1 ##########################################################################
3 #==================LICENSE_START==========================================
5 # Copyright © Intel Corporation 2019
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
19 #==================LICENSE_END============================================
21 ##########################################################################
23 heat_template_version: 2013-05-23
25 description: Heat template that deploys vIPsec demo app for ONAP
36 label: Image name or ID
37 description: Image to be used for IPsec compute instance
41 description: Type of instance (flavor) to be used for IPsec VM
45 description: Type of instance (flavor) to be used for vSink VM
46 packetgen_flavor_name:
49 description: Type of instance (flavor) to be used for packet generator
52 label: Public network name or ID
53 description: Public network that enables remote connection to VNF
54 protected_clientA_private_net_id:
56 label: protected private network name or ID
57 description: Private network that connects vPacketGenerator with vIPsec gateway A
58 protected_clientB_private_net_id:
60 label: Protected private network name or ID
61 description: Private network that connects vIPsec gateway B with vSink
62 protected_clientA_provider_net_id:
64 label: Provider network name or ID for client A
65 description: Private network that connects vPacketGenerator with vIPsec gateway A
66 protected_clientB_provider_net_id:
68 label: Provider network name or ID for client B
69 description: Private network that connects vIPsec gateway B with vSink
70 ipsec_provider_net_id:
72 label: Provider network name or ID between IPsec gateways
73 description: Private network that connects vIPsec gateway B with vIPsec gateway A
76 label: ONAP management network name or ID
77 description: Private network that connects ONAP components and the VNF
78 onap_private_subnet_id:
80 label: ONAP management sub-network name or ID
81 description: Private sub-network that connects ONAP components and the VNF
84 label: IPsec private network name or ID
85 description: Private network that connects the two IPsec VNFs
86 protected_clientA_private_net_cidr:
88 label: Unprotected private network CIDR
89 description: The CIDR of the protected private network for clientA
90 protected_clientB_private_net_cidr:
92 label: Protected private network CIDR
93 description: The CIDR of the protected private network for clientB
94 onap_private_net_cidr:
96 label: ONAP private network CIDR
97 description: The CIDR of the protected private network
98 ipsec_private_net_cidr:
100 label: IPsec private network CIDR
101 description: The CIDR of the protected IPsec private network
102 vipsec_A_private_ip_0:
104 label: vIPsec private IP address towards the protected network A
105 description: Private IP address that is assigned to the vIPsec gateway A to communicate with the vPacketGenerator
106 vipsec_A_private_ip_1:
108 label: vIPsec private IP address towards the ONAP management network
109 description: Private IP address that is assigned to the vIPsec A to communicate with ONAP components
110 vipsec_A_private_ip_2:
112 label: vIPsec private IP address towards the IPsec external network
113 description: Private IP address that is assigned to the vIPsec A to communicate with vIPsec B
114 vipsec_B_private_ip_0:
116 label: vIPsec private IP address towards the protected network B
117 description: Private IP address that is assigned to the vIPsec gateway B to communicate with the vSink
118 vipsec_B_private_ip_1:
120 label: vIPsec private IP address towards the ONAP management network
121 description: Private IP address that is assigned to the vIPsec B to communicate with ONAP components
122 vipsec_B_private_ip_2:
124 label: vIPsec private IP address towards the IPsec external network
125 description: Private IP address that is assigned to the vIPsec B to communicate with vIPsec A
128 label: vPacketGenerator private IP address towards the protected network A
129 description: Private IP address that is assigned to the vPacketGenerator to communicate with the vIPsec gateway A
132 label: vPacketGenerator private IP address towards the ONAP management network
133 description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components
136 label: vSink private IP address towards the protected network
137 description: Private IP address that is assigned to the vSink to communicate with the vIPsec gateway B
140 label: vSink private IP address towards the ONAP management network
141 description: Private IP address that is assigned to the vSink to communicate with ONAP components
142 vipsec_A_private_0_port_vnic_type:
144 description: vipsec port 0 vnic type (normal, direct)
146 vipsec_private_1_port_vnic_type:
148 description: vipsec port 1 vnic type (normal, direct)
150 vipsec_B_private_0_port_vnic_type:
152 description: vipsec port 0 vnic type (normal, direct)
154 vipsec_private_2_port_vnic_type:
156 description: vipsec port 2 vnic type (normal, direct)
158 vsn_private_0_port_vnic_type:
160 description: vsn port 0 vnic type (normal, direct)
162 vsn_private_1_port_vnic_type:
164 description: vsn port 1 vnic type (normal, direct)
166 vpg_private_0_port_vnic_type:
168 description: vpg port 0 vnic type (normal, direct)
170 vpg_private_1_port_vnic_type:
172 description: vpg port 1 vnic type (normal, direct)
177 description: Name of the vIPsec gateway A
181 description: Name of the vIPsec gateway B
184 label: vPacketGenerator name
185 description: Name of the vPacketGenerator
189 description: Name of the vSink
193 description: The VNF ID is provided by ONAP
196 label: vIPsec module ID
197 description: The vIPsec Module ID is provided by ONAP
200 label: DCAE collector IP address
201 description: IP address of the DCAE collector
204 label: DCAE collector port
205 description: Port of the DCAE collector
209 description: Public/Private key pair name
213 description: Public key to be installed on the compute instance
214 install_script_version:
216 label: Installation script version number
217 description: Version number of the scripts that install the vIPsec demo app
218 demo_artifacts_version:
220 label: Artifacts version used in demo vnfs
221 description: Artifacts (jar, tar.gz) version used in demo vnfs
224 description: Root URL for the Nexus repository for Maven artifacts.
225 default: "https://nexus.onap.org"
228 label: Cloud environment
229 description: Cloud environment (e.g., openstack, rackspace)
230 input_device_interface_A:
232 description: Device BDF name for the interface
233 input_device_interface_B:
235 description: Device BDF name for the interface
236 output_device_interface_A:
238 description: Device BDF name for the interface
239 output_device_interface_B:
241 description: Device BDF name for the interface
244 description: Device BDF num for the interface
247 description: Device BDF num for the interface
250 description: Device BDF num for the interface
253 description: Device BDF num for the interface
256 description: Name of the vpp config
259 description: Name of the ipsec config
262 description: MAC address of ipsec gateway A
265 description: MAC address of ipsec gateway B
275 type: OS::Heat::RandomString
280 type: OS::Nova::KeyPair
286 base: { get_param: key_name }
287 rand: { get_resource: random-str }
288 public_key: { get_param: pub_key }
289 save_private_key: false
291 security_group_ipsec:
292 type: OS::Neutron::SecurityGroup
296 - {direction: ingress, remote_ip_prefix: 0.0.0.0/0, protocol: icmp }
297 - {direction: ingress, remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 22, port_range_max: 22}
300 type: OS::Neutron::Net
302 name: { get_param: onap_private_net_id }
305 type: OS::Neutron::Subnet
307 name: { get_param: onap_private_subnet_id }
308 network_id: { get_resource: onap_private_net }
309 cidr: { get_param: onap_private_net_cidr }
310 dns_nameservers: [ "8.8.8.8" ]
313 type: OS::Neutron::Router
316 list_join: ['-', [{ get_param: 'OS::stack_name' }, 'router']]
317 external_gateway_info:
318 network: { get_param: public_net_id }
320 oam_router_interface:
321 type: OS::Neutron::RouterInterface
323 router_id: { get_resource: router }
324 subnet_id: { get_resource: onap_private_subnet }
327 type: OS::Neutron::FloatingIP
329 floating_network_id: { get_param: public_net_id }
330 port_id: { get_resource: vipsec_A_private_1_port }
333 type: OS::Neutron::FloatingIP
335 floating_network_id: { get_param: public_net_id }
336 port_id: { get_resource: vipsec_B_private_1_port }
338 protected_clientA_private_network:
339 type: OS::Neutron::ProviderNet
341 name: { get_param: protected_clientA_private_net_id }
342 physical_network: { get_param: protected_clientA_provider_net_id }
345 protected_clientB_private_network:
346 type: OS::Neutron::ProviderNet
348 name: { get_param: protected_clientB_private_net_id }
349 physical_network: { get_param: protected_clientB_provider_net_id }
352 protected_ipsec_network:
353 type: OS::Neutron::ProviderNet
355 name: { get_param: ipsec_private_net_id }
356 physical_network: { get_param: ipsec_provider_net_id }
359 protected_clientA_private_subnet:
360 type: OS::Neutron::Subnet
362 network_id: { get_resource: protected_clientA_private_network }
363 cidr: { get_param: protected_clientA_private_net_cidr }
365 protected_clientB_private_subnet:
366 type: OS::Neutron::Subnet
368 network_id: { get_resource: protected_clientB_private_network }
369 cidr: { get_param: protected_clientB_private_net_cidr }
371 ipsec_private_subnet:
372 type: OS::Neutron::Subnet
374 network_id: { get_resource: protected_ipsec_network }
375 cidr: { get_param: ipsec_private_net_cidr }
377 # Virtual IPsec instantiation
378 vipsec_A_private_0_port:
379 type: OS::Neutron::Port
381 network: { get_resource: protected_clientA_private_network }
382 binding:vnic_type: { get_param: vipsec_A_private_0_port_vnic_type}
383 fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet}, "ip_address": { get_param: vipsec_A_private_ip_0 }}]
385 - { get_resource: security_group_ipsec }
387 vipsec_A_private_1_port:
388 type: OS::Neutron::Port
390 network: { get_resource: onap_private_net }
391 binding:vnic_type: { get_param: vipsec_private_1_port_vnic_type}
392 fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vipsec_A_private_ip_1 }}]
394 - { get_resource: security_group_ipsec }
396 vipsec_A_private_2_port:
397 type: OS::Neutron::Port
399 allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
400 network: { get_resource: protected_ipsec_network }
401 binding:vnic_type: { get_param: vipsec_private_2_port_vnic_type}
402 fixed_ips: [{"subnet": { get_resource: ipsec_private_subnet }, "ip_address": { get_param: vipsec_A_private_ip_2 }}]
404 - { get_resource: security_group_ipsec }
406 vipsec_B_private_0_port:
407 type: OS::Neutron::Port
409 network: { get_resource: protected_clientB_private_network }
410 binding:vnic_type: { get_param: vipsec_B_private_0_port_vnic_type}
411 fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet}, "ip_address": { get_param: vipsec_B_private_ip_0 }}]
413 - { get_resource: security_group_ipsec }
415 vipsec_B_private_1_port:
416 type: OS::Neutron::Port
418 network: { get_resource: onap_private_net }
419 binding:vnic_type: { get_param: vipsec_private_1_port_vnic_type}
420 fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vipsec_B_private_ip_1 }}]
422 - { get_resource: security_group_ipsec }
424 vipsec_B_private_2_port:
425 type: OS::Neutron::Port
427 network: { get_resource: protected_ipsec_network }
428 binding:vnic_type: { get_param: vipsec_private_2_port_vnic_type}
429 fixed_ips: [{"subnet": { get_resource: ipsec_private_subnet }, "ip_address": { get_param: vipsec_B_private_ip_2 }}]
431 - { get_resource: security_group_ipsec }
434 type: OS::Nova::Server
436 image: { get_param: basic_image_name }
437 flavor: { get_param: ipsec_flavor_name }
438 name: { get_param: vipsec_name_0 }
439 key_name: { get_resource: my_keypair }
441 - port: { get_resource: vipsec_A_private_0_port }
442 - port: { get_resource: vipsec_A_private_1_port }
443 - port: { get_resource: vipsec_A_private_2_port }
444 metadata: { vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
445 user_data_format: RAW
449 __dcae_collector_ip__: { get_param: dcae_collector_ip }
450 __dcae_collector_port__: { get_param: dcae_collector_port }
451 __demo_artifacts_version__: { get_param: demo_artifacts_version }
452 __install_script_version__: { get_param: install_script_version }
453 __vipsec_A_private_ip_0__: { get_param: vipsec_A_private_ip_0 }
454 __vipsec_A_private_ip_1__: { get_param: vipsec_A_private_ip_1 }
455 __protected_clientA_private_net_cidr__: { get_param: protected_clientA_private_net_cidr }
456 __onap_private_net_cidr__: { get_param: onap_private_net_cidr }
457 __cloud_env__: { get_param: cloud_env }
458 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
459 __vpp_config__: { get_param: vpp_config }
460 __ipsec_config__: { get_param: ipsec_config }
461 __input_interface_num__: { get_param: input_interface_A }
462 __output_interface_num__: { get_param: output_interface_A }
463 __input_interface__: { get_param: input_device_interface_A }
464 __output_interface__: { get_param: output_device_interface_A }
465 __ipsec_B_MAC_address__: { get_param: ipsec_B_MAC_address }
469 # Create configuration files
471 echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt
472 echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt
473 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
474 echo "__install_script_version__" > /opt/config/install_script_version.txt
475 echo "__vipsec_A_private_ip_0__" > /opt/config/vipsec_A_private_ip_0.txt
476 echo "__vipsec_A_private_ip_1__" > /opt/config/vipsec_A_private_ip_1.txt
477 echo "__protected_clientA_private_net_cidr__" > /opt/config/protected_clientA_private_net_cidr.txt
478 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
479 echo "__cloud_env__" > /opt/config/cloud_env.txt
480 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
481 echo "__input_interface_num__" > /opt/config/input_interface_A_BDF_num.txt
482 echo "__output_interface_num__" > /opt/config/output_interface_A_BDF_num.txt
483 echo "__input_interface__" > /opt/config/input_interface_A.txt
484 echo "__output_interface__" > /opt/config/output_interface_A.txt
485 echo "__ipsec_B_MAC_address__" > /opt/config/ipsec_B_mac_address.txt
486 echo "__vpp_config__" > /opt/config/vpp_config.txt
487 echo "__ipsec_config__" > /opt/config/ipsec_config.txt
489 # Download and run install script
491 wget https://packagecloud.io/install/repositories/fdio/release/script.deb.sh
494 apt install -y vpp-plugin-dpdk
495 apt install -y make gcc libnuma-dev python
497 git clone http://dpdk.org/git/dpdk
499 export RTE_TARGET=x86_64-native-linuxapp-gcc/
500 export DESTDIR=/opt/dpdk
501 export RTE_SDK=/opt/dpdk
502 make install T=x86_64-native-linux-gcc
504 insmod x86_64-native-linux-gcc/kmod/igb_uio.ko
505 python ./usertools/dpdk-devbind.py -b igb_uio 00:06.0
506 python ./usertools/dpdk-devbind.py -b igb_uio 00:05.0
508 cat > __vpp_config__<< NEWFILE
511 exec __ipsec_config__
513 cli-listen /run/vpp/cli.sock
525 no-tx-checksum-offload
530 dev __input_interface_num__
534 dev __output_interface_num__
538 vdev crypto_aesni_gcm0
545 cat > __ipsec_config__<< NEWFILE
547 set interface state __input_interface__ up
548 set interface state __output_interface__ up
550 set interface ip address __input_interface__ 1.0.0.1/8
551 set interface ip address __output_interface__ 255.0.0.128/8
553 set int promiscuous on __input_interface__
554 set int promiscuous on __output_interface__
556 set ip arp __output_interface__ 255.0.0.129 __ipsec_B_MAC_address
557 set ip arp __input_interface__ 1.0.0.2 11:11:11:11:00:11
559 ip route add count 1 104.0.0.0/32 via 255.0.0.129 __output_interface__
560 ip route add count 1 004.0.0.0/32 via 1.0.0.2 __input_interface__
563 set interface ipsec spd __output_interface__ 1
564 ipsec sa add 1 spi 25500128 esp tunnel-src 255.0.0.128 tunnel-dst 255.0.0.129 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
565 ipsec sa add 2 spi 25500129 esp tunnel-src 255.0.0.129 tunnel-dst 255.0.0.128 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
566 ipsec policy add spd 1 outbound priority 100 action protect sa 1 remote-ip-range 104.0.0.0-104.0.0.0
567 ipsec policy add spd 1 inbound priority 100 action protect sa 2 remote-ip-range 004.0.0.0-004.0.0.0
568 ipsec policy add spd 1 inbound priority 90 protocol 50 action bypass
569 ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass
573 vpp -c __vpp_config__
576 type: OS::Nova::Server
578 image: { get_param: basic_image_name }
579 flavor: { get_param: ipsec_flavor_name }
580 name: { get_param: vipsec_name_1 }
581 key_name: { get_resource: my_keypair }
583 - port: { get_resource: vipsec_B_private_0_port }
584 - port: { get_resource: vipsec_B_private_1_port }
585 - port: { get_resource: vipsec_B_private_2_port }
586 metadata: { vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
587 user_data_format: RAW
591 __dcae_collector_ip__: { get_param: dcae_collector_ip }
592 __dcae_collector_port__: { get_param: dcae_collector_port }
593 __demo_artifacts_version__: { get_param: demo_artifacts_version }
594 __install_script_version__: { get_param: install_script_version }
595 __vipsec_A_private_ip_0__: { get_param: vipsec_B_private_ip_0 }
596 __vipsec_A_private_ip_1__: { get_param: vipsec_B_private_ip_1 }
597 __protected_clientA_private_net_cidr__: { get_param: protected_clientB_private_net_cidr }
598 __onap_private_net_cidr__: { get_param: onap_private_net_cidr }
599 __cloud_env__: { get_param: cloud_env }
600 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
601 __vpp_config__: { get_param: vpp_config }
602 __ipsec_config__: { get_param: ipsec_config }
603 __input_interface_num__: { get_param: input_interface_B }
604 __output_interface_num__: { get_param: output_interface_B }
605 __input_interface__: { get_param: input_device_interface_B }
606 __output_interface__: { get_param: output_device_interface_B }
607 __ipsec_A_MAC_address__: { get_param: ipsec_A_MAC_address }
611 # Create configuration files
613 echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt
614 echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt
615 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
616 echo "__install_script_version__" > /opt/config/install_script_version.txt
617 echo "__vipsec_B_private_ip_0__" > /opt/config/vipsec_B_private_ip_0.txt
618 echo "__vipsec_B_private_ip_1__" > /opt/config/vipsec_B_private_ip_1.txt
619 echo "__protected_clientA_private_net_cidr__" > /opt/config/protected_clientB_private_net_cidr.txt
620 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
621 echo "__cloud_env__" > /opt/config/cloud_env.txt
622 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
623 echo "__input_interface_num__" > /opt/config/input_interface_B_BDF_num.txt
624 echo "__output_interface_num__" > /opt/config/output_interface_B_BDF_num.txt
625 echo "__input_interface__" > /opt/config/input_interface_B.txt
626 echo "__output_interface__" > /opt/config/output_interface_B.txt
627 echo "__ipsec_A_MAC_address__" > /opt/config/ipsec_A_mac_address.txt
628 echo "__vpp_config__" > /opt/config/vpp_config.txt
629 echo "__ipsec_config__" > /opt/config/ipsec_config.txt
631 # Download and run install script
633 wget https://packagecloud.io/install/repositories/fdio/release/script.deb.sh
636 apt install -y vpp-plugin-dpdk
637 apt install -y make gcc libnuma-dev python
639 git clone http://dpdk.org/git/dpdk
641 export RTE_TARGET=x86_64-native-linuxapp-gcc/
642 export DESTDIR=/opt/dpdk
643 export RTE_SDK=/opt/dpdk
644 make install T=x86_64-native-linux-gcc
646 insmod x86_64-native-linux-gcc/kmod/igb_uio.ko
647 python ./usertools/dpdk-devbind.py -b igb_uio 00:05.0
648 python ./usertools/dpdk-devbind.py -b igb_uio 00:06.0
650 cat > __vpp_config__<< NEWFILE
653 exec __ipsec_config__
655 cli-listen /run/vpp/cli.sock
667 no-tx-checksum-offload
672 dev __input_interface_num__
676 dev __output_interface_num__
680 vdev crypto_aesni_gcm0
687 cat > __ipsec_config__<< NEWFILE
689 set interface state __input_interface__ up
690 set interface state __output_interface__ up
692 set interface ip address __input_interface__ 1.0.0.1/8
693 set interface ip address __output_interface__ 255.0.0.128/8
695 set int promiscuous on __input_interface__
696 set int promiscuous on __output_interface__
698 set ip arp __output_interface__ 255.0.0.129 __ipsec_A_MAC_address
699 set ip arp __input_interface__ 1.0.0.2 11:11:11:11:00:11
701 ip route add count 1 104.0.0.0/32 via 255.0.0.129 __output_interface__
702 ip route add count 1 004.0.0.0/32 via 1.0.0.2 __input_interface__
705 set interface ipsec spd __output_interface__ 1
706 ipsec sa add 1 spi 25500128 esp tunnel-src 255.0.0.128 tunnel-dst 255.0.0.129 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
707 ipsec sa add 2 spi 25500129 esp tunnel-src 255.0.0.129 tunnel-dst 255.0.0.128 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
708 ipsec policy add spd 1 outbound priority 100 action protect sa 1 remote-ip-range 104.0.0.0-104.0.0.0
709 ipsec policy add spd 1 inbound priority 100 action protect sa 2 remote-ip-range 004.0.0.0-004.0.0.0
710 ipsec policy add spd 1 inbound priority 90 protocol 50 action bypass
711 ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass
715 vpp -c __vpp_config__
718 # Virtual Packet Generator instantiation
720 type: OS::Neutron::Port
722 network: { get_resource: protected_clientA_private_network}
723 binding:vnic_type: { get_param: vpg_private_0_port_vnic_type}
724 fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}]
726 - { get_resource: security_group_ipsec }
729 type: OS::Neutron::Port
731 network: { get_resource: onap_private_net }
732 binding:vnic_type: { get_param: vpg_private_1_port_vnic_type}
733 fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vpg_private_ip_1 }}]
735 - { get_resource: security_group_ipsec }
739 type: OS::Neutron::FloatingIP
741 floating_network_id: { get_param: public_net_id }
742 port_id: { get_resource: vpg_private_1_port }
745 type: OS::Nova::Server
747 image: { get_param: basic_image_name }
748 flavor: { get_param: packetgen_flavor_name }
749 name: { get_param: vpg_name_0 }
750 key_name: { get_resource: my_keypair }
752 - port: { get_resource: vpg_private_0_port }
753 - port: { get_resource: vpg_private_1_port }
754 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
755 user_data_format: RAW
759 __ipsec_ipaddr__: { get_param: vipsec_A_private_ip_0 }
760 __protected_clientB_net_cidr__: { get_param: protected_clientB_private_net_cidr }
761 __sink_ipaddr__: { get_param: vsn_private_ip_0 }
762 __demo_artifacts_version__: { get_param: demo_artifacts_version }
763 __install_script_version__: { get_param: install_script_version }
764 __vpg_private_ip_0__: { get_param: vpg_private_ip_0 }
765 __vpg_private_ip_1__: { get_param: vpg_private_ip_1 }
766 __protected_clientA_net_cidr__: { get_param: protected_clientA_private_net_cidr }
767 __onap_private_net_cidr__: { get_param: onap_private_net_cidr }
768 __cloud_env__: { get_param: cloud_env }
769 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
773 # Create configuration files
775 echo "__ipsec_ipaddr__" > /opt/config/vipsec_ipaddr.txt
776 echo "__protected_clientB_net_cidr__" > /opt/config/protected_clientB_net_cidr.txt
777 echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt
778 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
779 echo "__install_script_version__" > /opt/config/install_script_version.txt
780 echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt
781 echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt
782 echo "__protected_clientA__net_cidr__" > /opt/config/protected_clientA_net_cidr.txt
783 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
784 echo "__cloud_env__" > /opt/config/cloud_env.txt
785 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
787 # Download and run install script
789 apt-get -y install unzip
790 if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
791 curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip
792 unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh
794 chmod +x v_packetgen_install.sh
795 ./v_packetgen_install.sh
798 # Virtual Sink instantiation
800 type: OS::Neutron::Port
802 network: { get_resource: protected_clientB_private_network }
803 binding:vnic_type: { get_param: vsn_private_0_port_vnic_type}
804 fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}]
806 - { get_resource: security_group_ipsec }
809 type: OS::Neutron::Port
811 network: { get_resource: onap_private_net }
812 binding:vnic_type: { get_param: vsn_private_1_port_vnic_type}
813 fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vsn_private_ip_1 }}]
815 - { get_resource: security_group_ipsec }
818 type: OS::Neutron::FloatingIP
820 floating_network_id: { get_param: public_net_id }
821 port_id: { get_resource: vsn_private_1_port }
824 type: OS::Nova::Server
826 image: { get_param: basic_image_name }
827 flavor: { get_param: sink_flavor_name }
828 name: { get_param: vsn_name_0 }
829 key_name: { get_resource: my_keypair }
831 - port: { get_resource: vsn_private_0_port }
832 - port: { get_resource: vsn_private_1_port }
833 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
834 user_data_format: RAW
838 __protected_net_gw__: { get_param: vipsec_B_private_ip_0 }
839 __protected_net_A__: { get_param: protected_clientA_private_net_cidr }
840 __install_script_version__: { get_param: install_script_version }
841 __vsn_private_ip_0__: { get_param: vsn_private_ip_0 }
842 __vsn_private_ip_1__: { get_param: vsn_private_ip_1 }
843 __protected_clientB_private_net_cidr__: { get_param: protected_clientB_private_net_cidr }
844 __onap_private_net_cidr__: { get_param: onap_private_net_cidr }
845 __cloud_env__: { get_param: cloud_env }
846 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
850 # Create configuration files
852 echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt
853 echo "__protected_net_A__" > /opt/config/protected_net_A.txt
854 echo "__install_script_version__" > /opt/config/install_script_version.txt
855 echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt
856 echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt
857 echo "__protected_clientB_private_net_cidr__" > /opt/config/protected_clientB_private_net_cidr.txt
858 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
859 echo "__cloud_env__" > /opt/config/cloud_env.txt
860 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
862 # Download and run install script
864 apt-get -y install unzip
865 if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
866 curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip
867 unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_sink_install.sh
869 chmod +x v_sink_install.sh