diff options
| -rwxr-xr-x | vagrant/tests/_common.sh | 187 | ||||
| -rwxr-xr-x | vagrant/tests/integration_cFW.sh | 4 | ||||
| -rwxr-xr-x | vagrant/tests/integration_vFW.sh | 2 | ||||
| -rwxr-xr-x | vagrant/tests/integration_vcFW.sh | 4 |
4 files changed, 113 insertions, 84 deletions
diff --git a/vagrant/tests/_common.sh b/vagrant/tests/_common.sh index ac226da0..e5134fd6 100755 --- a/vagrant/tests/_common.sh +++ b/vagrant/tests/_common.sh @@ -21,6 +21,25 @@ virtlet_image=virtlet.cloud/fedora virtlet_deployment_name=virtlet-deployment plugin_deployment_name=plugin-deployment plugin_service_name=plugin-service +onap_private_net=onap-private-net +unprotected_private_net=unprotected-private-net +protected_private_net=protected-private-net + +# vFirewall vars +demo_artifacts_version=1.3.0 +vfw_private_ip_0='192.168.10.3' +vfw_private_ip_1='192.168.20.2' +vfw_private_ip_2='10.10.100.3' +vpg_private_ip_0='192.168.10.2' +vpg_private_ip_1='10.0.100.2' +vsn_private_ip_0='192.168.20.3' +vsn_private_ip_1='10.10.100.4' +dcae_collector_ip='10.0.4.1' +dcae_collector_port='8081' +protected_net_gw='192.168.20.100' +protected_net_cidr='192.168.20.0/24' +protected_private_net_cidr='192.168.10.0/24' +onap_private_net_cidr='10.10.0.0/16' # populate_CSAR_containers_vFW() - This function creates the content of CSAR file # required for vFirewal using only containers @@ -33,59 +52,59 @@ function populate_CSAR_containers_vFW { cat << META > metadata.yaml resources: network: - - unprotected-private-net-cidr-network.yaml - - protected-private-net-cidr-network.yaml - - onap-private-net-cidr-network.yaml + - $unprotected_private_net.yaml + - $protected_private_net.yaml + - $onap_private_net.yaml deployment: - $packetgen_deployment_name.yaml - $firewall_deployment_name.yaml - $sink_deployment_name.yaml META - cat << NET > unprotected-private-net-cidr-network.yaml + cat << NET > $unprotected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: unprotected-private-net-cidr + name: $unprotected_private_net spec: config: '{ "name": "unprotected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.10.0/24" + "subnet": "$protected_private_net_cidr" } }' NET - cat << NET > protected-private-net-cidr-network.yaml + cat << NET > $protected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: protected-private-net-cidr + name: $protected_private_net spec: config: '{ "name": "protected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.20.0/24" + "subnet": "$protected_net_cidr" } }' NET - cat << NET > onap-private-net-cidr-network.yaml + cat << NET > $onap_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: onap-private-net-cidr + name: $onap_private_net spec: config: '{ "name": "onap", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "10.10.0.0/16" + "subnet": "$onap_private_net_cidr" } }' NET @@ -108,8 +127,8 @@ spec: app: vFirewall annotations: k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' spec: containers: @@ -141,9 +160,9 @@ spec: app: vFirewall annotations: k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$protected_private_net", "interfaceRequest": "eth2" }, + { "name": "$onap_private_net", "interfaceRequest": "eth3" } ]' spec: containers: @@ -166,14 +185,16 @@ spec: selector: matchLabels: app: vFirewall + context: darkstat template: metadata: labels: app: vFirewall + context: darkstat annotations: k8s.v1.cni.cncf.io/networks: '[ - { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$protected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' spec: containers: @@ -182,6 +203,15 @@ spec: imagePullPolicy: IfNotPresent tty: true stdin: true + securityContext: + privileged: true + - name: darkstat + image: electrocucaracha/darkstat + imagePullPolicy: IfNotPresent + tty: true + stdin: true + ports: + - containerPort: 667 DEPLOYMENT popd } @@ -199,17 +229,15 @@ function populate_CSAR_vms_containers_vFW { cat << META > metadata.yaml resources: network: - - unprotected-private-net-cidr-network.yaml - - protected-private-net-cidr-network.yaml - - onap-private-net-cidr-network.yaml + - $unprotected_private_net.yaml + - $protected_private_net.yaml + - $onap_private_net.yaml deployment: - $packetgen_deployment_name.yaml - $firewall_deployment_name.yaml - $sink_deployment_name.yaml service: - sink-service.yaml - ingress: - - sink-ingress.yaml META cat << SERVICE > sink-service.yaml @@ -217,8 +245,6 @@ apiVersion: v1 kind: Service metadata: name: sink-service - labels: - app: vFirewall spec: type: NodePort ports: @@ -229,71 +255,65 @@ spec: context: darkstat SERVICE - cat << INGRESS > sink-ingress.yaml -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: sink-ingress -spec: - rules: - - host: sink.vfirewall.demo.com - http: - paths: - - backend: - serviceName: sink-service - servicePort: 667 -INGRESS - - cat << NET > unprotected-private-net-cidr-network.yaml + cat << NET > $unprotected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: unprotected-private-net-cidr + name: $unprotected_private_net spec: config: '{ "name": "unprotected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.10.0/24" + "subnet": "$protected_private_net_cidr" } }' NET - cat << NET > protected-private-net-cidr-network.yaml + cat << NET > $protected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: protected-private-net-cidr + name: $protected_private_net spec: config: '{ "name": "protected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.20.0/24" + "subnet": "$protected_net_cidr" } }' NET - cat << NET > onap-private-net-cidr-network.yaml + cat << NET > $onap_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: onap-private-net-cidr + name: $onap_private_net spec: config: '{ "name": "onap", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "10.10.0.0/16" + "subnet": "$onap_private_net_cidr" } }' NET proxy="apt:" - cloud_init_proxy="" + cloud_init_proxy=" + - export demo_artifacts_version=$demo_artifacts_version + - export vfw_private_ip_0=$vfw_private_ip_0 + - export vsn_private_ip_0=$vsn_private_ip_0 + - export protected_net_cidr=$protected_net_cidr + - export dcae_collector_ip=$dcae_collector_ip + - export dcae_collector_port=$dcae_collector_port + - export protected_net_gw=$protected_net_gw + - export protected_private_net_cidr=$protected_private_net_cidr +" if [[ -n "${http_proxy+x}" ]]; then proxy+=" http_proxy: $http_proxy" @@ -351,8 +371,8 @@ spec: $ssh_key VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -418,9 +438,9 @@ spec: $ssh_key VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$protected_private_net", "interfaceRequest": "eth2" }, + { "name": "$onap_private_net", "interfaceRequest": "eth3" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -464,8 +484,8 @@ spec: context: darkstat annotations: k8s.v1.cni.cncf.io/networks: '[ - { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$protected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' spec: containers: @@ -499,65 +519,74 @@ function populate_CSAR_vms_vFW { cat << META > metadata.yaml resources: network: - - unprotected-private-net-cidr-network.yaml - - protected-private-net-cidr-network.yaml - - onap-private-net-cidr-network.yaml + - $unprotected_private_net.yaml + - $protected_private_net.yaml + - $onap_private_net.yaml deployment: - $packetgen_deployment_name.yaml - $firewall_deployment_name.yaml - $sink_deployment_name.yaml META - cat << NET > unprotected-private-net-cidr-network.yaml + cat << NET > $unprotected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: unprotected-private-net-cidr + name: $unprotected_private_net spec: config: '{ "name": "unprotected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.10.0/24" + "subnet": "$protected_private_net_cidr" } }' NET - cat << NET > protected-private-net-cidr-network.yaml + cat << NET > $protected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: protected-private-net-cidr + name: $protected_private_net spec: config: '{ "name": "protected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.20.0/24" + "subnet": "$protected_net_cidr" } }' NET - cat << NET > onap-private-net-cidr-network.yaml + cat << NET > $onap_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: onap-private-net-cidr + name: $onap_private_net spec: config: '{ "name": "onap", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "10.10.0.0/16" + "subnet": "$onap_private_net_cidr" } }' NET proxy="apt:" - cloud_init_proxy="" + cloud_init_proxy=" + - export demo_artifacts_version=$demo_artifacts_version + - export vfw_private_ip_0=$vfw_private_ip_0 + - export vsn_private_ip_0=$vsn_private_ip_0 + - export protected_net_cidr=$protected_net_cidr + - export dcae_collector_ip=$dcae_collector_ip + - export dcae_collector_port=$dcae_collector_port + - export protected_net_gw=$protected_net_gw + - export protected_private_net_cidr=$protected_private_net_cidr +" if [[ -n "${http_proxy+x}" ]]; then proxy+=" http_proxy: $http_proxy" @@ -615,8 +644,8 @@ spec: $ssh_key VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -682,9 +711,9 @@ spec: $ssh_key VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$protected_private_net", "interfaceRequest": "eth2" }, + { "name": "$onap_private_net", "interfaceRequest": "eth3" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -748,8 +777,8 @@ spec: $ssh_key VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[ - { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$protected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -805,7 +834,7 @@ spec: "type": "bridge", "ipam": { "type": "host-local", - "subnet": "10.10.0.0/16" + "subnet": "$onap_private_net_cidr" } }' NET diff --git a/vagrant/tests/integration_cFW.sh b/vagrant/tests/integration_cFW.sh index 0077c73d..92c280b9 100755 --- a/vagrant/tests/integration_cFW.sh +++ b/vagrant/tests/integration_cFW.sh @@ -21,8 +21,8 @@ csar_id=4f726e2a-b74a-11e8-ad7c-525400feed2 populate_CSAR_containers_vFW $csar_id pushd ${CSAR_DIR}/${csar_id} -for network in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network; do - kubectl apply -f $network.yaml +for resource in $unprotected_private_net $protected_private_net $onap_private_net; do + kubectl apply -f $resource.yaml done setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name diff --git a/vagrant/tests/integration_vFW.sh b/vagrant/tests/integration_vFW.sh index e0f7075e..962f9f75 100755 --- a/vagrant/tests/integration_vFW.sh +++ b/vagrant/tests/integration_vFW.sh @@ -24,7 +24,7 @@ fi populate_CSAR_vms_vFW $csar_id pushd ${CSAR_DIR}/${csar_id} -for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network; do +for resource in $unprotected_private_net $protected_private_net $onap_private_net; do kubectl apply -f $resource.yaml done setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name diff --git a/vagrant/tests/integration_vcFW.sh b/vagrant/tests/integration_vcFW.sh index 4fadfa23..93e75961 100755 --- a/vagrant/tests/integration_vcFW.sh +++ b/vagrant/tests/integration_vcFW.sh @@ -24,7 +24,7 @@ fi populate_CSAR_vms_containers_vFW $csar_id pushd ${CSAR_DIR}/${csar_id} -for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network sink-service sink-ingress; do +for resource in $unprotected_private_net $protected_private_net $onap_private_net sink-service; do kubectl apply -f $resource.yaml done setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name @@ -40,7 +40,7 @@ for deployment_name in $packetgen_deployment_name $firewall_deployment_name; do echo "=== Virtlet details ====" echo "$(kubectl plugin virt virsh dumpxml $vm | grep VIRTLET_)\n" done -popd # Teardown #teardown $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name +popd |