aboutsummaryrefslogtreecommitdiffstats
path: root/kud/tests/cFW
diff options
context:
space:
mode:
Diffstat (limited to 'kud/tests/cFW')
-rw-r--r--kud/tests/cFW/README.md10
-rw-r--r--kud/tests/cFW/Vagrantfile33
-rw-r--r--kud/tests/cFW/darkstat/Dockerfile14
-rw-r--r--kud/tests/cFW/docker-compose.yml38
-rw-r--r--kud/tests/cFW/firewall/Dockerfile49
-rw-r--r--kud/tests/cFW/packetgen/Dockerfile44
-rwxr-xr-xkud/tests/cFW/postinstall.sh83
-rw-r--r--kud/tests/cFW/sink/Dockerfile34
-rw-r--r--kud/tests/cFW/vpp/80-vpp.conf15
-rw-r--r--kud/tests/cFW/vpp/Dockerfile17
10 files changed, 337 insertions, 0 deletions
diff --git a/kud/tests/cFW/README.md b/kud/tests/cFW/README.md
new file mode 100644
index 00000000..c6ac9e20
--- /dev/null
+++ b/kud/tests/cFW/README.md
@@ -0,0 +1,10 @@
+# Cloud-Native Firewall Virtual Network Function
+
+[CNF][1] version of the ONAP vFirewall use case.
+
+## License
+
+Apache-2.0
+
+[1]: https://github.com/ligato/cn-infra/blob/master/docs/readmes/cn_virtual_function.md
+[2]: https://github.com/electrocucaracha/vFW-demo
diff --git a/kud/tests/cFW/Vagrantfile b/kud/tests/cFW/Vagrantfile
new file mode 100644
index 00000000..d02e7d01
--- /dev/null
+++ b/kud/tests/cFW/Vagrantfile
@@ -0,0 +1,33 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+ config.vm.box = "elastic/ubuntu-16.04-x86_64"
+ config.vm.hostname = "demo"
+ config.vm.provision 'shell', path: 'postinstall.sh'
+ config.vm.network :private_network, :ip => "192.168.10.5", :type => :static # unprotected_private_net_cidr
+ config.vm.network :private_network, :ip => "192.168.20.5", :type => :static # protected_private_net_cidr
+ config.vm.network :private_network, :ip => "10.10.12.5", :type => :static, :netmask => "16" # onap_private_net_cidr
+
+ if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil
+ if not Vagrant.has_plugin?('vagrant-proxyconf')
+ system 'vagrant plugin install vagrant-proxyconf'
+ raise 'vagrant-proxyconf was installed but it requires to execute again'
+ end
+ config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || ""
+ config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || ""
+ config.proxy.no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost"
+ config.proxy.enabled = { docker: false }
+ end
+
+ config.vm.provider 'virtualbox' do |v|
+ v.customize ["modifyvm", :id, "--memory", 8192]
+ v.customize ["modifyvm", :id, "--cpus", 2]
+ end
+ config.vm.provider 'libvirt' do |v|
+ v.memory = 8192
+ v.cpus = 2
+ v.nested = true
+ v.cpu_mode = 'host-passthrough'
+ end
+end
diff --git a/kud/tests/cFW/darkstat/Dockerfile b/kud/tests/cFW/darkstat/Dockerfile
new file mode 100644
index 00000000..d3a46b9c
--- /dev/null
+++ b/kud/tests/cFW/darkstat/Dockerfile
@@ -0,0 +1,14 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+RUN apt-get update && apt-get install -y -qq darkstat
+
+EXPOSE 667
+
+CMD ["/usr/sbin/darkstat", "-i", "eth1", "--no-daemon"]
diff --git a/kud/tests/cFW/docker-compose.yml b/kud/tests/cFW/docker-compose.yml
new file mode 100644
index 00000000..6d883fbd
--- /dev/null
+++ b/kud/tests/cFW/docker-compose.yml
@@ -0,0 +1,38 @@
+version: '3'
+
+services:
+ packetgen:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/packetgen
+ build:
+ context: ./packetgen
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ firewall:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/firewall
+ build:
+ context: ./firewall
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ sink:
+ privileged: true
+ network_mode: "host"
+ image: electrocucaracha/sink
+ build:
+ context: ./sink
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
+ darkstat:
+ network_mode: "host"
+ image: electrocucaracha/darkstat
+ build:
+ context: ./darkstat
+ args:
+ HTTP_PROXY: $HTTP_PROXY
+ HTTPS_PROXY: $HTTPS_PROXY
diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile
new file mode 100644
index 00000000..7d3e6ede
--- /dev/null
+++ b/kud/tests/cFW/firewall/Dockerfile
@@ -0,0 +1,49 @@
+FROM electrocucaracha/vpp
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+
+RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
+ bsdmainutils make gcc libcurl4-gnutls-dev
+
+WORKDIR /opt
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \
+ && chmod +x v_firewall_init.sh \
+ && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh
+
+RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
+ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && mv sample-distribution-${demo_artifacts_version} honeycomb \
+ && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+
+RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \
+ && rm ves-${demo_artifacts_version}-demo.tar.gz \
+ && mv ves-${demo_artifacts_version} VES
+
+RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \
+ && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \
+ && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \
+ && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \
+ && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd -
+
+RUN mkdir -p /opt/config/ \
+ && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+
+CMD ["./v_firewall_init.sh"]
diff --git a/kud/tests/cFW/packetgen/Dockerfile b/kud/tests/cFW/packetgen/Dockerfile
new file mode 100644
index 00000000..cb1da555
--- /dev/null
+++ b/kud/tests/cFW/packetgen/Dockerfile
@@ -0,0 +1,44 @@
+FROM electrocucaracha/vpp
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+
+RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \
+ bsdmainutils
+
+WORKDIR /opt
+EXPOSE 8183
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_packetgen_init.sh" \
+ && wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/run_traffic_fw_demo.sh" \
+ && chmod +x *.sh \
+ && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g;s|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh
+
+RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \
+ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \
+ && mv sample-distribution-${demo_artifacts_version} honeycomb \
+ && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json
+
+RUN wget "${repo_url}/vfw/vfw_pg_streams/${demo_artifacts_version}/vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz" \
+ && tar -zmxf vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \
+ && rm vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \
+ && mv vfw_pg_streams-${demo_artifacts_version} pg_streams
+
+RUN mkdir -p /opt/config/ \
+ && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt
+
+CMD ["./v_packetgen_init.sh"]
diff --git a/kud/tests/cFW/postinstall.sh b/kud/tests/cFW/postinstall.sh
new file mode 100755
index 00000000..5a1d5043
--- /dev/null
+++ b/kud/tests/cFW/postinstall.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+
+# install_docker() - Download and install docker-engine
+function install_docker {
+ local max_concurrent_downloads=${1:-3}
+
+ if $(docker version &>/dev/null); then
+ return
+ fi
+ apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+ apt-get update
+ apt-get install -y docker-ce
+
+ mkdir -p /etc/systemd/system/docker.service.d
+ if [ $http_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/http-proxy.conf
+[Service]
+Environment="HTTP_PROXY=$http_proxy"
+EOL
+ fi
+ if [ $https_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/https-proxy.conf
+[Service]
+Environment="HTTPS_PROXY=$https_proxy"
+EOL
+ fi
+ if [ $no_proxy ]; then
+ cat <<EOL > /etc/systemd/system/docker.service.d/no-proxy.conf
+[Service]
+Environment="NO_PROXY=$no_proxy"
+EOL
+ fi
+ systemctl daemon-reload
+ echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker
+ usermod -aG docker $USER
+
+ systemctl restart docker
+ sleep 10
+}
+
+# install_docker_compose() - Installs docker compose python module
+function install_docker_compose {
+ if ! which pip; then
+ curl -sL https://bootstrap.pypa.io/get-pip.py | python
+ fi
+ pip install --upgrade pip
+ pip install docker-compose
+}
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+install_docker
+install_docker_compose
+
+cd /vagrant
+# build vpp docker image
+BUILD_ARGS="--no-cache"
+if [ $HTTP_PROXY ]; then
+ BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}"
+fi
+if [ $HTTPS_PROXY ]; then
+ BUILD_ARGS+=" --build-arg HTTPS_PROXY=${HTTPS_PROXY}"
+fi
+pushd vpp
+docker build ${BUILD_ARGS} -t electrocucaracha/vpp:latest .
+popd
+
+docker-compose up -d
diff --git a/kud/tests/cFW/sink/Dockerfile b/kud/tests/cFW/sink/Dockerfile
new file mode 100644
index 00000000..6b43ba61
--- /dev/null
+++ b/kud/tests/cFW/sink/Dockerfile
@@ -0,0 +1,34 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+ENV protected_net_cidr "192.168.20.0/24"
+ENV fw_ipaddr "192.168.10.100"
+ENV sink_ipaddr "192.168.20.250"
+ENV demo_artifacts_version "1.3.0"
+ENV protected_net_gw "192.168.20.100"
+ENV unprotected_net "192.168.10.0/24"
+
+RUN apt-get update && apt-get install -y -qq wget net-tools
+
+WORKDIR /opt
+
+RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_sink_init.sh" \
+ && chmod +x v_sink_init.sh
+
+RUN mkdir -p config/ \
+ && echo $protected_net_cidr > config/protected_net_cidr.txt \
+ && echo $fw_ipaddr > config/fw_ipaddr.txt \
+ && echo $sink_ipaddr > config/sink_ipaddr.txt \
+ && echo $demo_artifacts_version > config/demo_artifacts_version.txt \
+ && echo $protected_net_gw > config/protected_net_gw.txt \
+ && echo $unprotected_net > config/unprotected_net.txt
+
+# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100
+# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists
+CMD ["./v_sink_init.sh"]
diff --git a/kud/tests/cFW/vpp/80-vpp.conf b/kud/tests/cFW/vpp/80-vpp.conf
new file mode 100644
index 00000000..8fdf184c
--- /dev/null
+++ b/kud/tests/cFW/vpp/80-vpp.conf
@@ -0,0 +1,15 @@
+# Number of 2MB hugepages desired
+vm.nr_hugepages=1024
+
+# Must be greater than or equal to (2 * vm.nr_hugepages).
+vm.max_map_count=3096
+
+# All groups allowed to access hugepages
+vm.hugetlb_shm_group=0
+
+# Shared Memory Max must be greator or equal to the total size of hugepages.
+# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024
+# If the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax)
+# is greater than the calculated TotalHugepageSize then set this parameter
+# to current shmmax value.
+kernel.shmmax=2147483648
diff --git a/kud/tests/cFW/vpp/Dockerfile b/kud/tests/cFW/vpp/Dockerfile
new file mode 100644
index 00000000..63b08b01
--- /dev/null
+++ b/kud/tests/cFW/vpp/Dockerfile
@@ -0,0 +1,17 @@
+FROM ubuntu:16.04
+MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+
+ARG HTTP_PROXY=${HTTP_PROXY}
+ARG HTTPS_PROXY=${HTTPS_PROXY}
+
+ENV http_proxy $HTTP_PROXY
+ENV https_proxy $HTTPS_PROXY
+
+RUN apt-get update && apt-get install -y -qq apt-transport-https \
+ && echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1609.ubuntu.xenial.main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list \
+ && apt-get update \
+ && apt-get install -y -qq vpp vpp-lib vpp-plugins
+
+COPY 80-vpp.conf /etc/sysctl.d/80-vpp.conf
+
+CMD ["/usr/bin/vpp", "-c", "/etc/vpp/startup.conf"]