From dd79554660e0f81cc8723243235e82e8769490f7 Mon Sep 17 00:00:00 2001 From: Victor Morales Date: Tue, 16 Jun 2020 18:00:04 -0700 Subject: Update cFW instruction set The cFW example has been changed since 1.3.0 version. This commit reduces the steps to setup and provision this CNF. Its main goal is to simplify deployment process. Issue-ID: MULTICLOUD-301 Change-Id: Id96ea4b427aff4c42ecfd43b42fa5d6970c4a6df Signed-off-by: Victor Morales --- kud/tests/cFW/firewall/Dockerfile | 48 +++++++++++++++++++-------------------- kud/tests/cFW/firewall/init.sh | 43 +++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 25 deletions(-) create mode 100755 kud/tests/cFW/firewall/init.sh (limited to 'kud/tests/cFW/firewall') diff --git a/kud/tests/cFW/firewall/Dockerfile b/kud/tests/cFW/firewall/Dockerfile index 7d3e6ede..086f30ce 100644 --- a/kud/tests/cFW/firewall/Dockerfile +++ b/kud/tests/cFW/firewall/Dockerfile @@ -1,32 +1,22 @@ -FROM electrocucaracha/vpp +FROM ubuntu:18.04 as builder MAINTAINER Victor Morales -ARG HTTP_PROXY=${HTTP_PROXY} -ARG HTTPS_PROXY=${HTTPS_PROXY} - -ENV http_proxy $HTTP_PROXY -ENV https_proxy $HTTPS_PROXY +ENV demo_artifacts_version "1.6.0" ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf" -ENV protected_net_cidr "192.168.20.0/24" -ENV fw_ipaddr "192.168.10.100" -ENV sink_ipaddr "192.168.20.250" -ENV demo_artifacts_version "1.3.0" - -RUN apt-get install -y -qq wget openjdk-8-jre bridge-utils net-tools \ - bsdmainutils make gcc libcurl4-gnutls-dev +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + wget ca-certificates WORKDIR /opt -RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_firewall_init.sh" \ - && chmod +x v_firewall_init.sh \ - && sed -i 's|start vpp|/usr/bin/vpp -c /etc/vpp/startup.conf|g' v_firewall_init.sh - RUN wget "${repo_url}/sample-distribution/${demo_artifacts_version}/sample-distribution-${demo_artifacts_version}-hc.tar.gz" \ && tar -zmxf sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && rm sample-distribution-${demo_artifacts_version}-hc.tar.gz \ && mv sample-distribution-${demo_artifacts_version} honeycomb \ - && sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/honeycomb.json + && sed -i 's/"restconf-binding-address": .*/"restconf-binding-address": "0.0.0.0",/g' /opt/honeycomb/config/restconf.json + +RUN apt-get install -y -qq --no-install-recommends \ + make gcc libc6-dev libcurl4-gnutls-dev RUN wget "${repo_url}/ves5/ves/${demo_artifacts_version}/ves-${demo_artifacts_version}-demo.tar.gz" \ && tar -zmxf ves-${demo_artifacts_version}-demo.tar.gz \ @@ -38,12 +28,20 @@ RUN wget "${repo_url}/ves5/ves_vfw_reporting/${demo_artifacts_version}/ves_vfw_r && rm ves_vfw_reporting-${demo_artifacts_version}-demo.tar.gz \ && mv ves_vfw_reporting-${demo_artifacts_version} VES/evel/evel-library/code/VESreporting \ && chmod +x VES/evel/evel-library/code/VESreporting/go-client.sh \ - && cd VES/evel/evel-library/bldjobs/ && make clean && make && cd - + && make -C /opt/VES/evel/evel-library/bldjobs/ + +FROM vpp + +COPY --from=builder /opt/honeycomb /opt/honeycomb +COPY --from=builder /opt/VES/evel/evel-library/code/VESreporting /opt/VESreporting +COPY --from=builder /opt/VES/evel/evel-library/libs/x86_64/libevel.so /usr/lib/x86_64-linux-gnu/ +COPY init.sh /opt/init.sh + +ENV DCAE_COLLECTOR_IP "" +ENV DCAE_COLLECTOR_PORT "" -RUN mkdir -p /opt/config/ \ - && echo $protected_net_cidr > /opt/config/protected_net_cidr.txt \ - && echo $fw_ipaddr > /opt/config/fw_ipaddr.txt \ - && echo $sink_ipaddr > /opt/config/sink_ipaddr.txt \ - && echo $demo_artifacts_version > /opt/config/demo_artifacts_version.txt +RUN apt-get update && apt-get install -y -qq --no-install-recommends \ + openjdk-8-jre iproute2 libcurl4-gnutls-dev -CMD ["./v_firewall_init.sh"] +ENTRYPOINT ["/bin/bash"] +CMD ["/opt/init.sh"] diff --git a/kud/tests/cFW/firewall/init.sh b/kud/tests/cFW/firewall/init.sh new file mode 100755 index 00000000..71db2e2d --- /dev/null +++ b/kud/tests/cFW/firewall/init.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2020 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o pipefail +set -o xtrace +set -o errexit +set -o nounset + +echo 'start... vpp' +/usr/bin/vpp -c /etc/vpp/startup.conf +echo 'wait vpp be up ...' +until vppctl show ver; do + sleep 1; +done + +# Configure VPP for vFirewall +nic_protected=eth1 +nic_unprotected=eth2 +ip_protected_addr=$(ip addr show $nic_protected | grep inet | awk '{print $2}') +ip_unprotected_addr=$(ip addr show $nic_unprotected | grep inet | awk '{print $2}') + +vppctl create host-interface name "$nic_protected" +vppctl create host-interface name "$nic_unprotected" + +vppctl set int ip address "host-$nic_protected" "$ip_protected_addr" +vppctl set int ip address "host-$nic_unprotected" "$ip_unprotected_addr" + +vppctl set int state "host-$nic_protected" up +vppctl set int state "host-$nic_unprotected" up + +# Start HoneyComb +#/opt/honeycomb/honeycomb &>/dev/null &disown +/opt/honeycomb/honeycomb + +# Start VES client +#/opt/VESreporting/vpp_measurement_reporter "$DCAE_COLLECTOR_IP" "$DCAE_COLLECTOR_PORT" eth1 -- cgit 1.2.3-korg