diff options
Diffstat (limited to 'kud/tests/cFW/firewall')
-rw-r--r-- | kud/tests/cFW/firewall/Dockerfile | 48 | ||||
-rwxr-xr-x | kud/tests/cFW/firewall/init.sh | 43 |
2 files changed, 66 insertions, 25 deletions
diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile index 7d3e6ede..086f30ce 100644 --- a/kud/tests/cFW/firewall/Dockerfile +++ b/kud/tests/cFW/firewall/Dockerfile @@ -1,32 +1,22 @@ -FROM electrocucaracha/vpp +FROM ubuntu:18.04 as builder MAINTAINER Victor Morales <electrocucaracha@gmail.com> -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV demo_artifacts_version "1.6.0" ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV protected_net_cidr "192.168.20.0/24" -ENV fw_ipaddr "192.168.10.100" -ENV sink_ipaddr "192.168.20.250" -ENV demo_artifacts_version "1.3.0" - -RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ - bsdmainutils make gcc libcurl4-gnutls-dev +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + wget ca-certificates WORKDIR /opt -RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \ - && chmod +x v_firewall_init.sh \ - && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh - RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && mv sample-distribution-${demo_artifacts_version} honeycomb \ - && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json + +RUN apt-get install -y -qq --no-install-recommends \ + make gcc libc6-dev libcurl4-gnutls-dev RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \ && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \ @@ -38,12 +28,20 @@ RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_r && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \ && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \ - && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd - + && make -C /opt/VES/evel/evel-library/bldjobs/ + +FROM vpp + +COPY --from=builder /opt/honeycomb /opt/honeycomb +COPY --from=builder /opt/VES/evel/evel-library/code/VESreporting /opt/VESreporting +COPY --from=builder /opt/VES/evel/evel-library/libs/x86_64/libevel.so /usr/lib/x86_64-linux-gnu/ +COPY init.sh /opt/init.sh + +ENV DCAE_COLLECTOR_IP "" +ENV DCAE_COLLECTOR_PORT "" -RUN mkdir -p /opt/config/ \ - && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ - && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ - && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ - && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + openjdk-8-jre iproute2 libcurl4-gnutls-dev -CMD ["./v_firewall_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/firewall/init.sh b/kud/tests/cFW/firewall/init.sh new file mode 100755 index 00000000..71db2e2d --- /dev/null +++ b/kud/tests/cFW/firewall/init.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +echo 'start... vpp' +/usr/bin/vpp -c /etc/vpp/startup.conf +echo 'wait vpp be up ...' +until vppctl show ver; do + sleep 1; +done + +# Configure VPP for vFirewall +nic_protected=eth1 +nic_unprotected=eth2 +ip_protected_addr=$(ip addr show $nic_protected | grep inet | awk '{print $2}') +ip_unprotected_addr=$(ip addr show $nic_unprotected | grep inet | awk '{print $2}') + +vppctl create host-interface name "$nic_protected" +vppctl create host-interface name "$nic_unprotected" + +vppctl set int ip address "host-$nic_protected" "$ip_protected_addr" +vppctl set int ip address "host-$nic_unprotected" "$ip_unprotected_addr" + +vppctl set int state "host-$nic_protected" up +vppctl set int state "host-$nic_unprotected" up + +# Start HoneyComb +#/opt/honeycomb/honeycomb &>/dev/null &disown +/opt/honeycomb/honeycomb + +# Start VES client +#/opt/VESreporting/vpp_measurement_reporter "$DCAE_COLLECTOR_IP" "$DCAE_COLLECTOR_PORT" eth1 |