1 heat_template_version: 2013-05-23
\r
3 description: Heat template that deploys vFirewall demo app for ONAP
\r
8 label: Image name or ID
\r
9 description: Image to be used for compute instance
\r
13 description: Type of instance (flavor) to be used
\r
16 label: Public network name or ID
\r
17 description: Public network that enables remote connection to VNF
\r
18 unprotected_private_net_id:
\r
20 label: Unprotected private network name or ID
\r
21 description: Private network that connects vPacketGenerator with vFirewall
\r
22 protected_private_net_id:
\r
24 label: Protected private network name or ID
\r
25 description: Private network that connects vFirewall with vSink
\r
26 onap_private_net_id:
\r
28 label: ONAP management network name or ID
\r
29 description: Private network that connects ONAP components and the VNF
\r
30 onap_private_subnet_id:
\r
32 label: ONAP management sub-network name or ID
\r
33 description: Private sub-network that connects ONAP components and the VNF
\r
34 unprotected_private_net_cidr:
\r
36 label: Unprotected private network CIDR
\r
37 description: The CIDR of the unprotected private network
\r
38 protected_private_net_cidr:
\r
40 label: Protected private network CIDR
\r
41 description: The CIDR of the protected private network
\r
42 onap_private_net_cidr:
\r
44 label: ONAP private network CIDR
\r
45 description: The CIDR of the protected private network
\r
48 label: vFirewall private IP address towards the unprotected network
\r
49 description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator
\r
52 label: vFirewall private IP address towards the protected network
\r
53 description: Private IP address that is assigned to the vFirewall to communicate with the vSink
\r
56 label: vFirewall private IP address towards the ONAP management network
\r
57 description: Private IP address that is assigned to the vFirewall to communicate with ONAP components
\r
60 label: vPacketGenerator private IP address towards the unprotected network
\r
61 description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall
\r
64 label: vPacketGenerator private IP address towards the ONAP management network
\r
65 description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components
\r
68 label: vSink private IP address towards the protected network
\r
69 description: Private IP address that is assigned to the vSink to communicate with the vFirewall
\r
72 label: vSink private IP address towards the ONAP management network
\r
73 description: Private IP address that is assigned to the vSink to communicate with ONAP components
\r
76 label: vFirewall name
\r
77 description: Name of the vFirewall
\r
80 label: vPacketGenerator name
\r
81 description: Name of the vPacketGenerator
\r
85 description: Name of the vSink
\r
89 description: The VNF ID is provided by ONAP
\r
92 label: vFirewall module ID
\r
93 description: The vFirewall Module ID is provided by ONAP
\r
96 label: DCAE collector IP address
\r
97 description: IP address of the DCAE collector
\r
98 dcae_collector_port:
\r
100 label: DCAE collector port
\r
101 description: Port of the DCAE collector
\r
104 label: Key pair name
\r
105 description: Public/Private key pair name
\r
109 description: Public key to be installed on the compute instance
\r
112 label: Repository URL
\r
113 description: URL of the repository that hosts the demo packages
\r
114 repo_url_artifacts:
\r
116 label: Repository URL
\r
117 description: URL of the repository that hosts the demo packages
\r
118 install_script_version:
\r
120 label: Installation script version number
\r
121 description: Version number of the scripts that install the vFW demo app
\r
122 demo_artifacts_version:
\r
124 label: Artifacts version used in demo vnfs
\r
125 description: Artifacts (jar, tar.gz) version used in demo vnfs
\r
128 label: Cloud environment
\r
129 description: Cloud environment (e.g., openstack, rackspace)
\r
133 type: OS::Heat::RandomString
\r
138 type: OS::Nova::KeyPair
\r
142 template: base_rand
\r
144 base: { get_param: key_name }
\r
145 rand: { get_resource: random-str }
\r
146 public_key: { get_param: pub_key }
\r
147 save_private_key: false
\r
149 unprotected_private_network:
\r
150 type: OS::Neutron::Net
\r
152 name: { get_param: unprotected_private_net_id }
\r
154 protected_private_network:
\r
155 type: OS::Neutron::Net
\r
157 name: { get_param: protected_private_net_id }
\r
159 unprotected_private_subnet:
\r
160 type: OS::Neutron::Subnet
\r
162 network_id: { get_resource: unprotected_private_network }
\r
163 cidr: { get_param: unprotected_private_net_cidr }
\r
165 protected_private_subnet:
\r
166 type: OS::Neutron::Subnet
\r
168 network_id: { get_resource: protected_private_network }
\r
169 cidr: { get_param: protected_private_net_cidr }
\r
171 # Virtual Firewall instantiation
\r
172 vfw_private_0_port:
\r
173 type: OS::Neutron::Port
\r
175 security_groups: []
\r
176 port_security_enabled: False
\r
177 network: { get_resource: unprotected_private_network }
\r
178 fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}]
\r
180 vfw_private_1_port:
\r
181 type: OS::Neutron::Port
\r
183 security_groups: []
\r
184 port_security_enabled: False
\r
185 network: { get_resource: protected_private_network }
\r
186 fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}]
\r
188 vfw_private_2_port:
\r
189 type: OS::Neutron::Port
\r
191 network: { get_param: onap_private_net_id }
\r
192 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}]
\r
195 type: OS::Neutron::FloatingIP
\r
197 floating_network_id: { get_param: public_net_id }
\r
198 port_id: { get_resource: vfw_private_2_port }
\r
201 type: OS::Nova::Server
\r
203 image: { get_param: vfw_image_name }
\r
204 flavor: { get_param: vfw_flavor_name }
\r
205 name: { get_param: vfw_name_0 }
\r
206 key_name: { get_resource: my_keypair }
\r
208 - port: { get_resource: vfw_private_2_port }
\r
209 - port: { get_resource: vfw_private_0_port }
\r
210 - port: { get_resource: vfw_private_1_port }
\r
211 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
\r
212 user_data_format: RAW
\r
216 __dcae_collector_ip__ : { get_param: dcae_collector_ip }
\r
217 __dcae_collector_port__ : { get_param: dcae_collector_port }
\r
218 __repo_url_blob__ : { get_param: repo_url_blob }
\r
219 __repo_url_artifacts__ : { get_param: repo_url_artifacts }
\r
220 __demo_artifacts_version__ : { get_param: demo_artifacts_version }
\r
221 __install_script_version__ : { get_param: install_script_version }
\r
222 __vfw_private_ip_0__ : { get_param: vfw_private_ip_0 }
\r
223 __vfw_private_ip_1__ : { get_param: vfw_private_ip_1 }
\r
224 __cloud_env__ : { get_param: cloud_env }
\r
228 # Create configuration files
\r
230 echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt
\r
231 echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt
\r
232 echo "__repo_url_blob__" > /opt/config/repo_url_blob.txt
\r
233 echo "__repo_url_artifacts__" > /opt/config/repo_url_artifacts.txt
\r
234 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
\r
235 echo "__install_script_version__" > /opt/config/install_script_version.txt
\r
236 echo "__vfw_private_ip_0__" > /opt/config/vfw_private_ip_0.txt
\r
237 echo "__vfw_private_ip_1__" > /opt/config/vfw_private_ip_1.txt
\r
238 echo "__cloud_env__" > /opt/config/cloud_env.txt
\r
240 # Download and run install script
\r
241 curl -k __repo_url_blob__/org.openecomp.demo/vnfs/vfw/__install_script_version__/v_firewall_install.sh -o /opt/v_firewall_install.sh
\r
243 chmod +x v_firewall_install.sh
\r
244 ./v_firewall_install.sh
\r
247 # Virtual Packet Generator instantiation
\r
249 type: OS::Neutron::FloatingIP
\r
251 floating_network_id: { get_param: public_net_id }
\r
252 port_id: { get_resource: vpg_private_1_port }
\r
254 vpg_private_0_port:
\r
255 type: OS::Neutron::Port
\r
257 network: { get_resource: unprotected_private_network }
\r
258 fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}]
\r
260 vpg_private_1_port:
\r
261 type: OS::Neutron::Port
\r
263 network: { get_param: onap_private_net_id }
\r
264 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}]
\r
267 type: OS::Nova::Server
\r
269 image: { get_param: vfw_image_name }
\r
270 flavor: { get_param: vfw_flavor_name }
\r
271 name: { get_param: vpg_name_0 }
\r
272 key_name: { get_resource: my_keypair }
\r
274 - port: { get_resource: vpg_private_1_port }
\r
275 - port: { get_resource: vpg_private_0_port }
\r
276 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
\r
277 user_data_format: RAW
\r
281 __fw_ipaddr__: { get_param: vfw_private_ip_0 }
\r
282 __protected_net_cidr__: { get_param: protected_private_net_cidr }
\r
283 __sink_ipaddr__: { get_param: vsn_private_ip_0 }
\r
284 __repo_url_blob__ : { get_param: repo_url_blob }
\r
285 __repo_url_artifacts__ : { get_param: repo_url_artifacts }
\r
286 __demo_artifacts_version__ : { get_param: demo_artifacts_version }
\r
287 __install_script_version__ : { get_param: install_script_version }
\r
288 __vpg_private_ip_0__ : { get_param: vpg_private_ip_0 }
\r
289 __cloud_env__ : { get_param: cloud_env }
\r
293 # Create configuration files
\r
295 echo "__fw_ipaddr__" > /opt/config/fw_ipaddr.txt
\r
296 echo "__protected_net_cidr__" > /opt/config/protected_net_cidr.txt
\r
297 echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt
\r
298 echo "__repo_url_blob__" > /opt/config/repo_url_blob.txt
\r
299 echo "__repo_url_artifacts__" > /opt/config/repo_url_artifacts.txt
\r
300 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
\r
301 echo "__install_script_version__" > /opt/config/install_script_version.txt
\r
302 echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt
\r
303 echo "__cloud_env__" > /opt/config/cloud_env.txt
\r
305 # Download and run install script
\r
306 curl -k __repo_url_blob__/org.openecomp.demo/vnfs/vfw/__install_script_version__/v_packetgen_install.sh -o /opt/v_packetgen_install.sh
\r
308 chmod +x v_packetgen_install.sh
\r
309 ./v_packetgen_install.sh
\r
312 # Virtual Sink instantiation
\r
313 vsn_private_0_port:
\r
314 type: OS::Neutron::Port
\r
316 network: { get_resource: protected_private_network }
\r
317 fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}]
\r
319 vsn_private_1_port:
\r
320 type: OS::Neutron::Port
\r
322 network: { get_param: onap_private_net_id }
\r
323 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}]
\r
326 type: OS::Neutron::FloatingIP
\r
328 floating_network_id: { get_param: public_net_id }
\r
329 port_id: { get_resource: vsn_private_1_port }
\r
332 type: OS::Nova::Server
\r
334 image: { get_param: vfw_image_name }
\r
335 flavor: { get_param: vfw_flavor_name }
\r
336 name: { get_param: vsn_name_0 }
\r
337 key_name: { get_resource: my_keypair }
\r
339 - port: { get_resource: vsn_private_1_port }
\r
340 - port: { get_resource: vsn_private_0_port }
\r
341 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
\r
342 user_data_format: RAW
\r
346 __protected_net_gw__: { get_param: vfw_private_ip_1 }
\r
347 __unprotected_net__: { get_param: unprotected_private_net_cidr }
\r
348 __repo_url_blob__ : { get_param: repo_url_blob }
\r
349 __repo_url_artifacts__ : { get_param: repo_url_artifacts }
\r
350 __install_script_version__ : { get_param: install_script_version }
\r
351 __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 }
\r
352 __cloud_env__ : { get_param: cloud_env }
\r
356 # Create configuration files
\r
358 echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt
\r
359 echo "__unprotected_net__" > /opt/config/unprotected_net.txt
\r
360 echo "__repo_url_blob__" > /opt/config/repo_url_blob.txt
\r
361 echo "__install_script_version__" > /opt/config/install_script_version.txt
\r
362 echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt
\r
363 echo "__cloud_env__" > /opt/config/cloud_env.txt
\r
365 # Download and run install script
\r
366 curl -k __repo_url_blob__/org.openecomp.demo/vnfs/vfw/__install_script_version__/v_sink_install.sh -o /opt/v_sink_install.sh
\r
368 chmod +x v_sink_install.sh
\r