4 files changed, 334 insertions, 17 deletions

diff --git a/vagrant/tests/_common.sh b/vagrant/tests/_common.sh
index 5635907c..21aad4d2 100755
--- a/vagrant/tests/_common.sh
+++ b/vagrant/tests/_common.sh
@@ -152,9 +152,6 @@ spec:
         imagePullPolicy: IfNotPresent
         tty: true
         stdin: true
-        resources:
-          limits:
-            memory: 160Mi
 DEPLOYMENT
 
     cat << DEPLOYMENT > $sink_deployment_name.yaml
@@ -185,17 +182,14 @@ spec:
         imagePullPolicy: IfNotPresent
         tty: true
         stdin: true
-        resources:
-          limits:
-            memory: 160Mi
 DEPLOYMENT
-
     popd
 }
 
-# popule_CSAR_vms_vFW() - This function creates the content of CSAR file
-# required for vFirewal using only virtual machines
-function popule_CSAR_vms_vFW {
+# popule_CSAR_vms_containers_vFW() - This function creates the content of CSAR file
+# required for vFirewal using an hybrid combination between virtual machines and
+# cotainers
+function popule_CSAR_vms_containers_vFW {
     local csar_id=$1
     ssh_key=$(cat $HOME/.ssh/id_rsa.pub)
 
@@ -226,8 +220,10 @@ metadata:
   labels:
     app: vFirewall
 spec:
+  type: NodePort
   ports:
   - port: 667
+    nodePort: 30667
   selector:
     app: vFirewall
 SERVICE
@@ -331,6 +327,8 @@ spec:
       labels:
         app: vFirewall
       annotations:
+        VirtletLibvirtCPUSetting: |
+          mode: host-model
         VirtletCloudInitUserData: |
           ssh_pwauth: True
           users:
@@ -350,6 +348,7 @@ spec:
             - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$packetgen_deployment_name | sudo -E bash
         VirtletSSHKeys: |
           $ssh_key
+        VirtletRootVolumeSize: 5Gi
         kubernetes.v1.cni.cncf.io/networks: '[
             { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
             { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
@@ -371,11 +370,273 @@ spec:
         imagePullPolicy: IfNotPresent
         tty: true
         stdin: true
+        ports:
+          - containerPort: 8183
         resources:
           limits:
-            memory: 256Mi
+            memory: 4Gi
+DEPLOYMENT
+
+    cat << DEPLOYMENT > $firewall_deployment_name.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: $firewall_deployment_name
+  labels:
+    app: vFirewall
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vFirewall
+  template:
+    metadata:
+      labels:
+        app: vFirewall
+      annotations:
+        VirtletLibvirtCPUSetting: |
+          mode: host-model
+        VirtletCloudInitUserData: |
+          ssh_pwauth: True
+          users:
+          - name: admin
+            gecos: User
+            primary-group: admin
+            groups: users
+            sudo: ALL=(ALL) NOPASSWD:ALL
+            lock_passwd: false
+            # the password is "admin"
+            passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+            ssh_authorized_keys:
+              $ssh_key
+          $proxy
+          runcmd:
+            $cloud_init_proxy
+            - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$firewall_deployment_name | sudo -E bash
+        VirtletSSHKeys: |
+          $ssh_key
+        VirtletRootVolumeSize: 5Gi
+        kubernetes.v1.cni.cncf.io/networks: '[
+            { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
+            { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" },
+            { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" }
+        ]'
+        kubernetes.io/target-runtime: virtlet.cloud
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: extraRuntime
+                operator: In
+                values:
+                - virtlet
+      containers:
+      - name: $firewall_deployment_name
+        image: $image_name
+        imagePullPolicy: IfNotPresent
+        tty: true
+        stdin: true
+        resources:
+          limits:
+            memory: 4Gi
+DEPLOYMENT
+
+    cat << DEPLOYMENT > $sink_deployment_name.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: $sink_deployment_name
+  labels:
+    app: vFirewall
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vFirewall
+  template:
+    metadata:
+      labels:
+        app: vFirewall
+      annotations:
+        kubernetes.v1.cni.cncf.io/networks: '[
+            { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" },
+            { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
+        ]'
+    spec:
+      containers:
+      - name: $sink_deployment_name
+        image: electrocucaracha/sink
+        imagePullPolicy: IfNotPresent
+        tty: true
+        stdin: true
+        securityContext:
+          privileged: true
+      - name: darkstat
+        image: electrocucaracha/darkstat
+        imagePullPolicy: IfNotPresent
+        tty: true
+        stdin: true
+        ports:
+          - containerPort: 667
+DEPLOYMENT
+    popd
+}
+
+# popule_CSAR_vms_vFW() - This function creates the content of CSAR file
+# required for vFirewal using only virtual machines
+function popule_CSAR_vms_vFW {
+    local csar_id=$1
+    ssh_key=$(cat $HOME/.ssh/id_rsa.pub)
+
+    _checks_args $csar_id
+    pushd ${CSAR_DIR}/${csar_id}
+
+    cat << META > metadata.yaml
+resources:
+  network:
+    - unprotected-private-net-cidr-network.yaml
+    - protected-private-net-cidr-network.yaml
+    - onap-private-net-cidr-network.yaml
+  deployment:
+    - $packetgen_deployment_name.yaml
+    - $firewall_deployment_name.yaml
+    - $sink_deployment_name.yaml
+META
+
+    cat << NET > unprotected-private-net-cidr-network.yaml
+apiVersion: "kubernetes.cni.cncf.io/v1"
+kind: Network
+metadata:
+  name: unprotected-private-net-cidr
+spec:
+  config: '{
+    "name": "unprotected",
+    "type": "bridge",
+    "ipam": {
+        "type": "host-local",
+        "subnet": "192.168.10.0/24"
+    }
+}'
+NET
+
+    cat << NET > protected-private-net-cidr-network.yaml
+apiVersion: "kubernetes.cni.cncf.io/v1"
+kind: Network
+metadata:
+  name: protected-private-net-cidr
+spec:
+  config: '{
+    "name": "protected",
+    "type": "bridge",
+    "ipam": {
+        "type": "host-local",
+        "subnet": "192.168.20.0/24"
+    }
+}'
+NET
+
+    cat << NET > onap-private-net-cidr-network.yaml
+apiVersion: "kubernetes.cni.cncf.io/v1"
+kind: Network
+metadata:
+  name: onap-private-net-cidr
+spec:
+  config: '{
+    "name": "onap",
+    "type": "bridge",
+    "ipam": {
+        "type": "host-local",
+        "subnet": "10.10.0.0/16"
+    }
+}'
+NET
+
+    proxy="apt:"
+    cloud_init_proxy=""
+    if [[ -n "${http_proxy+x}" ]]; then
+        proxy+="
+            http_proxy: $http_proxy"
+        cloud_init_proxy+="
+            - export http_proxy=$http_proxy"
+    fi
+    if [[ -n "${https_proxy+x}" ]]; then
+        proxy+="
+            https_proxy: $https_proxy"
+        cloud_init_proxy+="
+            - export https_proxy=$https_proxy"
+    fi
+    if [[ -n "${no_proxy+x}" ]]; then
+        cloud_init_proxy+="
+            - export no_proxy=$no_proxy"
+    fi
+
+    cat << DEPLOYMENT > $packetgen_deployment_name.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: $packetgen_deployment_name
+  labels:
+    app: vFirewall
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vFirewall
+  template:
+    metadata:
+      labels:
+        app: vFirewall
+      annotations:
+        VirtletLibvirtCPUSetting: |
+          mode: host-model
+        VirtletCloudInitUserData: |
+          ssh_pwauth: True
+          users:
+          - name: admin
+            gecos: User
+            primary-group: admin
+            groups: users
+            sudo: ALL=(ALL) NOPASSWD:ALL
+            lock_passwd: false
+            # the password is "admin"
+            passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+            ssh_authorized_keys:
+              $ssh_key
+          $proxy
+          runcmd:
+          $cloud_init_proxy
+            - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$packetgen_deployment_name | sudo -E bash
+        VirtletSSHKeys: |
+          $ssh_key
+        VirtletRootVolumeSize: 5Gi
+        kubernetes.v1.cni.cncf.io/networks: '[
+            { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
+            { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
+        ]'
+        kubernetes.io/target-runtime: virtlet.cloud
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: extraRuntime
+                operator: In
+                values:
+                - virtlet
+      containers:
+      - name: $packetgen_deployment_name
+        image: $image_name
+        imagePullPolicy: IfNotPresent
+        tty: true
+        stdin: true
         ports:
           - containerPort: 8183
+        resources:
+          limits:
+            memory: 4Gi
 DEPLOYMENT
 
     cat << DEPLOYMENT > $firewall_deployment_name.yaml
@@ -395,6 +656,8 @@ spec:
       labels:
         app: vFirewall
       annotations:
+        VirtletLibvirtCPUSetting: |
+          mode: host-model
         VirtletCloudInitUserData: |
           ssh_pwauth: True
           users:
@@ -412,6 +675,9 @@ spec:
           runcmd:
             $cloud_init_proxy
             - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$firewall_deployment_name | sudo -E bash
+        VirtletSSHKeys: |
+          $ssh_key
+        VirtletRootVolumeSize: 5Gi
         kubernetes.v1.cni.cncf.io/networks: '[
             { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
             { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" },
@@ -436,7 +702,7 @@ spec:
         stdin: true
         resources:
           limits:
-            memory: 160Mi
+            memory: 4Gi
 DEPLOYMENT
 
     cat << DEPLOYMENT > $sink_deployment_name.yaml
@@ -456,6 +722,8 @@ spec:
       labels:
         app: vFirewall
       annotations:
+        VirtletLibvirtCPUSetting: |
+          mode: host-model
         VirtletCloudInitUserData: |
           ssh_pwauth: True
           users:
@@ -475,6 +743,7 @@ spec:
             - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$sink_deployment_name | sudo -E bash
         VirtletSSHKeys: |
           $ssh_key
+        VirtletRootVolumeSize: 5Gi
         kubernetes.v1.cni.cncf.io/networks: '[
             { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" },
             { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
@@ -496,11 +765,11 @@ spec:
         imagePullPolicy: IfNotPresent
         tty: true
         stdin: true
-        resources:
-          limits:
-            memory: 160Mi
         ports:
           - containerPort: 667
+        resources:
+          limits:
+            memory: 4Gi
 DEPLOYMENT
     popd
 }
@@ -600,6 +869,8 @@ spec:
       labels:
         app: virtlet
       annotations:
+        VirtletLibvirtCPUSetting: |
+          mode: host-passthrough
         # This tells CRI Proxy that this pod belongs to Virtlet runtime
         kubernetes.io/target-runtime: virtlet.cloud
         VirtletCloudInitUserData: |
diff --git a/vagrant/tests/_functions.sh b/vagrant/tests/_functions.sh
index 50473476..515bc6ec 100755
--- a/vagrant/tests/_functions.sh
+++ b/vagrant/tests/_functions.sh
@@ -29,6 +29,7 @@ function _checks_args {
 function destroy_deployment {
     local deployment_name=$1
 
+    echo "$(date +%H:%M:%S) - $deployment_name : Destroying deployment"
     kubectl delete deployment $deployment_name --ignore-not-found=true --now
     while kubectl get deployment $deployment_name &>/dev/null; do
         echo "$(date +%H:%M:%S) - $deployment_name : Destroying deployment"
diff --git a/vagrant/tests/integration_vFW.sh b/vagrant/tests/integration_vFW.sh
index df27065a..237593f2 100755
--- a/vagrant/tests/integration_vFW.sh
+++ b/vagrant/tests/integration_vFW.sh
@@ -24,11 +24,10 @@ fi
 popule_CSAR_vms_vFW $csar_id
 
 pushd ${CSAR_DIR}/${csar_id}
-for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network sink-service sink-ingress; do
+for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network; do
     kubectl apply -f $resource.yaml
 done
 setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name
-#kubectl port-forward deployment/$sink_deployment_name 667:667
 
 # Test
 for deployment_name in $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name; do
diff --git a/vagrant/tests/integration_vcFW.sh b/vagrant/tests/integration_vcFW.sh
new file mode 100755
index 00000000..82159b90
--- /dev/null
+++ b/vagrant/tests/integration_vcFW.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+source _common.sh
+source _functions.sh
+
+csar_id=aa443e7e-c8ba-11e8-8877-525400b164ff
+
+# Setup
+if [[ ! -f $HOME/.ssh/id_rsa.pub ]]; then
+    echo -e "\n\n\n" | ssh-keygen -t rsa -N ""
+fi
+popule_CSAR_vms_containers_vFW $csar_id
+
+pushd ${CSAR_DIR}/${csar_id}
+for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network sink-service sink-ingress; do
+    kubectl apply -f $resource.yaml
+done
+setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name
+#kubectl port-forward deployment/$sink_deployment_name 667:667
+
+# Test
+for deployment_name in $packetgen_deployment_name $firewall_deployment_name; do
+    pod_name=$(kubectl get pods | grep  $deployment_name | awk '{print $1}')
+    vm=$(kubectl plugin virt virsh list | grep ".*$deployment_name"  | awk '{print $2}')
+    echo "Pod name: $pod_name Virsh domain: $vm"
+    echo "ssh -i ~/.ssh/id_rsa.pub admin@$(kubectl get pods $pod_name -o jsonpath="{.status.podIP}")"
+    echo "kubectl attach -it $pod_name"
+    echo "=== Virtlet details ===="
+    echo "$(kubectl plugin virt virsh dumpxml $vm | grep VIRTLET_)\n"
+done
+popd
+
+# Teardown
+#teardown $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name