From 6942719b390a62695d6dd3efa09eadf6ec48aa7a Mon Sep 17 00:00:00 2001 From: Victor Morales Date: Mon, 15 Oct 2018 10:25:02 -0700 Subject: Hybrid Functional test for vFirewall This change provides the bash instructions for running an hybrid scenario (Virtual Machine and Containers) of the ONAP vFirewall use case. Change-Id: I2bb7843118c31895d0b5fe1987cced2be29672cb Signed-off-by: Victor Morales Issue-ID: MULTICLOUD-301 --- vagrant/tests/_common.sh | 301 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 286 insertions(+), 15 deletions(-) (limited to 'vagrant/tests/_common.sh') diff --git a/vagrant/tests/_common.sh b/vagrant/tests/_common.sh index 5635907c..21aad4d2 100755 --- a/vagrant/tests/_common.sh +++ b/vagrant/tests/_common.sh @@ -152,9 +152,6 @@ spec: imagePullPolicy: IfNotPresent tty: true stdin: true - resources: - limits: - memory: 160Mi DEPLOYMENT cat << DEPLOYMENT > $sink_deployment_name.yaml @@ -185,17 +182,14 @@ spec: imagePullPolicy: IfNotPresent tty: true stdin: true - resources: - limits: - memory: 160Mi DEPLOYMENT - popd } -# popule_CSAR_vms_vFW() - This function creates the content of CSAR file -# required for vFirewal using only virtual machines -function popule_CSAR_vms_vFW { +# popule_CSAR_vms_containers_vFW() - This function creates the content of CSAR file +# required for vFirewal using an hybrid combination between virtual machines and +# cotainers +function popule_CSAR_vms_containers_vFW { local csar_id=$1 ssh_key=$(cat $HOME/.ssh/id_rsa.pub) @@ -226,8 +220,10 @@ metadata: labels: app: vFirewall spec: + type: NodePort ports: - port: 667 + nodePort: 30667 selector: app: vFirewall SERVICE @@ -331,6 +327,8 @@ spec: labels: app: vFirewall annotations: + VirtletLibvirtCPUSetting: | + mode: host-model VirtletCloudInitUserData: | ssh_pwauth: True users: @@ -350,6 +348,7 @@ spec: - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$packetgen_deployment_name | sudo -E bash VirtletSSHKeys: | $ssh_key + VirtletRootVolumeSize: 5Gi kubernetes.v1.cni.cncf.io/networks: '[ { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } @@ -371,11 +370,273 @@ spec: imagePullPolicy: IfNotPresent tty: true stdin: true + ports: + - containerPort: 8183 resources: limits: - memory: 256Mi + memory: 4Gi +DEPLOYMENT + + cat << DEPLOYMENT > $firewall_deployment_name.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: $firewall_deployment_name + labels: + app: vFirewall +spec: + replicas: 1 + selector: + matchLabels: + app: vFirewall + template: + metadata: + labels: + app: vFirewall + annotations: + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletCloudInitUserData: | + ssh_pwauth: True + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + # the password is "admin" + passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" + ssh_authorized_keys: + $ssh_key + $proxy + runcmd: + $cloud_init_proxy + - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$firewall_deployment_name | sudo -E bash + VirtletSSHKeys: | + $ssh_key + VirtletRootVolumeSize: 5Gi + kubernetes.v1.cni.cncf.io/networks: '[ + { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, + { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, + { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" } + ]' + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: $firewall_deployment_name + image: $image_name + imagePullPolicy: IfNotPresent + tty: true + stdin: true + resources: + limits: + memory: 4Gi +DEPLOYMENT + + cat << DEPLOYMENT > $sink_deployment_name.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: $sink_deployment_name + labels: + app: vFirewall +spec: + replicas: 1 + selector: + matchLabels: + app: vFirewall + template: + metadata: + labels: + app: vFirewall + annotations: + kubernetes.v1.cni.cncf.io/networks: '[ + { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, + { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + ]' + spec: + containers: + - name: $sink_deployment_name + image: electrocucaracha/sink + imagePullPolicy: IfNotPresent + tty: true + stdin: true + securityContext: + privileged: true + - name: darkstat + image: electrocucaracha/darkstat + imagePullPolicy: IfNotPresent + tty: true + stdin: true + ports: + - containerPort: 667 +DEPLOYMENT + popd +} + +# popule_CSAR_vms_vFW() - This function creates the content of CSAR file +# required for vFirewal using only virtual machines +function popule_CSAR_vms_vFW { + local csar_id=$1 + ssh_key=$(cat $HOME/.ssh/id_rsa.pub) + + _checks_args $csar_id + pushd ${CSAR_DIR}/${csar_id} + + cat << META > metadata.yaml +resources: + network: + - unprotected-private-net-cidr-network.yaml + - protected-private-net-cidr-network.yaml + - onap-private-net-cidr-network.yaml + deployment: + - $packetgen_deployment_name.yaml + - $firewall_deployment_name.yaml + - $sink_deployment_name.yaml +META + + cat << NET > unprotected-private-net-cidr-network.yaml +apiVersion: "kubernetes.cni.cncf.io/v1" +kind: Network +metadata: + name: unprotected-private-net-cidr +spec: + config: '{ + "name": "unprotected", + "type": "bridge", + "ipam": { + "type": "host-local", + "subnet": "192.168.10.0/24" + } +}' +NET + + cat << NET > protected-private-net-cidr-network.yaml +apiVersion: "kubernetes.cni.cncf.io/v1" +kind: Network +metadata: + name: protected-private-net-cidr +spec: + config: '{ + "name": "protected", + "type": "bridge", + "ipam": { + "type": "host-local", + "subnet": "192.168.20.0/24" + } +}' +NET + + cat << NET > onap-private-net-cidr-network.yaml +apiVersion: "kubernetes.cni.cncf.io/v1" +kind: Network +metadata: + name: onap-private-net-cidr +spec: + config: '{ + "name": "onap", + "type": "bridge", + "ipam": { + "type": "host-local", + "subnet": "10.10.0.0/16" + } +}' +NET + + proxy="apt:" + cloud_init_proxy="" + if [[ -n "${http_proxy+x}" ]]; then + proxy+=" + http_proxy: $http_proxy" + cloud_init_proxy+=" + - export http_proxy=$http_proxy" + fi + if [[ -n "${https_proxy+x}" ]]; then + proxy+=" + https_proxy: $https_proxy" + cloud_init_proxy+=" + - export https_proxy=$https_proxy" + fi + if [[ -n "${no_proxy+x}" ]]; then + cloud_init_proxy+=" + - export no_proxy=$no_proxy" + fi + + cat << DEPLOYMENT > $packetgen_deployment_name.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: $packetgen_deployment_name + labels: + app: vFirewall +spec: + replicas: 1 + selector: + matchLabels: + app: vFirewall + template: + metadata: + labels: + app: vFirewall + annotations: + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletCloudInitUserData: | + ssh_pwauth: True + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + # the password is "admin" + passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" + ssh_authorized_keys: + $ssh_key + $proxy + runcmd: + $cloud_init_proxy + - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$packetgen_deployment_name | sudo -E bash + VirtletSSHKeys: | + $ssh_key + VirtletRootVolumeSize: 5Gi + kubernetes.v1.cni.cncf.io/networks: '[ + { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, + { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + ]' + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: $packetgen_deployment_name + image: $image_name + imagePullPolicy: IfNotPresent + tty: true + stdin: true ports: - containerPort: 8183 + resources: + limits: + memory: 4Gi DEPLOYMENT cat << DEPLOYMENT > $firewall_deployment_name.yaml @@ -395,6 +656,8 @@ spec: labels: app: vFirewall annotations: + VirtletLibvirtCPUSetting: | + mode: host-model VirtletCloudInitUserData: | ssh_pwauth: True users: @@ -412,6 +675,9 @@ spec: runcmd: $cloud_init_proxy - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$firewall_deployment_name | sudo -E bash + VirtletSSHKeys: | + $ssh_key + VirtletRootVolumeSize: 5Gi kubernetes.v1.cni.cncf.io/networks: '[ { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, @@ -436,7 +702,7 @@ spec: stdin: true resources: limits: - memory: 160Mi + memory: 4Gi DEPLOYMENT cat << DEPLOYMENT > $sink_deployment_name.yaml @@ -456,6 +722,8 @@ spec: labels: app: vFirewall annotations: + VirtletLibvirtCPUSetting: | + mode: host-model VirtletCloudInitUserData: | ssh_pwauth: True users: @@ -475,6 +743,7 @@ spec: - wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$sink_deployment_name | sudo -E bash VirtletSSHKeys: | $ssh_key + VirtletRootVolumeSize: 5Gi kubernetes.v1.cni.cncf.io/networks: '[ { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } @@ -496,11 +765,11 @@ spec: imagePullPolicy: IfNotPresent tty: true stdin: true - resources: - limits: - memory: 160Mi ports: - containerPort: 667 + resources: + limits: + memory: 4Gi DEPLOYMENT popd } @@ -600,6 +869,8 @@ spec: labels: app: virtlet annotations: + VirtletLibvirtCPUSetting: | + mode: host-passthrough # This tells CRI Proxy that this pod belongs to Virtlet runtime kubernetes.io/target-runtime: virtlet.cloud VirtletCloudInitUserData: | -- cgit 1.2.3-korg