From dd79554660e0f81cc8723243235e82e8769490f7 Mon Sep 17 00:00:00 2001 From: Victor Morales Date: Tue, 16 Jun 2020 18:00:04 -0700 Subject: Update cFW instruction set The cFW example has been changed since 1.3.0 version. This commit reduces the steps to setup and provision this CNF. Its main goal is to simplify deployment process. Issue-ID: MULTICLOUD-301 Change-Id: Id96ea4b427aff4c42ecfd43b42fa5d6970c4a6df Signed-off-by: Victor Morales --- kud/tests/cFW/README.md | 8 +- kud/tests/cFW/Vagrantfile | 93 ++++++++++++++---- kud/tests/cFW/darkstat/Dockerfile | 14 --- kud/tests/cFW/docker-compose.yml | 80 ++++++++++----- kud/tests/cFW/firewall/Dockerfile | 48 +++++---- kud/tests/cFW/firewall/init.sh | 43 ++++++++ kud/tests/cFW/packetgen/Dockerfile | 47 ++++----- kud/tests/cFW/packetgen/init.sh | 58 +++++++++++ kud/tests/cFW/postinstall.sh | 83 ---------------- kud/tests/cFW/sink/Dockerfile | 28 ++---- kud/tests/cFW/sink/init.sh | 17 ++++ kud/tests/cFW/sink/wrapper_v_sink_init.sh | 10 -- kud/tests/cFW/vpp/80-vpp.conf | 15 --- kud/tests/cFW/vpp/Dockerfile | 19 ++-- kud/tests/cFW/vpp/startup.conf | 156 ++++++++++++++++++++++++++++++ 15 files changed, 464 insertions(+), 255 deletions(-) delete mode 100644 kud/tests/cFW/darkstat/Dockerfile create mode 100755 kud/tests/cFW/firewall/init.sh create mode 100755 kud/tests/cFW/packetgen/init.sh delete mode 100755 kud/tests/cFW/postinstall.sh create mode 100755 kud/tests/cFW/sink/init.sh delete mode 100644 kud/tests/cFW/sink/wrapper_v_sink_init.sh delete mode 100644 kud/tests/cFW/vpp/80-vpp.conf create mode 100644 kud/tests/cFW/vpp/startup.conf diff --git a/kud/tests/cFW/README.md b/kud/tests/cFW/README.md index c6ac9e20..87edbd56 100644 --- a/kud/tests/cFW/README.md +++ b/kud/tests/cFW/README.md @@ -1,10 +1,8 @@ -# Cloud-Native Firewall Virtual Network Function +# Firewall Cloud-Native Network Function Demo -[CNF][1] version of the ONAP vFirewall use case. +This is the implementation of the ONAP vFirewall use case as +Cloud-Native Network Function. ## License Apache-2.0 - -[1]: https://github.com/ligato/cn-infra/blob/master/docs/readmes/cn_virtual_function.md -[2]: https://github.com/electrocucaracha/vFW-demo diff --git a/kud/tests/cFW/Vagrantfile b/kud/tests/cFW/Vagrantfile index d02e7d01..de0031cd 100644 --- a/kud/tests/cFW/Vagrantfile +++ b/kud/tests/cFW/Vagrantfile @@ -1,33 +1,84 @@ # -*- mode: ruby -*- # vi: set ft=ruby : +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +$no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost" +# NOTE: This range is based on vagrant-libvirt network definition CIDR 192.168.121.0/24 +(1..254).each do |i| + $no_proxy += ",192.168.121.#{i}" +end +$no_proxy += ",10.0.2.15" +$socks_proxy = ENV['socks_proxy'] || ENV['SOCKS_PROXY'] || "" Vagrant.configure("2") do |config| - config.vm.box = "elastic/ubuntu-16.04-x86_64" - config.vm.hostname = "demo" - config.vm.provision 'shell', path: 'postinstall.sh' - config.vm.network :private_network, :ip => "192.168.10.5", :type => :static # unprotected_private_net_cidr - config.vm.network :private_network, :ip => "192.168.20.5", :type => :static # protected_private_net_cidr - config.vm.network :private_network, :ip => "10.10.12.5", :type => :static, :netmask => "16" # onap_private_net_cidr + config.vm.provider :libvirt + config.vm.provider :virtualbox - if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil - if not Vagrant.has_plugin?('vagrant-proxyconf') - system 'vagrant plugin install vagrant-proxyconf' - raise 'vagrant-proxyconf was installed but it requires to execute again' + config.vm.box = "generic/ubuntu1804" + config.vm.box_version = "3.0.8" + config.vm.synced_folder './', '/vagrant' + + [:virtualbox, :libvirt].each do |provider| + config.vm.provider provider do |p| + p.cpus = 2 + p.memory = 4096 end - config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || "" - config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || "" - config.proxy.no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || "127.0.0.1,localhost" - config.proxy.enabled = { docker: false } end - config.vm.provider 'virtualbox' do |v| - v.customize ["modifyvm", :id, "--memory", 8192] - v.customize ["modifyvm", :id, "--cpus", 2] + config.vm.provider "virtualbox" do |v| + v.gui = false end - config.vm.provider 'libvirt' do |v| - v.memory = 8192 - v.cpus = 2 - v.nested = true + + config.vm.provider :libvirt do |v| v.cpu_mode = 'host-passthrough' + v.random_hostname = true + v.management_network_address = "192.168.121.0/24" end + + if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil + if Vagrant.has_plugin?('vagrant-proxyconf') + config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || "" + config.proxy.https = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || "" + config.proxy.no_proxy = $no_proxy + config.proxy.enabled = { docker: false, git: false } + end + end + # Install requirements + config.vm.provision 'shell', privileged: false, inline: <<-SHELL + source /etc/os-release || source /usr/lib/os-release + case ${ID,,} in + ubuntu|debian) + sudo apt-get update + sudo apt-get install -y -qq -o=Dpkg::Use-Pty=0 curl + ;; + esac + # NOTE: Shorten link -> https://github.com/electrocucaracha/pkg-mgr_scripts + curl -fsSL http://bit.ly/install_pkg | PKG="docker docker-compose" bash + SHELL + + # Deploy services + config.vm.provision 'shell', inline: <<-SHELL + set -o pipefail + set -o errexit + + cd /vagrant + docker network create --subnet 10.10.0.0/16 --opt com.docker.network.bridge.name=docker_gwbridge docker_gwbridge + docker swarm init --advertise-addr 10.0.2.15 + docker build --no-cache -t vpp vpp/ + docker-compose up -d + docker image prune --force + #curl -X PUT \ + # -H "Authorization: Basic YWRtaW46YWRtaW4=" \ + # -H "Content-Type: application/json" \ + # -H "Cache-Control: no-cache" \ + # -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"}]}}' \ + # "http://127.0.0.1:8083/restconf/config/sample-plugin:sample-plugin/pg-streams" + SHELL + config.vm.network :forwarded_port, guest: 8080, host: 8080 end diff --git a/kud/tests/cFW/darkstat/Dockerfile b/kud/tests/cFW/darkstat/Dockerfile deleted file mode 100644 index d3a46b9c..00000000 --- a/kud/tests/cFW/darkstat/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM ubuntu:16.04 -MAINTAINER Victor Morales - -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY - -RUN apt-get update && apt-get install -y -qq darkstat - -EXPOSE 667 - -CMD ["/usr/sbin/darkstat", "-i", "eth1", "--no-daemon"] diff --git a/kud/tests/cFW/docker-compose.yml b/kud/tests/cFW/docker-compose.yml index 6d883fbd..29db821c 100644 --- a/kud/tests/cFW/docker-compose.yml +++ b/kud/tests/cFW/docker-compose.yml @@ -1,38 +1,70 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + version: '3' services: packetgen: + image: packetgen:1.6.0 privileged: true - network_mode: "host" - image: electrocucaracha/packetgen + environment: + - PROTECTED_NET_CIDR=192.168.20.0/24 + - FW_IPADDR=192.168.10.100 + - SINK_IPADDR=192.168.20.250 + ports: + - 8083:8183 build: context: ./packetgen - args: - HTTP_PROXY: $HTTP_PROXY - HTTPS_PROXY: $HTTPS_PROXY + networks: + unprotected: + ipv4_address: 192.168.10.200 firewall: + image: firewall:1.6.0 privileged: true - network_mode: "host" - image: electrocucaracha/firewall + environment: + - DCAE_COLLECTOR_IP="" + - DCAE_COLLECTOR_PORT="" + ports: + - 8083 build: context: ./firewall - args: - HTTP_PROXY: $HTTP_PROXY - HTTPS_PROXY: $HTTPS_PROXY + networks: + unprotected: + ipv4_address: 192.168.10.100 + protected: + ipv4_address: 192.168.20.100 sink: - privileged: true - network_mode: "host" - image: electrocucaracha/sink + image: sink:1.6.0 + cap_add: + - NET_ADMIN + environment: + - UNPROTECTED_NET=192.168.10.0/24 + - PROTECTED_NET_GW=192.168.20.100 + ports: + - 8080:667 build: context: ./sink - args: - HTTP_PROXY: $HTTP_PROXY - HTTPS_PROXY: $HTTPS_PROXY - darkstat: - network_mode: "host" - image: electrocucaracha/darkstat - build: - context: ./darkstat - args: - HTTP_PROXY: $HTTP_PROXY - HTTPS_PROXY: $HTTPS_PROXY + networks: + protected: + ipv4_address: 192.168.20.250 + +networks: + unprotected: + driver: overlay + ipam: + driver: default + config: + - subnet: 192.168.10.0/24 + protected: + driver: overlay + ipam: + driver: default + config: + - subnet: 192.168.20.0/24 diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile index 7d3e6ede..086f30ce 100644 --- a/kud/tests/cFW/firewall/Dockerfile +++ b/kud/tests/cFW/firewall/Dockerfile @@ -1,32 +1,22 @@ -FROM electrocucaracha/vpp +FROM ubuntu:18.04 as builder MAINTAINER Victor Morales -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV demo_artifacts_version "1.6.0" ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV protected_net_cidr "192.168.20.0/24" -ENV fw_ipaddr "192.168.10.100" -ENV sink_ipaddr "192.168.20.250" -ENV demo_artifacts_version "1.3.0" - -RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ - bsdmainutils make gcc libcurl4-gnutls-dev +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + wget ca-certificates WORKDIR /opt -RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \ - && chmod +x v_firewall_init.sh \ - && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh - RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && mv sample-distribution-${demo_artifacts_version} honeycomb \ - && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json + +RUN apt-get install -y -qq --no-install-recommends \ + make gcc libc6-dev libcurl4-gnutls-dev RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \ && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \ @@ -38,12 +28,20 @@ RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_r && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \ && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \ - && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd - + && make -C /opt/VES/evel/evel-library/bldjobs/ + +FROM vpp + +COPY --from=builder /opt/honeycomb /opt/honeycomb +COPY --from=builder /opt/VES/evel/evel-library/code/VESreporting /opt/VESreporting +COPY --from=builder /opt/VES/evel/evel-library/libs/x86_64/libevel.so /usr/lib/x86_64-linux-gnu/ +COPY init.sh /opt/init.sh + +ENV DCAE_COLLECTOR_IP "" +ENV DCAE_COLLECTOR_PORT "" -RUN mkdir -p /opt/config/ \ - && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ - && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ - && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ - && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + openjdk-8-jre iproute2 libcurl4-gnutls-dev -CMD ["./v_firewall_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/firewall/init.sh b/kud/tests/cFW/firewall/init.sh new file mode 100755 index 00000000..71db2e2d --- /dev/null +++ b/kud/tests/cFW/firewall/init.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +echo 'start... vpp' +/usr/bin/vpp -c /etc/vpp/startup.conf +echo 'wait vpp be up ...' +until vppctl show ver; do + sleep 1; +done + +# Configure VPP for vFirewall +nic_protected=eth1 +nic_unprotected=eth2 +ip_protected_addr=$(ip addr show $nic_protected | grep inet | awk '{print $2}') +ip_unprotected_addr=$(ip addr show $nic_unprotected | grep inet | awk '{print $2}') + +vppctl create host-interface name "$nic_protected" +vppctl create host-interface name "$nic_unprotected" + +vppctl set int ip address "host-$nic_protected" "$ip_protected_addr" +vppctl set int ip address "host-$nic_unprotected" "$ip_unprotected_addr" + +vppctl set int state "host-$nic_protected" up +vppctl set int state "host-$nic_unprotected" up + +# Start HoneyComb +#/opt/honeycomb/honeycomb &>/dev/null &disown +/opt/honeycomb/honeycomb + +# Start VES client +#/opt/VESreporting/vpp_measurement_reporter "$DCAE_COLLECTOR_IP" "$DCAE_COLLECTOR_PORT" eth1 diff --git a/kud/tests/cFW/packetgen/Dockerfile b/kud/tests/cFW/packetgen/Dockerfile index cb1da555..074fec02 100644 --- a/kud/tests/cFW/packetgen/Dockerfile +++ b/kud/tests/cFW/packetgen/Dockerfile @@ -1,44 +1,33 @@ -FROM electrocucaracha/vpp +FROM ubuntu:18.04 as builder MAINTAINER Victor Morales -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV demo_artifacts_version "1.6.0" ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV protected_net_cidr "192.168.20.0/24" -ENV fw_ipaddr "192.168.10.100" -ENV sink_ipaddr "192.168.20.250" -ENV demo_artifacts_version "1.3.0" - -RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ - bsdmainutils +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + wget ca-certificates WORKDIR /opt EXPOSE 8183 -RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_packetgen_init.sh" \ - && wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/run_traffic_fw_demo.sh" \ - && chmod +x *.sh \ - && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g;s|/opt/honeycomb/sample-distribution-\$VERSION/honeycomb|/opt/honeycomb/honeycomb|g' v_packetgen_init.sh - RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && mv sample-distribution-${demo_artifacts_version} honeycomb \ - && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json + +FROM vpp + +COPY --from=builder /opt/honeycomb /opt/honeycomb +COPY init.sh /opt/init.sh -RUN wget "${repo_url}/vfw/vfw_pg_streams/${demo_artifacts_version}/vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz" \ - && tar -zmxf vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \ - && rm vfw_pg_streams-${demo_artifacts_version}-demo.tar.gz \ - && mv vfw_pg_streams-${demo_artifacts_version} pg_streams +ENV PROTECTED_NET_CIDR "192.168.20.0/24" +ENV FW_IPADDR "192.168.10.100" +ENV SINK_IPADDR "192.168.20.250" -RUN mkdir -p /opt/config/ \ - && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ - && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ - && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ - && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + openjdk-8-jre iproute2 \ + && mkdir -p /opt/pg_streams -CMD ["./v_packetgen_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/packetgen/init.sh b/kud/tests/cFW/packetgen/init.sh new file mode 100755 index 00000000..1df98424 --- /dev/null +++ b/kud/tests/cFW/packetgen/init.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +echo 'start... vpp' +/usr/bin/vpp -c /etc/vpp/startup.conf +echo 'wait vpp be up ...' +until vppctl show ver; do + sleep 1; +done + +# Configure VPP for vPacketGenerator +nic=eth0 +ip_addr=$(ip addr show $nic | grep inet | awk '{print $2}') + +vppctl create host-interface name "$nic" +vppctl set int state "host-$nic" up +vppctl set int ip address "host-$nic" "$ip_addr" +vppctl ip route add "$PROTECTED_NET_CIDR" via "$FW_IPADDR" + +vppctl loop create +vppctl set int ip address loop0 11.22.33.1/24 +vppctl set int state loop0 up + +# Install packet streams +for i in $(seq 1 10); do + cat < "/opt/pg_streams/stream_fw_udp" +packet-generator new { + name fw_udp$i + rate 10 + node ip4-input + size 64-64 + no-recycle + interface loop0 + data { + UDP: ${ip_addr%/*} -> $SINK_IPADDR + UDP: 15320 -> 8080 + length 128 checksum 0 incrementing 1 + } +} +EOL + vppctl exec "/opt/pg_streams/stream_fw_udp" +done +vppctl packet-generator enable + +# Start HoneyComb +/opt/honeycomb/honeycomb diff --git a/kud/tests/cFW/postinstall.sh b/kud/tests/cFW/postinstall.sh deleted file mode 100755 index ec2cba49..00000000 --- a/kud/tests/cFW/postinstall.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2018 -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -set -o nounset -set -o pipefail -set -o xtrace - -# install_docker() - Download and install docker-engine -function install_docker { - local max_concurrent_downloads=${1:-3} - - if $(docker version &>/dev/null); then - return - fi - apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - apt-get update - apt-get install -y docker-ce - - mkdir -p /etc/systemd/system/docker.service.d - if [ $http_proxy ]; then - cat < /etc/systemd/system/docker.service.d/http-proxy.conf -[Service] -Environment="HTTP_PROXY=$http_proxy" -EOL - fi - if [ $https_proxy ]; then - cat < /etc/systemd/system/docker.service.d/https-proxy.conf -[Service] -Environment="HTTPS_PROXY=$https_proxy" -EOL - fi - if [ $no_proxy ]; then - cat < /etc/systemd/system/docker.service.d/no-proxy.conf -[Service] -Environment="NO_PROXY=$no_proxy" -EOL - fi - systemctl daemon-reload - echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker - usermod -aG docker $USER - - systemctl restart docker - sleep 10 -} - -# install_docker_compose() - Installs docker compose python module -function install_docker_compose { - if ! which pip; then - curl -sL https://bootstrap.pypa.io/get-pip.py | python - fi - pip install --no-cache-dir --upgrade pip - pip install --no-cache-dir docker-compose -} - -echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf -sysctl -p - -install_docker -install_docker_compose - -cd /vagrant -# build vpp docker image -BUILD_ARGS="--no-cache" -if [ $HTTP_PROXY ]; then - BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}" -fi -if [ $HTTPS_PROXY ]; then - BUILD_ARGS+=" --build-arg HTTPS_PROXY=${HTTPS_PROXY}" -fi -pushd vpp -docker build ${BUILD_ARGS} -t electrocucaracha/vpp:latest . -popd - -docker-compose up -d diff --git a/kud/tests/cFW/sink/Dockerfile b/kud/tests/cFW/sink/Dockerfile index 5e3da088..3d934135 100644 --- a/kud/tests/cFW/sink/Dockerfile +++ b/kud/tests/cFW/sink/Dockerfile @@ -1,24 +1,14 @@ -FROM ubuntu:16.04 +FROM ubuntu:18.04 MAINTAINER Ritu Sood -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} +COPY init.sh /opt/init.sh -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV PROTECTED_NET_GW "192.168.20.100" +ENV UNPROTECTED_NET "192.168.10.0/24" -ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV demo_artifacts_version "1.5.0" +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + iproute2 darkstat +EXPOSE 667 -RUN apt-get update && apt-get install -y -qq wget net-tools unzip - -WORKDIR /opt - -RUN wget "${repo_url}/vfw/vfw-scripts/${demo_artifacts_version}/vfw-scripts-${demo_artifacts_version}.zip" \ - && unzip "vfw-scripts-${demo_artifacts_version}.zip" \ - && chmod +x v_sink_init.sh - -COPY wrapper_v_sink_init.sh . -RUN chmod +x wrapper_v_sink_init.sh - -CMD ["./wrapper_v_sink_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/sink/init.sh b/kud/tests/cFW/sink/init.sh new file mode 100755 index 00000000..58c32bdc --- /dev/null +++ b/kud/tests/cFW/sink/init.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +ip route add $UNPROTECTED_NET via $PROTECTED_NET_GW +/usr/sbin/darkstat --no-daemon --verbose -i eth0 diff --git a/kud/tests/cFW/sink/wrapper_v_sink_init.sh b/kud/tests/cFW/sink/wrapper_v_sink_init.sh deleted file mode 100644 index e3a3e35e..00000000 --- a/kud/tests/cFW/sink/wrapper_v_sink_init.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -mkdir -p /opt/config/ -echo "$protected_net_gw" > /opt/config/protected_net_gw.txt -echo "$protected_private_net_cidr" > /opt/config/unprotected_net.txt - -# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100 -# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists -./v_sink_init.sh -sleep infinity diff --git a/kud/tests/cFW/vpp/80-vpp.conf b/kud/tests/cFW/vpp/80-vpp.conf deleted file mode 100644 index 8fdf184c..00000000 --- a/kud/tests/cFW/vpp/80-vpp.conf +++ /dev/null @@ -1,15 +0,0 @@ -# Number of 2MB hugepages desired -vm.nr_hugepages=1024 - -# Must be greater than or equal to (2 * vm.nr_hugepages). -vm.max_map_count=3096 - -# All groups allowed to access hugepages -vm.hugetlb_shm_group=0 - -# Shared Memory Max must be greator or equal to the total size of hugepages. -# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024 -# If the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax) -# is greater than the calculated TotalHugepageSize then set this parameter -# to current shmmax value. -kernel.shmmax=2147483648 diff --git a/kud/tests/cFW/vpp/Dockerfile b/kud/tests/cFW/vpp/Dockerfile index 63b08b01..a04e0236 100644 --- a/kud/tests/cFW/vpp/Dockerfile +++ b/kud/tests/cFW/vpp/Dockerfile @@ -1,17 +1,16 @@ -FROM ubuntu:16.04 +FROM ubuntu:18.04 MAINTAINER Victor Morales -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} +ENV VERSION "19.01.2-release" -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY - -RUN apt-get update && apt-get install -y -qq apt-transport-https \ - && echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1609.ubuntu.xenial.main/ ./" | tee -a /etc/apt/sources.list.d/99fd.io.list \ +RUN apt-get update \ + && apt-get install -y -qq --no-install-recommends curl ca-certificates gnupg2 \ + && echo "deb [trusted=yes] https://packagecloud.io/fdio/release/ubuntu bionic main" | tee /etc/apt/sources.list.d/99fd.io.list \ + && curl -L https://packagecloud.io/fdio/release/gpgkey | apt-key add - \ + && mkdir -p /var/log/vpp/ \ && apt-get update \ - && apt-get install -y -qq vpp vpp-lib vpp-plugins + && apt-get install -y -qq --no-install-recommends vpp=$VERSION vpp-lib=$VERSION vpp-plugins=$VERSION -COPY 80-vpp.conf /etc/sysctl.d/80-vpp.conf +COPY startup.conf /etc/vpp/startup.conf CMD ["/usr/bin/vpp", "-c", "/etc/vpp/startup.conf"] diff --git a/kud/tests/cFW/vpp/startup.conf b/kud/tests/cFW/vpp/startup.conf new file mode 100644 index 00000000..bdeb594c --- /dev/null +++ b/kud/tests/cFW/vpp/startup.conf @@ -0,0 +1,156 @@ + +unix { + log /var/log/vpp/vpp.log + full-coredump + cli-listen /run/vpp/cli.sock + gid vpp +} + +api-trace { +## This stanza controls binary API tracing. Unless there is a very strong reason, +## please leave this feature enabled. + on +## Additional parameters: +## +## To set the number of binary API trace records in the circular buffer, configure nitems +## +## nitems +## +## To save the api message table decode tables, configure a filename. Results in /tmp/ +## Very handy for understanding api message changes between versions, identifying missing +## plugins, and so forth. +## +## save-api-table +} + +api-segment { + gid vpp +} + +socksvr { + default +} + +cpu { + ## In the VPP there is one main thread and optionally the user can create worker(s) + ## The main thread and worker thread(s) can be pinned to CPU core(s) manually or automatically + + ## Manual pinning of thread(s) to CPU core(s) + + ## Set logical CPU core where main thread runs, if main core is not set + ## VPP will use core 1 if available + # main-core 1 + + ## Set logical CPU core(s) where worker threads are running + # corelist-workers 2-3,18-19 + + ## Automatic pinning of thread(s) to CPU core(s) + + ## Sets number of CPU core(s) to be skipped (1 ... N-1) + ## Skipped CPU core(s) are not used for pinning main thread and working thread(s). + ## The main thread is automatically pinned to the first available CPU core and worker(s) + ## are pinned to next free CPU core(s) after core assigned to main thread + # skip-cores 4 + + ## Specify a number of workers to be created + ## Workers are pinned to N consecutive CPU cores while skipping "skip-cores" CPU core(s) + ## and main thread's CPU core + # workers 2 + + ## Set scheduling policy and priority of main and worker threads + + ## Scheduling policy options are: other (SCHED_OTHER), batch (SCHED_BATCH) + ## idle (SCHED_IDLE), fifo (SCHED_FIFO), rr (SCHED_RR) + # scheduler-policy fifo + + ## Scheduling priority is used only for "real-time policies (fifo and rr), + ## and has to be in the range of priorities supported for a particular policy + # scheduler-priority 50 +} + +# dpdk { + ## Change default settings for all interfaces + # dev default { + ## Number of receive queues, enables RSS + ## Default is 1 + # num-rx-queues 3 + + ## Number of transmit queues, Default is equal + ## to number of worker threads or 1 if no workers treads + # num-tx-queues 3 + + ## Number of descriptors in transmit and receive rings + ## increasing or reducing number can impact performance + ## Default is 1024 for both rx and tx + # num-rx-desc 512 + # num-tx-desc 512 + + ## VLAN strip offload mode for interface + ## Default is off + # vlan-strip-offload on + # } + + ## Whitelist specific interface by specifying PCI address + # dev 0000:02:00.0 + + ## Blacklist specific device type by specifying PCI vendor:device + ## Whitelist entries take precedence + # blacklist 8086:10fb + + ## Set interface name + # dev 0000:02:00.1 { + # name eth0 + # } + + ## Whitelist specific interface by specifying PCI address and in + ## addition specify custom parameters for this interface + # dev 0000:02:00.1 { + # num-rx-queues 2 + # } + + ## Specify bonded interface and its slaves via PCI addresses + ## + ## Bonded interface in XOR load balance mode (mode 2) with L3 and L4 headers + # vdev eth_bond0,mode=2,slave=0000:02:00.0,slave=0000:03:00.0,xmit_policy=l34 + # vdev eth_bond1,mode=2,slave=0000:02:00.1,slave=0000:03:00.1,xmit_policy=l34 + ## + ## Bonded interface in Active-Back up mode (mode 1) + # vdev eth_bond0,mode=1,slave=0000:02:00.0,slave=0000:03:00.0 + # vdev eth_bond1,mode=1,slave=0000:02:00.1,slave=0000:03:00.1 + + ## Change UIO driver used by VPP, Options are: igb_uio, vfio-pci, + ## uio_pci_generic or auto (default) + # uio-driver vfio-pci + + ## Disable multi-segment buffers, improves performance but + ## disables Jumbo MTU support + # no-multi-seg + + ## Increase number of buffers allocated, needed only in scenarios with + ## large number of interfaces and worker threads. Value is per CPU socket. + ## Default is 16384 + # num-mbufs 128000 + + ## Change hugepages allocation per-socket, needed only if there is need for + ## larger number of mbufs. Default is 256M on each detected CPU socket + # socket-mem 2048,2048 + + ## Disables UDP / TCP TX checksum offload. Typically needed for use + ## faster vector PMDs (together with no-multi-seg) + # no-tx-checksum-offload +# } + + +# plugins { + ## Adjusting the plugin path depending on where the VPP plugins are + # path /ws/vpp/build-root/install-vpp-native/vpp/lib/vpp_plugins + + ## Disable all plugins by default and then selectively enable specific plugins + # plugin default { disable } + # plugin dpdk_plugin.so { enable } + # plugin acl_plugin.so { enable } + + ## Enable all plugins by default and then selectively disable specific plugins + # plugin dpdk_plugin.so { disable } + # plugin acl_plugin.so { disable } +# } -- cgit 1.2.3-korg