diff options
| -rw-r--r-- | deployments/Dockerfile | 2 | ||||
| -rwxr-xr-x | vagrant/installer.sh | 2 | ||||
| -rw-r--r-- | vagrant/inventory/group_vars/k8s-cluster.yml | 13 | ||||
| -rwxr-xr-x | vagrant/setup.sh | 14 | ||||
| -rw-r--r-- | vagrant/tests/cFW/README.md | 10 | ||||
| -rw-r--r-- | vagrant/tests/cFW/Vagrantfile | 33 | ||||
| -rw-r--r-- | vagrant/tests/cFW/darkstat/Dockerfile | 14 | ||||
| -rw-r--r-- | vagrant/tests/cFW/docker-compose.yml | 38 | ||||
| -rw-r--r-- | vagrant/tests/cFW/firewall/Dockerfile | 49 | ||||
| -rw-r--r-- | vagrant/tests/cFW/packetgen/Dockerfile | 44 | ||||
| -rwxr-xr-x | vagrant/tests/cFW/postinstall.sh | 83 | ||||
| -rw-r--r-- | vagrant/tests/cFW/sink/Dockerfile | 34 | ||||
| -rw-r--r-- | vagrant/tests/cFW/vpp/80-vpp.conf | 15 | ||||
| -rw-r--r-- | vagrant/tests/cFW/vpp/Dockerfile | 17 |
14 files changed, 347 insertions, 21 deletions
diff --git a/deployments/Dockerfile b/deployments/Dockerfile index d22aeb11..961f6766 100644 --- a/deployments/Dockerfile +++ b/deployments/Dockerfile @@ -7,7 +7,7 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## -FROM ubuntu:16.04 +FROM ubuntu:18.04 ARG HTTP_PROXY=${HTTP_PROXY} ARG HTTPS_PROXY=${HTTPS_PROXY} diff --git a/vagrant/installer.sh b/vagrant/installer.sh index cf1eb357..6f0c3052 100755 --- a/vagrant/installer.sh +++ b/vagrant/installer.sh @@ -55,7 +55,7 @@ function _install_docker { if $(docker version &>/dev/null); then return fi - sudo apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl + sudo apt-get install -y apt-transport-https ca-certificates curl curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" sudo apt-get update diff --git a/vagrant/inventory/group_vars/k8s-cluster.yml b/vagrant/inventory/group_vars/k8s-cluster.yml index 4de3a276..8f719a43 100644 --- a/vagrant/inventory/group_vars/k8s-cluster.yml +++ b/vagrant/inventory/group_vars/k8s-cluster.yml @@ -7,12 +7,6 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## -## For some things, kubelet needs to load kernel modules. For example, dynamic kernel services are needed -## for mounting persistent volumes into containers. These may not be loaded by preinstall kubernetes -## processes. For example, ceph and rbd backed volumes. Set to true to allow kubelet to load kernel -## modules. -kubelet_load_modules: true - # Kubernetes configuration dirs and system namespace. # Those are where all the additional config stuff goes # kubernetes normally puts in /srv/kubernetes. @@ -44,17 +38,12 @@ kube_token_auth: true # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing kube_network_plugin: flannel -# Settings for containerized control plane -kubelet_deployment_type: host - -# NGINX Ingress Controller -ingress_nginx_enabled: true - # Make a copy of kubeconfig on the host that runs Ansible in GITDIR/artifacts kubeconfig_localhost: true # Enable MountPropagation gate feature local_volumes_enabled: true +local_volume_provisioner_enabled: true ## Change this to use another Kubernetes version, e.g. a current beta release kube_version: v1.12.3 diff --git a/vagrant/setup.sh b/vagrant/setup.sh index 0fb1b0d6..9c65ccdb 100755 --- a/vagrant/setup.sh +++ b/vagrant/setup.sh @@ -11,8 +11,8 @@ set -o nounset set -o pipefail -vagrant_version=2.2.3 -if ! $(vagrant version &>/dev/null); then +vagrant_version=2.2.4 +if ! vagrant version &>/dev/null; then enable_vagrant_install=true else if [[ "$vagrant_version" != "$(vagrant version | awk 'NR==1{print $3}')" ]]; then @@ -78,7 +78,7 @@ case ${ID,,} in case $VAGRANT_DEFAULT_PROVIDER in virtualbox) - wget -q http://download.virtualbox.org/virtualbox/rpm/opensuse/$VERSION/virtualbox.repo -P /etc/zypp/repos.d/ + wget -q "http://download.virtualbox.org/virtualbox/rpm/opensuse/$VERSION/virtualbox.repo" -P /etc/zypp/repos.d/ $INSTALLER_CMD --enablerepo=epel dkms wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | rpm --import - packages+=(VirtualBox-5.1) @@ -124,7 +124,7 @@ case ${ID,,} in rhel|centos|fedora) PKG_MANAGER=$(which dnf || which yum) - sudo $PKG_MANAGER updateinfo + sudo "$PKG_MANAGER" updateinfo INSTALLER_CMD="sudo -H -E ${PKG_MANAGER} -q -y install" packages+=(python-devel) @@ -174,7 +174,7 @@ else fi sudo modprobe vhost_net -${INSTALLER_CMD} ${packages[@]} +${INSTALLER_CMD} "${packages[@]}" if ! which pip; then curl -sL https://bootstrap.pypa.io/get-pip.py | sudo python else @@ -184,9 +184,9 @@ sudo -H -E pip install tox if [[ ${http_proxy+x} ]]; then vagrant plugin install vagrant-proxyconf fi -if [ $VAGRANT_DEFAULT_PROVIDER == libvirt ]; then +if [ "$VAGRANT_DEFAULT_PROVIDER" == libvirt ]; then vagrant plugin install vagrant-libvirt - sudo usermod -a -G $libvirt_group $USER # This might require to reload user's group assigments + sudo usermod -a -G $libvirt_group "$USER" # This might require to reload user's group assigments sudo systemctl restart libvirtd # Start statd service to prevent NFS lock errors diff --git a/vagrant/tests/cFW/README.md b/vagrant/tests/cFW/README.md new file mode 100644 index 00000000..c6ac9e20 --- /dev/null +++ b/vagrant/tests/cFW/README.md @@ -0,0 +1,10 @@ +# Cloud-Native Firewall Virtual Network Function + +[CNF][1] version of the ONAP vFirewall use case. + +## License + +Apache-2.0 + +[1]: https://github.com/ligato/cn-infra/blob/master/docs/readmes/cn_virtual_function.md +[2]: https://github.com/electrocucaracha/vFW-demo diff --git a/vagrant/tests/cFW/Vagrantfile b/vagrant/tests/cFW/Vagrantfile new file mode 100644 index 00000000..d02e7d01 --- /dev/null +++ b/vagrant/tests/cFW/Vagrantfile @@ -0,0 +1,33 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + config.vm.box = "elastic/ubuntu-16.04-x86_64" + config.vm.hostname = "demo" + config.vm.provision 'shell', path: 'postinstall.sh' + config.vm.network :private_network, :ip => "192.168.10.5", :type => :static # unprotected_private_net_cidr + config.vm.network :private_network, :ip => "192.168.20.5", :type => :static # protected_private_net_cidr + config.vm.network :private_network, :ip => "10.10.12.5", :type => :static, :netmask => "16" # onap_private_net_cidr + + if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil + if not Vagrant.has_plugin?('vagrant-proxyconf') + system 'vagrant plugin install vagrant-proxyconf' + raise 'vagrant-proxyconf was installed but it requires to execute again' + end + config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || "" + config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || "" + config.proxy.no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost" + config.proxy.enabled = { docker: false } + end + + config.vm.provider 'virtualbox' do |v| + v.customize ["modifyvm", :id, "--memory", 8192] + v.customize ["modifyvm", :id, "--cpus", 2] + end + config.vm.provider 'libvirt' do |v| + v.memory = 8192 + v.cpus = 2 + v.nested = true + v.cpu_mode = 'host-passthrough' + end +end diff --git a/vagrant/tests/cFW/darkstat/Dockerfile b/vagrant/tests/cFW/darkstat/Dockerfile new file mode 100644 index 00000000..d3a46b9c --- /dev/null +++ b/vagrant/tests/cFW/darkstat/Dockerfile @@ -0,0 +1,14 @@ +FROM ubuntu:16.04 +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY + +RUN apt-get update && apt-get install -y -qq darkstat + +EXPOSE 667 + +CMD ["/usr/sbin/darkstat", "-i", "eth1", "--no-daemon"] diff --git a/vagrant/tests/cFW/docker-compose.yml b/vagrant/tests/cFW/docker-compose.yml new file mode 100644 index 00000000..6d883fbd --- /dev/null +++ b/vagrant/tests/cFW/docker-compose.yml @@ -0,0 +1,38 @@ +version: '3' + +services: + packetgen: + privileged: true + network_mode: "host" + image: electrocucaracha/packetgen + build: + context: ./packetgen + args: + HTTP_PROXY: $HTTP_PROXY + HTTPS_PROXY: $HTTPS_PROXY + firewall: + privileged: true + network_mode: "host" + image: electrocucaracha/firewall + build: + context: ./firewall + args: + HTTP_PROXY: $HTTP_PROXY + HTTPS_PROXY: $HTTPS_PROXY + sink: + privileged: true + network_mode: "host" + image: electrocucaracha/sink + build: + context: ./sink + args: + HTTP_PROXY: $HTTP_PROXY + HTTPS_PROXY: $HTTPS_PROXY + darkstat: + network_mode: "host" + image: electrocucaracha/darkstat + build: + context: ./darkstat + args: + HTTP_PROXY: $HTTP_PROXY + HTTPS_PROXY: $HTTPS_PROXY diff --git a/vagrant/tests/cFW/firewall/Dockerfile b/vagrant/tests/cFW/firewall/Dockerfile new file mode 100644 index 00000000..7d3e6ede --- /dev/null +++ b/vagrant/tests/cFW/firewall/Dockerfile @@ -0,0 +1,49 @@ +FROM electrocucaracha/vpp +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY +ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" + +ENV protected_net_cidr "192.168.20.0/24" +ENV fw_ipaddr "192.168.10.100" +ENV sink_ipaddr "192.168.20.250" +ENV demo_artifacts_version "1.3.0" + +RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ + bsdmainutils make gcc libcurl4-gnutls-dev + +WORKDIR /opt + +RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \ + && chmod +x v_firewall_init.sh \ + && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh + +RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ + && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ + && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ + && mv sample-distribution-${demo_artifacts_version} honeycomb \ + && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + +RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \ + && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \ + && rm ves-${demo_artifacts_version}-demo.tar.gz \ + && mv ves-${demo_artifacts_version} VES + +RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz" \ + && tar -zmxf ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ + && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ + && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \ + && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \ + && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd - + +RUN mkdir -p /opt/config/ \ + && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ + && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ + && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ + && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt + +CMD ["./v_firewall_init.sh"] diff --git a/vagrant/tests/cFW/packetgen/Dockerfile b/vagrant/tests/cFW/packetgen/Dockerfile new file mode 100644 index 00000000..cb1da555 --- /dev/null +++ b/vagrant/tests/cFW/packetgen/Dockerfile @@ -0,0 +1,44 @@ +FROM electrocucaracha/vpp +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY +ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" + +ENV protected_net_cidr "192.168.20.0/24" +ENV fw_ipaddr "192.168.10.100" +ENV sink_ipaddr "192.168.20.250" +ENV demo_artifacts_version "1.3.0" + +RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ + bsdmainutils + +WORKDIR /opt +EXPOSE 8183 + +RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_packetgen_init.sh" \ + && wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/run_traffic_fw_demo.sh" \ + && chmod +x *.sh \ + && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g;s|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh + +RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ + && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ + && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ + && mv sample-distribution-${demo_artifacts_version} honeycomb \ + && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + +RUN wget "${repo_url}/vfw/vfw_pg_streams/${demo_artifacts_version}/vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz" \ + && tar -zmxf vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \ + && rm vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \ + && mv vfw_pg_streams-${demo_artifacts_version} pg_streams + +RUN mkdir -p /opt/config/ \ + && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ + && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ + && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ + && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt + +CMD ["./v_packetgen_init.sh"] diff --git a/vagrant/tests/cFW/postinstall.sh b/vagrant/tests/cFW/postinstall.sh new file mode 100755 index 00000000..5a1d5043 --- /dev/null +++ b/vagrant/tests/cFW/postinstall.sh @@ -0,0 +1,83 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o nounset +set -o pipefail +set -o xtrace + +# install_docker() - Download and install docker-engine +function install_docker { + local max_concurrent_downloads=${1:-3} + + if $(docker version &>/dev/null); then + return + fi + apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + apt-get update + apt-get install -y docker-ce + + mkdir -p /etc/systemd/system/docker.service.d + if [ $http_proxy ]; then + cat <<EOL > /etc/systemd/system/docker.service.d/http-proxy.conf +[Service] +Environment="HTTP_PROXY=$http_proxy" +EOL + fi + if [ $https_proxy ]; then + cat <<EOL > /etc/systemd/system/docker.service.d/https-proxy.conf +[Service] +Environment="HTTPS_PROXY=$https_proxy" +EOL + fi + if [ $no_proxy ]; then + cat <<EOL > /etc/systemd/system/docker.service.d/no-proxy.conf +[Service] +Environment="NO_PROXY=$no_proxy" +EOL + fi + systemctl daemon-reload + echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker + usermod -aG docker $USER + + systemctl restart docker + sleep 10 +} + +# install_docker_compose() - Installs docker compose python module +function install_docker_compose { + if ! which pip; then + curl -sL https://bootstrap.pypa.io/get-pip.py | python + fi + pip install --upgrade pip + pip install docker-compose +} + +echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf +sysctl -p + +install_docker +install_docker_compose + +cd /vagrant +# build vpp docker image +BUILD_ARGS="--no-cache" +if [ $HTTP_PROXY ]; then + BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}" +fi +if [ $HTTPS_PROXY ]; then + BUILD_ARGS+=" --build-arg HTTPS_PROXY=${HTTPS_PROXY}" +fi +pushd vpp +docker build ${BUILD_ARGS} -t electrocucaracha/vpp:latest . +popd + +docker-compose up -d diff --git a/vagrant/tests/cFW/sink/Dockerfile b/vagrant/tests/cFW/sink/Dockerfile new file mode 100644 index 00000000..6b43ba61 --- /dev/null +++ b/vagrant/tests/cFW/sink/Dockerfile @@ -0,0 +1,34 @@ +FROM ubuntu:16.04 +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY + +ENV protected_net_cidr "192.168.20.0/24" +ENV fw_ipaddr "192.168.10.100" +ENV sink_ipaddr "192.168.20.250" +ENV demo_artifacts_version "1.3.0" +ENV protected_net_gw "192.168.20.100" +ENV unprotected_net "192.168.10.0/24" + +RUN apt-get update && apt-get install -y -qq wget net-tools + +WORKDIR /opt + +RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_sink_init.sh" \ + && chmod +x v_sink_init.sh + +RUN mkdir -p config/ \ + && echo $protected_net_cidr > config/protected_net_cidr.txt \ + && echo $fw_ipaddr > config/fw_ipaddr.txt \ + && echo $sink_ipaddr > config/sink_ipaddr.txt \ + && echo $demo_artifacts_version > config/demo_artifacts_version.txt \ + && echo $protected_net_gw > config/protected_net_gw.txt \ + && echo $unprotected_net > config/unprotected_net.txt + +# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100 +# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists +CMD ["./v_sink_init.sh"] diff --git a/vagrant/tests/cFW/vpp/80-vpp.conf b/vagrant/tests/cFW/vpp/80-vpp.conf new file mode 100644 index 00000000..8fdf184c --- /dev/null +++ b/vagrant/tests/cFW/vpp/80-vpp.conf @@ -0,0 +1,15 @@ +# Number of 2MB hugepages desired +vm.nr_hugepages=1024 + +# Must be greater than or equal to (2 * vm.nr_hugepages). +vm.max_map_count=3096 + +# All groups allowed to access hugepages +vm.hugetlb_shm_group=0 + +# Shared Memory Max must be greator or equal to the total size of hugepages. +# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024 +# If the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax) +# is greater than the calculated TotalHugepageSize then set this parameter +# to current shmmax value. +kernel.shmmax=2147483648 diff --git a/vagrant/tests/cFW/vpp/Dockerfile b/vagrant/tests/cFW/vpp/Dockerfile new file mode 100644 index 00000000..63b08b01 --- /dev/null +++ b/vagrant/tests/cFW/vpp/Dockerfile @@ -0,0 +1,17 @@ +FROM ubuntu:16.04 +MAINTAINER Victor Morales <electrocucaracha@gmail.com> + +ARG HTTP_PROXY=${HTTP_PROXY} +ARG HTTPS_PROXY=${HTTPS_PROXY} + +ENV http_proxy $HTTP_PROXY +ENV https_proxy $HTTPS_PROXY + +RUN apt-get update && apt-get install -y -qq apt-transport-https \ + && echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1609.ubuntu.xenial.main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list \ + && apt-get update \ + && apt-get install -y -qq vpp vpp-lib vpp-plugins + +COPY 80-vpp.conf /etc/sysctl.d/80-vpp.conf + +CMD ["/usr/bin/vpp", "-c", "/etc/vpp/startup.conf"] |