1 ##########################################################################
3 #==================LICENSE_START==========================================
5 # Copyright © Intel Corporation 2019
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
19 #==================LICENSE_END============================================
21 ##########################################################################
23 heat_template_version: 2013-05-23
25 description: Heat template that deploys vIPsec demo app for ONAP
36 label: Image name or ID
37 description: Image to be used for compute instance
41 description: Type of instance (flavor) to be used for IPsec VM
45 description: Type of instance (flavor) to be used for vSink VM
46 packetgen_flavor_name:
49 description: Type of instance (flavor) to be used for packet generator
52 label: Public network name or ID
53 description: Public network that enables remote connection to VNF
56 label: External network name or ID
57 description: External network that connects the two IPsec gateways
58 protected_clientA_private_net_id:
60 label: Unprotected private network name or ID
61 description: Private network that connects vPacketGenerator with vIPsec gateway A
62 protected_clientB_private_net_id:
64 label: Protected private network name or ID
65 description: Private network that connects vIPsec gateway B with vSink
68 label: ONAP management network name or ID
69 description: Private network that connects ONAP components and the VNF
70 onap_private_subnet_id:
72 label: ONAP management sub-network name or ID
73 description: Private sub-network that connects ONAP components and the VNF
76 label: IPsec private network name or ID
77 description: Private network that connects the two IPsec VNFs
78 ipsec_private_subnet_id:
80 label: IPsec sub-network name or ID
81 description: Private sub-network that connects the two IPsec VNFs
82 protected_clientA_private_net_cidr:
84 label: Unprotected private network CIDR
85 description: The CIDR of the protected private network for clientA
86 protected_clientB_private_net_cidr:
88 label: Protected private network CIDR
89 description: The CIDR of the protected private network for clientB
90 onap_private_net_cidr:
92 label: ONAP private network CIDR
93 description: The CIDR of the protected private network
94 ipsec_private_net_cidr:
96 label: IPsec private network CIDR
97 description: The CIDR of the protected IPsec private network
98 vipsec_A_private_ip_0:
100 label: vIPsec private IP address towards the protected network A
101 description: Private IP address that is assigned to the vIPsec gateway A to communicate with the vPacketGenerator
102 vipsec_A_private_ip_1:
104 label: vIPsec private IP address towards the ONAP management network
105 description: Private IP address that is assigned to the vIPsec A to communicate with ONAP components
106 vipsec_A_private_ip_2:
108 label: vIPsec private IP address towards the IPsec external network
109 description: Private IP address that is assigned to the vIPsec A to communicate with vIPsec B
110 vipsec_B_private_ip_0:
112 label: vIPsec private IP address towards the protected network B
113 description: Private IP address that is assigned to the vIPsec gateway B to communicate with the vSink
114 vipsec_B_private_ip_1:
116 label: vIPsec private IP address towards the ONAP management network
117 description: Private IP address that is assigned to the vIPsec B to communicate with ONAP components
118 vipsec_B_private_ip_2:
120 label: vIPsec private IP address towards the IPsec external network
121 description: Private IP address that is assigned to the vIPsec B to communicate with vIPsec A
124 label: vPacketGenerator private IP address towards the protected network A
125 description: Private IP address that is assigned to the vPacketGenerator to communicate with the vIPsec gateway A
128 label: vPacketGenerator private IP address towards the ONAP management network
129 description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components
132 label: vSink private IP address towards the protected network
133 description: Private IP address that is assigned to the vSink to communicate with the vIPsec gateway B
136 label: vSink private IP address towards the ONAP management network
137 description: Private IP address that is assigned to the vSink to communicate with ONAP components
138 vipsec_A_private_0_port_vnic_type:
140 description: vipsec port 0 vnic type (normal, direct)
142 vipsec_private_1_port_vnic_type:
144 description: vipsec port 1 vnic type (normal, direct)
146 vipsec_B_private_0_port_vnic_type:
148 description: vipsec port 0 vnic type (normal, direct)
150 vipsec_private_2_port_vnic_type:
152 description: vipsec port 2 vnic type (normal, direct)
154 vsn_private_0_port_vnic_type:
156 description: vsn port 0 vnic type (normal, direct)
158 vsn_private_1_port_vnic_type:
160 description: vsn port 1 vnic type (normal, direct)
162 vpg_private_0_port_vnic_type:
164 description: vpg port 0 vnic type (normal, direct)
166 vpg_private_1_port_vnic_type:
168 description: vpg port 1 vnic type (normal, direct)
173 description: Name of the vIPsec gateway A
177 description: Name of the vIPsec gateway B
180 label: vPacketGenerator name
181 description: Name of the vPacketGenerator
185 description: Name of the vSink
189 description: The VNF ID is provided by ONAP
192 label: vIPsec module ID
193 description: The vIPsec Module ID is provided by ONAP
196 label: DCAE collector IP address
197 description: IP address of the DCAE collector
200 label: DCAE collector port
201 description: Port of the DCAE collector
205 description: Public/Private key pair name
209 description: Public key to be installed on the compute instance
210 install_script_version:
212 label: Installation script version number
213 description: Version number of the scripts that install the vIPsec demo app
214 demo_artifacts_version:
216 label: Artifacts version used in demo vnfs
217 description: Artifacts (jar, tar.gz) version used in demo vnfs
220 description: Root URL for the Nexus repository for Maven artifacts.
221 default: "https://nexus.onap.org"
224 label: Cloud environment
225 description: Cloud environment (e.g., openstack, rackspace)
228 description: ONAP Security Group
231 description: SDNC Model Name metatada
234 description: SDNC Model Version metatada
237 description: SDNC Artifact Name metatada
238 input_device_interface_A:
240 description: Device BDF name for the interface
241 input_device_interface_B:
243 description: Device BDF name for the interface
244 output_device_interface_A:
246 description: Device BDF name for the interface
247 output_device_interface_B:
249 description: Device BDF name for the interface
252 description: Device BDF num for the interface
255 description: Device BDF num for the interface
258 description: Device BDF num for the interface
261 description: Device BDF num for the interface
264 description: Name of the vpp config
267 description: Name of the ipsec config
270 description: MAC address of ipsec gateway A
273 description: MAC address of ipsec gateway B
283 type: OS::Heat::RandomString
288 type: OS::Nova::KeyPair
294 base: { get_param: key_name }
295 rand: { get_resource: random-str }
296 public_key: { get_param: pub_key }
297 save_private_key: false
299 protected_clientA_private_network:
300 type: OS::Neutron::Net
302 name: { get_param: protected_clientA_private_net_id }
304 protected_clientB_private_network:
305 type: OS::Neutron::Net
307 name: { get_param: protected_clientB_private_net_id }
309 protected_clientA_private_subnet:
310 type: OS::Neutron::Subnet
312 network_id: { get_resource: protected_clientA_private_network }
313 cidr: { get_param: protected_clientA_private_net_cidr }
315 protected_clientB_private_subnet:
316 type: OS::Neutron::Subnet
318 network_id: { get_resource: protected_clientB_private_network }
319 cidr: { get_param: protected_clientB_private_net_cidr }
321 # Virtual IPsec instantiation
322 vipsec_A_private_0_port:
323 type: OS::Neutron::Port
325 network: { get_resource: protected_clientA_private_network }
326 binding:vnic_type: { get_param: vipsec_A_private_0_port_vnic_type}
327 fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet}, "ipaddress": { get_param: vipsec_A_private_ip_0 }}]
329 - { get_param: sec_group }
331 vipsec_A_private_1_port:
332 type: OS::Neutron::Port
334 #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
335 network: { get_param: onap_private_net_id }
336 binding:vnic_type: { get_param: vipsec_private_1_port_vnic_type}
337 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vipsec_A_private_ip_1 }}]
339 - { get_param: sec_group }
341 vipsec_A_private_2_port:
342 type: OS::Neutron::Port
344 #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
345 network: { get_param: ipsec_private_net_id }
346 binding:vnic_type: { get_param: vipsec_private_2_port_vnic_type}
347 fixed_ips: [{"subnet": { get_param: ipsec_private_subnet_id }, "ip_address": { get_param: vipsec_A_private_ip_2 }}]
349 - { get_param: sec_group }
351 vipsec_B_private_0_port:
352 type: OS::Neutron::Port
354 network: { get_resource: protected_clientB_private_network }
355 binding:vnic_type: { get_param: vipsec_B_private_0_port_vnic_type}
356 fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet}, "ipaddress": { get_param: vipsec_B_private_ip_0 }}]
358 - { get_param: sec_group }
360 vipsec_B_private_1_port:
361 type: OS::Neutron::Port
363 #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}]
364 network: { get_param: onap_private_net_id }
365 binding:vnic_type: { get_param: vipsec_private_1_port_vnic_type}
366 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vipsec_B_private_ip_1 }}]
368 - { get_param: sec_group }
370 vipsec_B_private_2_port:
371 type: OS::Neutron::Port
373 network: { get_param: ipsec_private_net_id }
374 binding:vnic_type: { get_param: vipsec_private_2_port_vnic_type}
375 fixed_ips: [{"subnet": { get_param: ipsec_private_subnet_id }, "ip_address": { get_param: vipsec_B_private_ip_2 }}]
377 - { get_param: sec_group }
380 type: OS::Nova::Server
382 image: { get_param: vipsec_image_name }
383 flavor: { get_param: ipsec_flavor_name }
384 name: { get_param: vipsec_name_0 }
385 key_name: { get_resource: my_keypair }
387 - network: { get_param: public_net_id }
388 - port: { get_resource: vipsec_A_private_0_port }
389 - port: { get_resource: vipsec_A_private_1_port }
390 metadata: { vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
391 user_data_format: RAW
395 __dcae_collector_ip__ : { get_param: dcae_collector_ip }
396 __dcae_collector_port__ : { get_param: dcae_collector_port }
397 __demo_artifacts_version__ : { get_param: demo_artifacts_version }
398 __install_script_version__ : { get_param: install_script_version }
399 __vipsec_A_private_ip_0__ : { get_param: vipsec_A_private_ip_0 }
400 __vipsec_A_private_ip_1__ : { get_param: vipsec_A_private_ip_1 }
401 __protected_clientA_private_net_cidr__ : { get_param: protected_clientA_private_net_cidr }
402 __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
403 __cloud_env__ : { get_param: cloud_env }
404 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
405 __vpp_config__: { get_param: vpp_config }
406 __ipsec_config__: { get_param: ipsec_config }
407 __input_interface_num__: { get_param: input_interface_A }
408 __output_interface_num__: { get_param: output_interface_A }
409 __input_interface__: { get_param: input_device_interface_A }
410 __output_interface__: { get_param: output_device_interface_A }
411 __ipsec_B_MAC_address__: { get_param: ipsec_B_MAC_address }
415 # Create configuration files
417 echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt
418 echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt
419 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
420 echo "__install_script_version__" > /opt/config/install_script_version.txt
421 echo "__vipsec_A_private_ip_0__" > /opt/config/vipsec_A_private_ip_0.txt
422 echo "__vipsec_A_private_ip_1__" > /opt/config/vipsec_A_private_ip_1.txt
423 echo "__protected_clientA_private_net_cidr__" > /opt/config/protected_clientA_private_net_cidr.txt
424 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
425 echo "__cloud_env__" > /opt/config/cloud_env.txt
426 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
427 echo "__input_interface_num__" > /opt/config/input_interface_A_BDF_num.txt
428 echo "__output_interface_num__" > /opt/config/output_interface_A_BDF_num.txt
429 echo "__input_interface__" > /opt/config/input_interface_A.txt
430 echo "__output_interface__" > /opt/config/output_interface_A.txt
431 echo "__ipsec_B_MAC_address__" > /opt/config/ipsec_B_mac_address.txt
432 echo "__vpp_config__" > /opt/config/vpp_config.txt
433 echo "__ipsec_config__" > /opt/config/ipsec_config.txt
435 # Download and run install script
437 cd /root/comms/dpdk/x86_64-native-linuxapp-gcc/kmod
441 cat > __vpp_config__<< NEWFILE
444 exec __ipsec_config__
446 cli-listen /run/vpp/cli.sock
458 no-tx-checksum-offload
463 dev __input_interface_num__
467 dev __output_interface_num__
471 vdev crypto_aesni_gcm0
479 cat > __ipsec_config__<< NEWFILE
481 set interface state __input_interface__ up
482 set interface state __output_interface__ up
484 set interface ip address __input_interface__ 1.0.0.1/8
485 set interface ip address __output_interface__ 255.0.0.128/8
487 set int promiscuous on __input_interface__
488 set int promiscuous on __output_interface__
490 set ip arp __output_interface__ 255.0.0.129 __ipsec_B_MAC_address
491 set ip arp __input_interface__ 1.0.0.2 11:11:11:11:00:11
493 ip route add count 1 104.0.0.0/32 via 255.0.0.129 __output_interface__
494 ip route add count 1 004.0.0.0/32 via 1.0.0.2 __input_interface__
497 set interface ipsec spd __output_interface__ 1
498 ipsec sa add 1 spi 25500128 esp tunnel-src 255.0.0.128 tunnel-dst 255.0.0.129 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
499 ipsec sa add 2 spi 25500129 esp tunnel-src 255.0.0.129 tunnel-dst 255.0.0.128 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
500 ipsec policy add spd 1 outbound priority 100 action protect sa 1 remote-ip-range 104.0.0.0-104.0.0.0
501 ipsec policy add spd 1 inbound priority 100 action protect sa 2 remote-ip-range 004.0.0.0-004.0.0.0
502 ipsec policy add spd 1 inbound priority 90 protocol 50 action bypass
503 ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass
507 vpp -c __vpp_config__
510 type: OS::Nova::Server
512 image: { get_param: vipsec_image_name }
513 flavor: { get_param: ipsec_flavor_name }
514 name: { get_param: vipsec_name_1 }
515 key_name: { get_resource: my_keypair }
517 - network: { get_param: public_net_id }
518 - port: { get_resource: vipsec_B_private_0_port }
519 - port: { get_resource: vipsec_B_private_1_port }
520 metadata: { vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
521 user_data_format: RAW
525 __dcae_collector_ip__ : { get_param: dcae_collector_ip }
526 __dcae_collector_port__ : { get_param: dcae_collector_port }
527 __demo_artifacts_version__ : { get_param: demo_artifacts_version }
528 __install_script_version__ : { get_param: install_script_version }
529 __vipsec_A_private_ip_0__ : { get_param: vipsec_B_private_ip_0 }
530 __vipsec_A_private_ip_1__ : { get_param: vipsec_B_private_ip_1 }
531 __protected_clientA_private_net_cidr__ : { get_param: protected_clientB_private_net_cidr }
532 __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
533 __cloud_env__ : { get_param: cloud_env }
534 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
535 __vpp_config__: { get_param: vpp_config }
536 __ipsec_config__: { get_param: ipsec_config }
537 __input_interface_num__: { get_param: input_interface_B }
538 __output_interface_num__: { get_param: output_interface_B }
539 __input_interface__: { get_param: input_device_interface_B }
540 __output_interface__: { get_param: output_device_interface_B }
541 __ipsec_A_MAC_address__: { get_param: ipsec_A_MAC_address }
545 # Create configuration files
547 echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt
548 echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt
549 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
550 echo "__install_script_version__" > /opt/config/install_script_version.txt
551 echo "__vipsec_B_private_ip_0__" > /opt/config/vipsec_B_private_ip_0.txt
552 echo "__vipsec_B_private_ip_1__" > /opt/config/vipsec_B_private_ip_1.txt
553 echo "__protected_clientA_private_net_cidr__" > /opt/config/protected_clientB_private_net_cidr.txt
554 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
555 echo "__cloud_env__" > /opt/config/cloud_env.txt
556 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
557 echo "__input_interface_num__" > /opt/config/input_interface_B_BDF_num.txt
558 echo "__output_interface_num__" > /opt/config/output_interface_B_BDF_num.txt
559 echo "__input_interface__" > /opt/config/input_interface_B.txt
560 echo "__output_interface__" > /opt/config/output_interface_B.txt
561 echo "__ipsec_A_MAC_address__" > /opt/config/ipsec_A_mac_address.txt
562 echo "__vpp_config__" > /opt/config/vpp_config.txt
563 echo "__ipsec_config__" > /opt/config/ipsec_config.txt
565 # Download and run install script
567 cd /root/comms/dpdk/x86_64-native-linuxapp-gcc/kmod
571 cat > __vpp_config__<< NEWFILE
574 exec __ipsec_config__
576 cli-listen /run/vpp/cli.sock
588 no-tx-checksum-offload
593 dev __input_interface_num__
597 dev __output_interface_num__
601 vdev crypto_aesni_gcm0
609 cat > __ipsec_config__<< NEWFILE
611 set interface state __input_interface__ up
612 set interface state __output_interface__ up
614 set interface ip address __input_interface__ 1.0.0.1/8
615 set interface ip address __output_interface__ 255.0.0.128/8
617 set int promiscuous on __input_interface__
618 set int promiscuous on __output_interface__
620 set ip arp __output_interface__ 255.0.0.129 __ipsec_A_MAC_address
621 set ip arp __input_interface__ 1.0.0.2 11:11:11:11:00:11
623 ip route add count 1 104.0.0.0/32 via 255.0.0.129 __output_interface__
624 ip route add count 1 004.0.0.0/32 via 1.0.0.2 __input_interface__
627 set interface ipsec spd __output_interface__ 1
628 ipsec sa add 1 spi 25500128 esp tunnel-src 255.0.0.128 tunnel-dst 255.0.0.129 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
629 ipsec sa add 2 spi 25500129 esp tunnel-src 255.0.0.129 tunnel-dst 255.0.0.128 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
630 ipsec policy add spd 1 outbound priority 100 action protect sa 1 remote-ip-range 104.0.0.0-104.0.0.0
631 ipsec policy add spd 1 inbound priority 100 action protect sa 2 remote-ip-range 004.0.0.0-004.0.0.0
632 ipsec policy add spd 1 inbound priority 90 protocol 50 action bypass
633 ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass
637 vpp -c __vpp_config__
640 # Virtual Packet Generator instantiation
642 type: OS::Neutron::Port
644 network: { get_resource: protected_clientA_private_network}
645 binding:vnic_type: { get_param: vpg_private_0_port_vnic_type}
646 fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}]
648 - { get_param: sec_group }
651 type: OS::Neutron::Port
653 network: { get_param: onap_private_net_id }
654 binding:vnic_type: { get_param: vpg_private_1_port_vnic_type}
655 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}]
657 - { get_param: sec_group }
660 type: OS::Nova::Server
662 image: { get_param: vipsec_image_name }
663 flavor: { get_param: packetgen_flavor_name }
664 name: { get_param: vpg_name_0 }
665 key_name: { get_resource: my_keypair }
667 - network: { get_param: public_net_id }
668 - port: { get_resource: vpg_private_0_port }
669 - port: { get_resource: vpg_private_1_port }
670 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
671 user_data_format: RAW
675 __ipsec_ipaddr__: { get_param: vipsec_A_private_ip_0 }
676 __protected_clientB_net_cidr__: { get_param: protected_clientB_private_net_cidr }
677 __sink_ipaddr__: { get_param: vsn_private_ip_0 }
678 __demo_artifacts_version__ : { get_param: demo_artifacts_version }
679 __install_script_version__ : { get_param: install_script_version }
680 __vpg_private_ip_0__ : { get_param: vpg_private_ip_0 }
681 __vpg_private_ip_1__ : { get_param: vpg_private_ip_1 }
682 __protected_clientA_net_cidr__ : { get_param: protected_clientA_private_net_cidr }
683 __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
684 __cloud_env__ : { get_param: cloud_env }
685 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
689 # Create configuration files
691 echo "__ipsec_ipaddr__" > /opt/config/vipsec_ipaddr.txt
692 echo "__protected_clientB_net_cidr__" > /opt/config/protected_clientB_net_cidr.txt
693 echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt
694 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
695 echo "__install_script_version__" > /opt/config/install_script_version.txt
696 echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt
697 echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt
698 echo "__protected_clientA__net_cidr__" > /opt/config/protected_clientA_net_cidr.txt
699 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
700 echo "__cloud_env__" > /opt/config/cloud_env.txt
701 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
703 # Download and run install script
705 apt-get -y install unzip
706 if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
707 curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip
708 unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh
710 chmod +x v_packetgen_install.sh
711 ./v_packetgen_install.sh
714 # Virtual Sink instantiation
716 type: OS::Neutron::Port
718 network: { get_resource: protected_clientB_private_network }
719 binding:vnic_type: { get_param: vsn_private_0_port_vnic_type}
720 fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}]
722 - { get_param: sec_group }
725 type: OS::Neutron::Port
727 network: { get_param: onap_private_net_id }
728 binding:vnic_type: { get_param: vsn_private_1_port_vnic_type}
729 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}]
731 - { get_param: sec_group }
734 type: OS::Nova::Server
736 image: { get_param: vipsec_image_name }
737 flavor: { get_param: sink_flavor_name }
738 name: { get_param: vsn_name_0 }
739 key_name: { get_resource: my_keypair }
741 - network: { get_param: public_net_id }
742 - port: { get_resource: vsn_private_0_port }
743 - port: { get_resource: vsn_private_1_port }
744 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
745 user_data_format: RAW
749 __protected_net_gw__: { get_param: vipsec_B_private_ip_0 }
750 __protected_net_A__: { get_param: protected_clientA_private_net_cidr }
751 __install_script_version__ : { get_param: install_script_version }
752 __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 }
753 __vsn_private_ip_1__ : { get_param: vsn_private_ip_1 }
754 __protected_clientB_private_net_cidr__ : { get_param: protected_clientB_private_net_cidr }
755 __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
756 __cloud_env__ : { get_param: cloud_env }
757 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
761 # Create configuration files
763 echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt
764 echo "__protected_net_A__" > /opt/config/protected_net_A.txt
765 echo "__install_script_version__" > /opt/config/install_script_version.txt
766 echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt
767 echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt
768 echo "__protected_clientB_private_net_cidr__" > /opt/config/protected_clientB_private_net_cidr.txt
769 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
770 echo "__cloud_env__" > /opt/config/cloud_env.txt
771 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
773 # Download and run install script
775 apt-get -y install unzip
776 if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
777 curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip
778 unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_sink_install.sh
780 chmod +x v_sink_install.sh