fbd..29db821c 100644 --- a/kud/tests/cFW/docker-compose.yml +++ b/kud/tests/cFW/docker-compose.yml @@ -1,38 +1,70 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + version: '3' services: packetgen: + image: packetgen:1.6.0 privileged: true - network_mode: "host" - image: electrocucaracha/packetgen + environment: + - PROTECTED_NET_CIDR=192.168.20.0/24 + - FW_IPADDR=192.168.10.100 + - SINK_IPADDR=192.168.20.250 + ports: + - 8083:8183 build: context: ./packetgen - args: - HTTP_PROXY: $HTTP_PROXY - HTTPS_PROXY: $HTTPS_PROXY + networks: + unprotected: + ipv4_address: 192.168.10.200 firewall: + image: firewall:1.6.0 privileged: true - network_mode: "host" - image: electrocucaracha/firewall + environment: + - DCAE_COLLECTOR_IP="" + - DCAE_COLLECTOR_PORT="" + ports: + - 8083 build: context: ./firewall - args: - HTTP_PROXY: $HTTP_PROXY - HTTPS_PROXY: $HTTPS_PROXY + networks: + unprotected: + ipv4_address: 192.168.10.100 + protected: + ipv4_address: 192.168.20.100 sink: - privileged: true - network_mode: "host" - image: electrocucaracha/sink + image: sink:1.6.0 + cap_add: + - NET_ADMIN + environment: + - UNPROTECTED_NET=192.168.10.0/24 + - PROTECTED_NET_GW=192.168.20.100 + ports: + - 8080:667 build: context: ./sink - args: - HTTP_PROXY: $HTTP_PROXY - HTTPS_PROXY: $HTTPS_PROXY - darkstat: - network_mode: "host" - image: electrocucaracha/darkstat - build: - context: ./darkstat - args: - HTTP_PROXY: $HTTP_PROXY - HTTPS_PROXY: $HTTPS_PROXY + networks: + protected: + ipv4_address: 192.168.20.250 + +networks: + unprotected: + driver: overlay + ipam: + driver: default + config: + - subnet: 192.168.10.0/24 + protected: + driver: overlay + ipam: + driver: default + config: + - subnet: 192.168.20.0/24 diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile index 7d3e6ede..086f30ce 100644 --- a/kud/tests/cFW/firewall/Dockerfile +++ b/kud/tests/cFW/firewall/Dockerfile @@ -1,32 +1,22 @@ -FROM electrocucaracha/vpp +FROM ubuntu:18.04 as builder MAINTAINER Victor Morales <electrocucaracha@gmail.com> -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV demo_artifacts_version "1.6.0" ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV protected_net_cidr "192.168.20.0/24" -ENV fw_ipaddr "192.168.10.100" -ENV sink_ipaddr "192.168.20.250" -ENV demo_artifacts_version "1.3.0" - -RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ - bsdmainutils make gcc libcurl4-gnutls-dev +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + wget ca-certificates WORKDIR /opt -RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \ - && chmod +x v_firewall_init.sh \ - && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh - RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && mv sample-distribution-${demo_artifacts_version} honeycomb \ - && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json + +RUN apt-get install -y -qq --no-install-recommends \ + make gcc libc6-dev libcurl4-gnutls-dev RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \ && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \ @@ -38,12 +28,20 @@ RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_r && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \ && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \ - && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd - + && make -C /opt/VES/evel/evel-library/bldjobs/ + +FROM vpp + +COPY --from=builder /opt/honeycomb /opt/honeycomb +COPY --from=builder /opt/VES/evel/evel-library/code/VESreporting /opt/VESreporting +COPY --from=builder /opt/VES/evel/evel-library/libs/x86_64/libevel.so /usr/lib/x86_64-linux-gnu/ +COPY init.sh /opt/init.sh + +ENV DCAE_COLLECTOR_IP "" +ENV DCAE_COLLECTOR_PORT "" -RUN mkdir -p /opt/config/ \ - && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ - && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ - && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ - && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + openjdk-8-jre iproute2 libcurl4-gnutls-dev -CMD ["./v_firewall_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/firewall/init.sh b/kud/tests/cFW/firewall/init.sh new file mode 100755 index 00000000..71db2e2d --- /dev/null +++ b/kud/tests/cFW/firewall/init.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +echo 'start... vpp' +/usr/bin/vpp -c /etc/vpp/startup.conf +echo 'wait vpp be up ...' +until vppctl show ver; do + sleep 1; +done + +# Configure VPP for vFirewall +nic_protected=eth1 +nic_unprotected=eth2 +ip_protected_addr=$(ip addr show $nic_protected | grep inet | awk '{print $2}') +ip_unprotected_addr=$(ip addr show $nic_unprotected | grep inet | awk '{print $2}') + +vppctl create host-interface name "$nic_protected" +vppctl create host-interface name "$nic_unprotected" + +vppctl set int ip address "host-$nic_protected" "$ip_protected_addr" +vppctl set int ip address "host-$nic_unprotected" "$ip_unprotected_addr" + +vppctl set int state "host-$nic_protected" up +vppctl set int state "host-$nic_unprotected" up + +# Start HoneyComb +#/opt/honeycomb/honeycomb &>/dev/null &disown +/opt/honeycomb/honeycomb + +# Start VES client +#/opt/VESreporting/vpp_measurement_reporter "$DCAE_COLLECTOR_IP" "$DCAE_COLLECTOR_PORT" eth1 diff --git a/kud/tests/cFW/packetgen/Dockerfile b/kud/tests/cFW/packetgen/Dockerfile index cb1da555..074fec02 100644 --- a/kud/tests/cFW/packetgen/Dockerfile +++ b/kud/tests/cFW/packetgen/Dockerfile @@ -1,44 +1,33 @@ -FROM electrocucaracha/vpp +FROM ubuntu:18.04 as builder MAINTAINER Victor Morales <electrocucaracha@gmail.com> -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV demo_artifacts_version "1.6.0" ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV protected_net_cidr "192.168.20.0/24" -ENV fw_ipaddr "192.168.10.100" -ENV sink_ipaddr "192.168.20.250" -ENV demo_artifacts_version "1.3.0" - -RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ - bsdmainutils +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + wget ca-certificates WORKDIR /opt EXPOSE 8183 -RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_packetgen_init.sh" \ - && wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/run_traffic_fw_demo.sh" \ - && chmod +x *.sh \ - && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g;s|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh - RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && mv sample-distribution-${demo_artifacts_version} honeycomb \ - && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json + +FROM vpp + +COPY --from=builder /opt/honeycomb /opt/honeycomb +COPY init.sh /opt/init.sh -RUN wget "${repo_url}/vfw/vfw_pg_streams/${demo_artifacts_version}/vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz" \ - && tar -zmxf vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \ - && rm vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \ - && mv vfw_pg_streams-${demo_artifacts_version} pg_streams +ENV PROTECTED_NET_CIDR "192.168.20.0/24" +ENV FW_IPADDR "192.168.10.100" +ENV SINK_IPADDR "192.168.20.250" -RUN mkdir -p /opt/config/ \ - && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ - && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ - && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ - && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + openjdk-8-jre iproute2 \ + && mkdir -p /opt/pg_streams -CMD ["./v_packetgen_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/packetgen/init.sh b/kud/tests/cFW/packetgen/init.sh new file mode 100755 index 00000000..1df98424 --- /dev/null +++ b/kud/tests/cFW/packetgen/init.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +echo 'start... vpp' +/usr/bin/vpp -c /etc/vpp/startup.conf +echo 'wait vpp be up ...' +until vppctl show ver; do + sleep 1; +done + +# Configure VPP for vPacketGenerator +nic=eth0 +ip_addr=$(ip addr show $nic | grep inet | awk '{print $2}') + +vppctl create host-interface name "$nic" +vppctl set int state "host-$nic" up +vppctl set int ip address "host-$nic" "$ip_addr" +vppctl ip route add "$PROTECTED_NET_CIDR" via "$FW_IPADDR" + +vppctl loop create +vppctl set int ip address loop0 11.22.33.1/24 +vppctl set int state loop0 up + +# Install packet streams +for i in $(seq 1 10); do + cat <<EOL > "/opt/pg_streams/stream_fw_udp" +packet-generator new { + name fw_udp$i + rate 10 + node ip4-input + size 64-64 + no-recycle + interface loop0 + data { + UDP: ${ip_addr%/*} -> $SINK_IPADDR + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} +EOL + vppctl exec "/opt/pg_streams/stream_fw_udp" +done +vppctl packet-generator enable + +# Start HoneyComb +/opt/honeycomb/honeycomb diff --git a/kud/tests/cFW/postinstall.sh b/kud/tests/cFW/postinstall.sh deleted file mode 100755 index ec2cba49..00000000 --- a/kud/tests/cFW/postinstall.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2018 -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -set -o nounset -set -o pipefail -set -o xtrace - -# install_docker() - Download and install docker-engine -function install_docker { - local max_concurrent_downloads=${1:-3} - - if $(docker version &>/dev/null); then - return - fi - apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - apt-get update - apt-get install -y docker-ce - - mkdir -p /etc/systemd/system/docker.service.d - if [ $http_proxy ]; then - cat <<EOL > /etc/systemd/system/docker.service.d/http-proxy.conf -[Service] -Environment="HTTP_PROXY=$http_proxy" -EOL - fi - if [ $https_proxy ]; then - cat <<EOL > /etc/systemd/system/docker.service.d/https-proxy.conf -[Service] -Environment="HTTPS_PROXY=$https_proxy" -EOL - fi - if [ $no_proxy ]; then - cat <<EOL > /etc/systemd/system/docker.service.d/no-proxy.conf -[Service] -Environment="NO_PROXY=$no_proxy" -EOL - fi - systemctl daemon-reload - echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker - usermod -aG docker $USER - - systemctl restart docker - sleep 10 -} - -# install_docker_compose() - Installs docker compose python module -function install_docker_compose { - if ! which pip; then - curl -sL https://bootstrap.pypa.io/get-pip.py | python - fi - pip install --no-cache-dir --upgrade pip - pip install --no-cache-dir docker-compose -} - -echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf -sysctl -p - -install_docker -install_docker_compose - -cd /vagrant -# build vpp docker image -BUILD_ARGS="--no-cache" -if [ $HTTP_PROXY ]; then - BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}" -fi -if [ $HTTPS_PROXY ]; then - BUILD_ARGS+=" --build-arg HTTPS_PROXY=${HTTPS_PROXY}" -fi -pushd vpp -docker build ${BUILD_ARGS} -t electrocucaracha/vpp:latest . -popd - -docker-compose up -d diff --git a/kud/tests/cFW/sink/Dockerfile b/kud/tests/cFW/sink/Dockerfile index 5e3da088..3d934135 100644 --- a/kud/tests/cFW/sink/Dockerfile +++ b/kud/tests/cFW/sink/Dockerfile @@ -1,24 +1,14 @@ -FROM ubuntu:16.04 +FROM ubuntu:18.04 MAINTAINER Ritu Sood <ritu.sood@intel.com> -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} +COPY init.sh /opt/init.sh -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV PROTECTED_NET_GW "192.168.20.100" +ENV UNPROTECTED_NET "192.168.10.0/24" -ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV demo_artifacts_version "1.5.0" +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + iproute2 darkstat +EXPOSE 667 -RUN apt-get update && apt-get install -y -qq wget net-tools unzip - -WORKDIR /opt - -RUN wget "${repo_url}/vfw/vfw-scripts/${demo_artifacts_version}/vfw-scripts-${demo_artifacts_version}.zip" \ - && unzip "vfw-scripts-${demo_artifacts_version}.zip" \ - && chmod +x v_sink_init.sh - -COPY wrapper_v_sink_init.sh . -RUN chmod +x wrapper_v_sink_init.sh - -CMD ["./wrapper_v_sink_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/sink/init.sh b/kud/tests/cFW/sink/init.sh new file mode 100755 index 00000000..58c32bdc --- /dev/null +++ b/kud/tests/cFW/sink/init.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +ip route add $UNPROTECTED_NET via $PROTECTED_NET_GW +/usr/sbin/darkstat --no-daemon --verbose -i eth0 diff --git a/kud/tests/cFW/sink/wrapper_v_sink_init.sh b/kud/tests/cFW/sink/wrapper_v_sink_init.sh deleted file mode 100644 index e3a3e35e..00000000 --- a/kud/tests/cFW/sink/wrapper_v_sink_init.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -mkdir -p /opt/config/ -echo "$protected_net_gw" > /opt/config/protected_net_gw.txt -echo "$protected_private_net_cidr" > /opt/config/unprotected_net.txt - -# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100 -# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists -./v_sink_init.sh -sleep infinity diff --git a/kud/tests/cFW/vpp/80-vpp.conf b/kud/tests/cFW/vpp/80-vpp.conf deleted file mode 100644 index 8fdf184c..00000000 --- a/kud/tests/cFW/vpp/80-vpp.conf +++ /dev/null @@ -1,15 +0,0 @@ -# Number of 2MB hugepages desired -vm.nr_hugepages=1024 - -# Must be greater than or equal to (2 * vm.nr_hugepages). -vm.max_map_count=3096 - -# All groups allowed to access hugepages -vm.hugetlb_shm_group=0 - -# Shared Memory Max must be greator or equal to the total size of hugepages. -# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024 -# If the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax) -# is greater than the calculated TotalHugepageSize then set this parameter -# to current shmmax value. -kernel.shmmax=2147483648 diff --git a/kud/tests/cFW/vpp/Dockerfile b/kud/tests/cFW/vpp/Dockerfile index 63b08b01..a04e0236 100644 --- a/kud/tests/cFW/vpp/Dockerfile +++ b/kud/tests/cFW/vpp/Dockerfile @@ -1,17 +1,16 @@ -FROM ubuntu:16.04 +FROM ubuntu:18.04 MAINTAINER Victor Morales <electrocucaracha@gmail.com> -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} +ENV VERSION "19.01.2-release" -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY - -RUN apt-get update && apt-get install -y -qq apt-transport-https \ - && echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1609.ubuntu.xenial.main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list \ +RUN apt-get update \ + && apt-get install -y -qq --no-install-recommends curl ca-certificates gnupg2 \ + && echo "deb [trusted=yes] https://packagecloud.io/fdio/release/ubuntu bionic main" | tee /etc/apt/sources.list.d/99fd.io.list \ + && curl -L https://packagecloud.io/fdio/release/gpgkey | apt-key add - \ + && mkdir -p /var/log/vpp/ \ && apt-get update \ - && apt-get install -y -qq vpp vpp-lib vpp-plugins + && apt-get install -y -qq --no-install-recommends vpp=$VERSION vpp-lib=$VERSION vpp-plugins=$VERSION -COPY 80-vpp.conf /etc/sysctl.d/80-vpp.conf +COPY startup.conf /etc/vpp/startup.conf CMD ["/usr/bin/vpp", "-c", "/etc/vpp/startup.conf"] diff --git a/kud/tests/cFW/vpp/startup.conf b/kud/tests/cFW/vpp/startup.conf new file mode 100644 index 00000000..bdeb594c --- /dev/null +++ b/kud/tests/cFW/vpp/startup.conf @@ -0,0 +1,156 @@ + +unix { + log /var/log/vpp/vpp.log + full-coredump + cli-listen /run/vpp/cli.sock + gid vpp +} + +api-trace { +## This stanza controls binary API tracing. Unless there is a very strong reason, +## please leave this feature enabled. + on +## Additional parameters: +## +## To set the number of binary API trace records in the circular buffer, configure nitems +## +## nitems <nnn> +## +## To save the api message table decode tables, configure a filename. Results in /tmp/<filename> +## Very handy for understanding api message changes between versions, identifying missing +## plugins, and so forth. +## +## save-api-table <filename> +} + +api-segment { + gid vpp +} + +socksvr { + default +} + +cpu { + ## In the VPP there is one main thread and optionally the user can create worker(s) + ## The main thread and worker thread(s) can be pinned to CPU core(s) manually or automatically + + ## Manual pinning of thread(s) to CPU core(s) + + ## Set logical CPU core where main thread runs, if main core is not set + ## VPP will use core 1 if available + # main-core 1 + + ## Set logical CPU core(s) where worker threads are running + # corelist-workers 2-3,18-19 + + ## Automatic pinning of thread(s) to CPU core(s) + + ## Sets number of CPU core(s) to be skipped (1 ... N-1) + ## Skipped CPU core(s) are not used for pinning main thread and working thread(s). + ## The main thread is automatically pinned to the first available CPU core and worker(s) + ## are pinned to next free CPU core(s) after core assigned to main thread + # skip-cores 4 + + ## Specify a number of workers to be created + ## Workers are pinned to N consecutive CPU cores while skipping "skip-cores" CPU core(s) + ## and main thread's CPU core + # workers 2 + + ## Set scheduling policy and priority of main and worker threads + + ## Scheduling policy options are: other (SCHED_OTHER), batch (SCHED_BATCH) + ## idle (SCHED_IDLE), fifo (SCHED_FIFO), rr (SCHED_RR) + # scheduler-policy fifo + + ## Scheduling priority is used only for "real-time policies (fifo and rr), + ## and has to be in the range of priorities supported for a particular policy + # scheduler-priority 50 +} + +# dpdk { + ## Change default settings for all interfaces + # dev default { + ## Number of receive queues, enables RSS + ## Default is 1 + # num-rx-queues 3 + + ## Number of transmit queues, Default is equal + ## to number of worker threads or 1 if no workers treads + # num-tx-queues 3 + + ## Number of descriptors in transmit and receive rings + ## increasing or reducing number can impact performance + ## Default is 1024 for both rx and tx + # num-rx-desc 512 + # num-tx-desc 512 + + ## VLAN strip offload mode for interface + ## Default is off + # vlan-strip-offload on + # } + + ## Whitelist specific interface by specifying PCI address + # dev 0000:02:00.0 + + ## Blacklist specific device type by specifying PCI vendor:device + ## Whitelist entries take precedence + # blacklist 8086:10fb + + ## Set interface name + # dev 0000:02:00.1 { + # name eth0 + # } + + ## Whitelist specific interface by specifying PCI address and in + ## addition specify custom parameters for this interface + # dev 0000:02:00.1 { + # num-rx-queues 2 + # } + + ## Specify bonded interface and its slaves via PCI addresses + ## + ## Bonded interface in XOR load balance mode (mode 2) with L3 and L4 headers + # vdev eth_bond0,mode=2,slave=0000:02:00.0,slave=0000:03:00.0,xmit_policy=l34 + # vdev eth_bond1,mode=2,slave=0000:02:00.1,slave=0000:03:00.1,xmit_policy=l34 + ## + ## Bonded interface in Active-Back up mode (mode 1) + # vdev eth_bond0,mode=1,slave=0000:02:00.0,slave=0000:03:00.0 + # vdev eth_bond1,mode=1,slave=0000:02:00.1,slave=0000:03:00.1 + + ## Change UIO driver used by VPP, Options are: igb_uio, vfio-pci, + ## uio_pci_generic or auto (default) + # uio-driver vfio-pci + + ## Disable multi-segment buffers, improves performance but + ## disables Jumbo MTU support + # no-multi-seg + + ## Increase number of buffers allocated, needed only in scenarios with + ## large number of interfaces and worker threads. Value is per CPU socket. + ## Default is 16384 + # num-mbufs 128000 + + ## Change hugepages allocation per-socket, needed only if there is need for + ## larger number of mbufs. Default is 256M on each detected CPU socket + # socket-mem 2048,2048 + + ## Disables UDP / TCP TX checksum offload. Typically needed for use + ## faster vector PMDs (together with no-multi-seg) + # no-tx-checksum-offload +# } + + +# plugins { + ## Adjusting the plugin path depending on where the VPP plugins are + # path /ws/vpp/build-root/install-vpp-native/vpp/lib/vpp_plugins + + ## Disable all plugins by default and then selectively enable specific plugins + # plugin default { disable } + # plugin dpdk_plugin.so { enable } + # plugin acl_plugin.so { enable } + + ## Enable all plugins by default and then selectively disable specific plugins + # plugin dpdk_plugin.so { disable } + # plugin acl_plugin.so { disable } +# } |