From: Your Name Date: Tue, 9 Apr 2019 11:47:51 +0000 (-0500) Subject: vfirewall usecase for arm64 X-Git-Tag: 1.4.0~43 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=demo.git;a=commitdiff_plain;h=73f56f16a45e6ff77363956cb6c1130cbf4025c3 vfirewall usecase for arm64 vfirewall support for running on arm64 openstack deployment. Due to lack of support for arm64 un current vfirewall usecase deps we had to update some components version like the ubuntu (16.04) vpp, dpdk, and honeycomb Change-Id: I3a434df1493fab9bdb43cb0ec1313b1a626b33c9 Issue-ID: INT-884 Signed-off-by: Paul Vaduva --- diff --git a/heat/vFWCL_arm64/vFWSNK/MANIFEST.json b/heat/vFWCL_arm64/vFWSNK/MANIFEST.json new file mode 100644 index 00000000..49383787 --- /dev/null +++ b/heat/vFWCL_arm64/vFWSNK/MANIFEST.json @@ -0,0 +1,17 @@ +{ + "name": "", + "description": "", + "data": [ + { + "file": "base_vfw.yaml", + "type": "HEAT", + "isBase": "true", + "data": [ + { + "file": "base_vfw.env", + "type": "HEAT_ENV" + } + ] + } + ] +} diff --git a/heat/vFWCL_arm64/vFWSNK/base_vfw.env b/heat/vFWCL_arm64/vFWSNK/base_vfw.env new file mode 100644 index 00000000..6b7e334c --- /dev/null +++ b/heat/vFWCL_arm64/vFWSNK/base_vfw.env @@ -0,0 +1,53 @@ +parameters: + + # VM_TYPE: vfw + vfw_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vfw_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + vfw_int_unprotected_private_ip_0: 192.168.10.100 + vfw_int_protected_private_ip_0: 192.168.20.100 + vfw_onap_private_ip_0: 10.0.100.1 + # vpg_private_ip_0: 192.168.10.200 + # this is the private ip 0 for vpg + vfw_int_protected_private_floating_ip: 192.168.10.200 + vfw_name_0: zdfw1fwl01fwl01 + + # VM_TYPE: vsn + vsn_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vsn_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + vsn_int_protected_private_ip_0: 192.168.20.250 + vsn_onap_private_ip_0: 10.0.100.3 + vsn_name_0: zdfw1fwl01snk01 + + # NETWORK_ROLE: public + public_net_id: PUT THE PUBLIC NETWORK ID HERE + + # NETWORK_ROLE: unprotected_private + int_unprotected_private_net_id: zdfw1fwl01_unprotected + int_unprotected_private_subnet_id: zdfw1fwl01_unprotected_sub + unprotected_private_net_cidr: 192.168.10.0/24 + + # NETWORK_ROLE: protected_private + int_protected_private_net_id: zdfw1fwl01_protected + int_protected_private_subnet_id: zdfw1fwl01_protected_sub + protected_private_net_cidr: 192.168.20.0/24 + + # NETWORK_ROLE: onap_private + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + + # METADATA + vnf_name: vFWSNK + vnf_id: vFirewall_demo_app + vf_module_id: vFirewallCL + + # APP/USER_DATA + dcae_collector_ip: 10.0.4.1 + dcae_collector_port: 30235 + demo_artifacts_version: 1.4.0-SNAPSHOT + install_script_version: 1.4.0-SNAPSHOT + key_name: vfw_key + pub_key: PUT YOUR KEY HERE + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE + nexus_artifact_repo: https://nexus.onap.org diff --git a/heat/vFWCL_arm64/vFWSNK/base_vfw.yaml b/heat/vFWCL_arm64/vFWSNK/base_vfw.yaml new file mode 100644 index 00000000..d30a64fc --- /dev/null +++ b/heat/vFWCL_arm64/vFWSNK/base_vfw.yaml @@ -0,0 +1,395 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Heat template that deploys vFirewall Closed Loop demo app (vFW and vSink) for ONAP + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + vfw_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vfw_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + vsn_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vsn_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + int_unprotected_private_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + int_unprotected_private_subnet_id: + type: string + label: Unprotected private subnetwork name or ID + description: Private subnetwork of the protected network + unprotected_private_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + int_protected_private_net_id: + type: string + label: Protected private network name or ID + description: Private network that connects vFirewall with vSink + int_protected_private_subnet_id: + type: string + label: Protected private subnetwork name or ID + description: Private subnetwork of the unprotected network + protected_private_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_int_unprotected_private_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vfw_int_protected_private_ip_0: + type: string + label: vFirewall private IP address towards the protected network + description: Private IP address that is assigned to the vFirewall to communicate with the vSink + vfw_onap_private_ip_0: + type: string + label: vFirewall private IP address towards the ONAP management network + description: Private IP address that is assigned to the vFirewall to communicate with ONAP components + vfw_int_protected_private_floating_ip: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vsn_int_protected_private_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vsn_onap_private_ip_0: + type: string + label: vSink private IP address towards the ONAP management network + description: Private IP address that is assigned to the vSink to communicate with ONAP components + vfw_name_0: + type: string + label: vFirewall name + description: Name of the vFirewall + vsn_name_0: + type: string + label: vSink name + description: Name of the vSink + vnf_name: + type: string + label: VNF NAME + description: The VNF NAME is provided by ONAP + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: vFirewall module ID + description: The vFirewall Module ID is provided by ONAP + dcae_collector_ip: + type: string + label: DCAE collector IP address + description: IP address of the DCAE collector + dcae_collector_port: + type: string + label: DCAE collector port + description: Port of the DCAE collector + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + +############# +# # +# RESOURCES # +# # +############# + +resources: + random-str: + type: OS::Heat::RandomString + properties: + length: 4 + + my_keypair: + type: OS::Nova::KeyPair + properties: + name: + str_replace: + template: vnfname_base_rand + params: + base: { get_param: key_name } + vnfname: { get_param: vnf_name } + rand: { get_resource: random-str } + public_key: { get_param: pub_key } + save_private_key: false + + int_unprotected_private_network: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: vnfname_netid + params: + netid: { get_param: int_unprotected_private_net_id } + vnfname: { get_param: vnf_name } + + int_unprotected_private_subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: vnfname_subnetid + params: + subnetid: { get_param: int_unprotected_private_subnet_id } + vnfname: { get_param: vnf_name } + network: { get_resource: int_unprotected_private_network } + cidr: { get_param: unprotected_private_net_cidr } + + int_protected_private_network: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: vnfname_netid + params: + netid: { get_param: int_protected_private_net_id } + vnfname: { get_param: vnf_name } + + int_protected_private_subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: vnfname_subnetid + params: + subnetid: { get_param: int_protected_private_subnet_id } + vnfname: { get_param: vnf_name } + network: { get_resource: int_protected_private_network } + cidr: { get_param: protected_private_net_cidr } + + # Virtual Firewall instantiation + vfw_0_int_unprotected_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_resource: int_unprotected_private_network } + fixed_ips: [{"subnet": { get_resource: int_unprotected_private_subnet }, "ip_address": { get_param: vfw_int_unprotected_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_0_int_protected_private_port_0: + type: OS::Neutron::Port + properties: + allowed_address_pairs: [{ "ip_address": { get_param: vfw_int_protected_private_floating_ip }}] + network: { get_resource: int_protected_private_network } + fixed_ips: [{"subnet": { get_resource: int_protected_private_subnet }, "ip_address": { get_param: vfw_int_protected_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_0_onap_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_onap_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vfw_server_0: + type: OS::Nova::Server + properties: + image: { get_param: vfw_image_name } + flavor: { get_param: vfw_flavor_name } + name: { get_param: vfw_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vfw_0_int_unprotected_private_port_0 } + - port: { get_resource: vfw_0_int_protected_private_port_0 } + - port: { get_resource: vfw_0_onap_private_port_0 } + metadata: + vnf_name: { get_param: vnf_name } + vnf_id: { get_param: vnf_id } + vf_module_id: { get_param: vf_module_id } + user_data_format: RAW + user_data: + str_replace: + params: + __dcae_collector_ip__ : { get_param: dcae_collector_ip } + __dcae_collector_port__ : { get_param: dcae_collector_port } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vfw_private_ip_0__ : { get_param: vfw_int_unprotected_private_ip_0 } + __vfw_private_ip_1__ : { get_param: vfw_int_protected_private_ip_0 } + __vfw_private_ip_2__ : { get_param: vfw_onap_private_ip_0 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt + echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vfw_private_ip_0__" > /opt/config/vfw_private_ip_0.txt + echo "__vfw_private_ip_1__" > /opt/config/vfw_private_ip_1.txt + echo "__vfw_private_ip_2__" > /opt/config/vfw_private_ip_2.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_firewall_install_arm64.sh + cd /opt + chmod +x v_firewall_install_arm64.sh + ./v_firewall_install_arm64.sh + + + # Virtual Sink instantiation + vsn_0_int_protected_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_resource: int_protected_private_network } + fixed_ips: [{"subnet": { get_resource: int_protected_private_subnet }, "ip_address": { get_param: vsn_int_protected_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vsn_0_onap_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_onap_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vsn_server_0: + type: OS::Nova::Server + properties: + image: { get_param: vsn_image_name } + flavor: { get_param: vsn_flavor_name } + name: { get_param: vsn_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vsn_0_int_protected_private_port_0 } + - port: { get_resource: vsn_0_onap_private_port_0 } + metadata: + vnf_name: { get_param: vnf_name } + vnf_id: { get_param: vnf_id } + vf_module_id: { get_param: vf_module_id } + user_data_format: RAW + user_data: + str_replace: + params: + __protected_net_gw__: { get_param: vfw_int_protected_private_ip_0 } + __unprotected_net__: { get_param: unprotected_private_net_cidr } + __install_script_version__ : { get_param: install_script_version } + __vsn_private_ip_0__ : { get_param: vsn_int_protected_private_ip_0 } + __vsn_private_ip_1__ : { get_param: vsn_onap_private_ip_0 } + __protected_private_net_cidr__ : { get_param: protected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt + echo "__unprotected_net__" > /opt/config/unprotected_net.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt + echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt + echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_sink_install_arm64.sh + cd /opt + chmod +x v_sink_install_arm64.sh + ./v_sink_install_arm64.sh diff --git a/heat/vFWCL_arm64/vPKG/MANIFEST.json b/heat/vFWCL_arm64/vPKG/MANIFEST.json new file mode 100644 index 00000000..482b4294 --- /dev/null +++ b/heat/vFWCL_arm64/vPKG/MANIFEST.json @@ -0,0 +1,17 @@ +{ + "name": "", + "description": "", + "data": [ + { + "file": "base_vpkg.yaml", + "type": "HEAT", + "isBase": "true", + "data": [ + { + "file": "base_vpkg.env", + "type": "HEAT_ENV" + } + ] + } + ] +} diff --git a/heat/vFWCL_arm64/vPKG/base_vpkg.env b/heat/vFWCL_arm64/vPKG/base_vpkg.env new file mode 100644 index 00000000..72396cec --- /dev/null +++ b/heat/vFWCL_arm64/vPKG/base_vpkg.env @@ -0,0 +1,40 @@ +parameters: + + # VM_TYPE: vpg + vpg_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vpg_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + vpg_unprotected_private_ip_0: 192.168.10.200 + vpg_onap_private_ip_0: 10.0.100.2 + vpg_name_0: zdfw1fwl01pgn01 + + # NETWORK_ROLE: public + public_net_id: PUT THE PUBLIC NETWORK ID HERE + + # NETWORK_ROLE: unprotected_private + unprotected_private_net_id: vFWSNK_zdfw1fwl01_unprotected + unprotected_private_subnet_id: vFWSNK_zdfw1fwl01_unprotected_sub + unprotected_private_net_cidr: 192.168.10.0/24 + + # NETWORK_ROLE: onap_private + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + + # NETWORK_ROLE: protected_private + protected_private_net_cidr: 192.168.20.0/24 + + # METADATA + vnf_name: vPGK + vnf_id: vPNG_Firewall_demo_app + vf_module_id: vTrafficPNG + + # APP/USER_DATA + vfw_private_ip_0: 192.168.10.100 + vsn_private_ip_0: 192.168.20.250 + demo_artifacts_version: 1.4.0-SNAPSHOT + install_script_version: 1.4.0-SNAPSHOT + key_name: vfw_key + pub_key: PUT YOUR PUBLIC KEY HERE + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE + nexus_artifact_repo: https://nexus.onap.org \ No newline at end of file diff --git a/heat/vFWCL_arm64/vPKG/base_vpkg.yaml b/heat/vFWCL_arm64/vPKG/base_vpkg.yaml new file mode 100644 index 00000000..2a3c36d1 --- /dev/null +++ b/heat/vFWCL_arm64/vPKG/base_vpkg.yaml @@ -0,0 +1,233 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Heat template that deploys the vFirewall Traffic Generator demo app for ONAP + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + vpg_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vpg_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + unprotected_private_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + unprotected_private_subnet_id: + type: string + label: Unprotected private sub-network name or ID + description: Private subnetwork for the unprotected network + unprotected_private_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + protected_private_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_private_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vsn_private_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vpg_unprotected_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vpg_onap_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the ONAP management network + description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components + vpg_name_0: + type: string + label: vPacketGenerator name + description: Name of the vPacketGenerator + vnf_name: + type: string + label: VNF NAME + description: The VNF NAME is provided by ONAP + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: vPNG Traffic Generator module ID + description: The vPNG Module ID is provided by ONAP + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + +############# +# # +# RESOURCES # +# # +############# + +resources: + random-str: + type: OS::Heat::RandomString + properties: + length: 4 + + my_keypair: + type: OS::Nova::KeyPair + properties: + name: + str_replace: + template: vnfname_base_rand + params: + vnfname: { get_param: vnf_name } + base: { get_param: key_name } + rand: { get_resource: random-str } + public_key: { get_param: pub_key } + save_private_key: false + + + # Virtual Packet Generator instantiation + vpg_0_unprotected_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: unprotected_private_net_id } + fixed_ips: [{"subnet": { get_param: unprotected_private_subnet_id }, "ip_address": { get_param: vpg_unprotected_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vpg_0_onap_private_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: onap_private_net_id } + fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_onap_private_ip_0 }}] + security_groups: + - { get_param: sec_group } + + vpg_server_0: + type: OS::Nova::Server + properties: + image: { get_param: vpg_image_name } + flavor: { get_param: vpg_flavor_name } + name: { get_param: vpg_name_0 } + key_name: { get_resource: my_keypair } + networks: + - network: { get_param: public_net_id } + - port: { get_resource: vpg_0_unprotected_private_port_0 } + - port: { get_resource: vpg_0_onap_private_port_0 } + metadata: + vnf_name: { get_param: vnf_name } + vnf_id: { get_param: vnf_id } + vf_module_id: { get_param: vf_module_id } + user_data_format: RAW + user_data: + str_replace: + params: + __fw_ipaddr__: { get_param: vfw_private_ip_0 } + __protected_net_cidr__: { get_param: protected_private_net_cidr } + __sink_ipaddr__: { get_param: vsn_private_ip_0 } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vpg_private_ip_0__ : { get_param: vpg_unprotected_private_ip_0 } + __vpg_private_ip_1__ : { get_param: vpg_onap_private_ip_0 } + __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__fw_ipaddr__" > /opt/config/fw_ipaddr.txt + echo "__protected_net_cidr__" > /opt/config/protected_net_cidr.txt + echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt + echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt + echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip + unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_packetgen_install_arm64.sh + cd /opt + chmod +x v_packetgen_install_arm64.sh + ./v_packetgen_install_arm64.sh diff --git a/vnfs/VES/bldjobs/Makefile b/vnfs/VES/bldjobs/Makefile index 659f02fb..058deca7 100644 --- a/vnfs/VES/bldjobs/Makefile +++ b/vnfs/VES/bldjobs/Makefile @@ -26,13 +26,14 @@ #****************************************************************************** ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/.. EVELLIB_ROOT=$(CODE_ROOT)/code/evel_library EVELDEMO_ROOT=$(CODE_ROOT)/code/evel_demo EVELUNIT_ROOT=$(CODE_ROOT)/code/evel_unit EVELTRAINING_ROOT=$(CODE_ROOT)/code/evel_training -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) -OUTPUT_DIR=$(CODE_ROOT)/output/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) +OUTPUT_DIR=$(CODE_ROOT)/output/$(MACHINE_ARCH) DOCS_ROOT=$(CODE_ROOT)/docs CC=gcc SCP=scp @@ -46,8 +47,13 @@ PLANTFLAGS=-tsvg # Standard compiler flags. * #****************************************************************************** CPPFLAGS=-I $(EVELLIB_ROOT) -CFLAGS=-Wall -Wextra -m$(ARCH) -g -fPIC -LIBCFLAGS=-Wall -Wextra -m$(ARCH) -g -shared -fPIC +ifeq ($(MACHINE_ARCH), aarch64) + CFLAGS=-Wall -Wextra -march=native -g -fPIC + LIBCFLAGS=-Wall -Wextra -march=native -g -shared -fPIC +else + CFLAGS=-Wall -Wextra -m$(ARCH) -g -fPIC + LIBCFLAGS=-Wall -Wextra -m$(ARCH) -g -shared -fPIC +endif #****************************************************************************** # The testbed is a VM instance where we can install the EVEL example under * @@ -251,7 +257,7 @@ evel_test_centos: evel_install_centos @echo Testing EVEL Demo application on CentOS... @$(SSH) $(VNF_TESTBED_CENTOS_USER)@$(VNF_TESTBED_CENTOS) \ source .bash_profile \; \ - $(TESTBED_CENTOS_INSTALL_PATH)/output/x86_$(ARCH)/evel_demo \ + $(TESTBED_CENTOS_INSTALL_PATH)/output/$(MACHINE_ARCH)/evel_demo \ --fqdn $(VNF_COLLECTOR_HOST) \ --port $(VNF_COLLECTOR_PORT) \ --verbose @@ -265,7 +271,7 @@ evel_test_ubuntu: evel_install_ubuntu @echo Testing EVEL Demo application on Ubuntu... @$(SSH) $(VNF_TESTBED_UBUNTU_USER)@$(VNF_TESTBED_UBUNTU) \ source .profile \; \ - $(TESTBED_UBUNTU_INSTALL_PATH)/output/x86_$(ARCH)/evel_demo \ + $(TESTBED_UBUNTU_INSTALL_PATH)/output/$(MACHINE_ARCH)/evel_demo \ --fqdn $(VNF_COLLECTOR_HOST) \ --port $(VNF_COLLECTOR_PORT) \ --verbose @@ -293,8 +299,8 @@ package: api_library_clean \ @cd $(CODE_ROOT) && tar cfz output/evel-library-package.tgz bldjobs \ code \ docs \ - libs/x86_64/README \ - output/x86_64/README \ + libs/$(MACHINE_ARCH)/README \ + output/$(MACHINE_ARCH)/README \ readme.md package_clean: diff --git a/vnfs/VES5.0/evel/evel-library/bldjobs/Makefile b/vnfs/VES5.0/evel/evel-library/bldjobs/Makefile index 1c327d3d..fe06f81a 100644 --- a/vnfs/VES5.0/evel/evel-library/bldjobs/Makefile +++ b/vnfs/VES5.0/evel/evel-library/bldjobs/Makefile @@ -26,12 +26,13 @@ #****************************************************************************/ ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/.. EVELLIB_ROOT=$(CODE_ROOT)/code/evel_library EVELUNIT_ROOT=$(CODE_ROOT)/code/evel_unit EVELTRAINING_ROOT=$(CODE_ROOT)/code -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) -OUTPUT_DIR=$(CODE_ROOT)/output/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) +OUTPUT_DIR=$(CODE_ROOT)/output/$(MACHINE_ARCH) DOCS_ROOT=$(CODE_ROOT)/docs CC=gcc SCP=scp @@ -45,8 +46,13 @@ PLANTFLAGS=-tsvg # Standard compiler flags. * #****************************************************************************** CPPFLAGS=-I $(EVELLIB_ROOT) -CFLAGS=-Wall -Wextra -m$(ARCH) -g -fPIC -LIBCFLAGS=-Wall -Wextra -m$(ARCH) -g -shared -fPIC +ifeq ($(MACHINE_ARCH), aarch64) + CFLAGS=-Wall -Wextra -march=native -g -fPIC + LIBCFLAGS=-Wall -Wextra -march=native -g -shared -fPIC +else + CFLAGS=-Wall -Wextra -m$(ARCH) -g -fPIC + LIBCFLAGS=-Wall -Wextra -m$(ARCH) -g -shared -fPIC +endif #****************************************************************************** # The testbed is a VM instance where we can install the EVEL example under * @@ -253,7 +259,7 @@ evel_test_centos: evel_install_centos @echo Testing EVEL Demo application on CentOS... @$(SSH) $(VNF_TESTBED_CENTOS_USER)@$(VNF_TESTBED_CENTOS) \ source .bash_profile \; \ - $(TESTBED_CENTOS_INSTALL_PATH)/output/x86_$(ARCH)/evel_demo \ + $(TESTBED_CENTOS_INSTALL_PATH)/output/$(MACHINE_ARCH)/evel_demo \ --fqdn $(VNF_COLLECTOR_HOST) \ --port $(VNF_COLLECTOR_PORT) \ --verbose @@ -267,7 +273,7 @@ evel_test_ubuntu: evel_install_ubuntu @echo Testing EVEL Demo application on Ubuntu... @$(SSH) $(VNF_TESTBED_UBUNTU_USER)@$(VNF_TESTBED_UBUNTU) \ source .profile \; \ - $(TESTBED_UBUNTU_INSTALL_PATH)/output/x86_$(ARCH)/evel_demo \ + $(TESTBED_UBUNTU_INSTALL_PATH)/output/$(MACHINE_ARCH)/evel_demo \ --fqdn $(VNF_COLLECTOR_HOST) \ --port $(VNF_COLLECTOR_PORT) \ --verbose @@ -292,8 +298,8 @@ package: api_library_clean \ @cd $(CODE_ROOT) && tar cfz output/evel-library-package.tgz bldjobs \ code \ docs \ - libs/x86_64/README \ - output/x86_64/README \ + libs/$(MACHINE_ARCH)/README \ + output/$(MACHINE_ARCH)/README \ readme.md package_clean: diff --git a/vnfs/VES5.0/evel/evel-library/code/VESreporting_HB/Makefile b/vnfs/VES5.0/evel/evel-library/code/VESreporting_HB/Makefile index e0077597..1119f59a 100644 --- a/vnfs/VES5.0/evel/evel-library/code/VESreporting_HB/Makefile +++ b/vnfs/VES5.0/evel/evel-library/code/VESreporting_HB/Makefile @@ -17,9 +17,10 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. #CODE_ROOT=../code/evel-library -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) #LIBS_DIR=/usr/lib INCLUDE_DIR= -I $(CODE_ROOT)/code/evel_library -I . diff --git a/vnfs/VES5.0/evel/evel-library/code/VESreporting_fault/Makefile b/vnfs/VES5.0/evel/evel-library/code/VESreporting_fault/Makefile index 4837c7d1..87e0d4ac 100644 --- a/vnfs/VES5.0/evel/evel-library/code/VESreporting_fault/Makefile +++ b/vnfs/VES5.0/evel/evel-library/code/VESreporting_fault/Makefile @@ -17,9 +17,10 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. #CODE_ROOT=../code/evel-library -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) #LIBS_DIR=/usr/lib INCLUDE_DIR= -I $(CODE_ROOT)/code/evel_library -I . diff --git a/vnfs/VES5.0/evel/evel-library/code/VESreporting_syslog/Makefile b/vnfs/VES5.0/evel/evel-library/code/VESreporting_syslog/Makefile index 4b0fd85d..f0b4ed3b 100644 --- a/vnfs/VES5.0/evel/evel-library/code/VESreporting_syslog/Makefile +++ b/vnfs/VES5.0/evel/evel-library/code/VESreporting_syslog/Makefile @@ -17,9 +17,10 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. #CODE_ROOT=../code/evel-library -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) #LIBS_DIR=/usr/lib INCLUDE_DIR= -I $(CODE_ROOT)/code/evel_library -I . diff --git a/vnfs/VES5.0/evel/evel-library/code/VESreporting_vFW/Makefile b/vnfs/VES5.0/evel/evel-library/code/VESreporting_vFW/Makefile index 9d1812fa..f5e3c463 100644 --- a/vnfs/VES5.0/evel/evel-library/code/VESreporting_vFW/Makefile +++ b/vnfs/VES5.0/evel/evel-library/code/VESreporting_vFW/Makefile @@ -17,9 +17,10 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. #CODE_ROOT=../code/evel-library -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) #LIBS_DIR=/usr/lib INCLUDE_DIR= -I $(CODE_ROOT)/code/evel_library -I . diff --git a/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a b/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a new file mode 100755 index 00000000..0e17b9f8 Binary files /dev/null and b/vnfs/VES5.0/evel/evel-library/libs/aarch64/libevel.a differ diff --git a/vnfs/VESreporting_vFW/Makefile b/vnfs/VESreporting_vFW/Makefile index 77ca5742..f821b442 100644 --- a/vnfs/VESreporting_vFW/Makefile +++ b/vnfs/VESreporting_vFW/Makefile @@ -18,8 +18,9 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../../.. -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) INCLUDE_DIR=$(CODE_ROOT)/code/evel_library #****************************************************************************** diff --git a/vnfs/VESreporting_vFW5.0/Makefile b/vnfs/VESreporting_vFW5.0/Makefile index c9776e0e..66240d61 100644 --- a/vnfs/VESreporting_vFW5.0/Makefile +++ b/vnfs/VESreporting_vFW5.0/Makefile @@ -18,8 +18,9 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) INCLUDE_DIR=$(CODE_ROOT)/code/evel_library #****************************************************************************** diff --git a/vnfs/VESreporting_vLB/Makefile b/vnfs/VESreporting_vLB/Makefile index 094adabe..172e81c5 100644 --- a/vnfs/VESreporting_vLB/Makefile +++ b/vnfs/VESreporting_vLB/Makefile @@ -19,8 +19,9 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../../.. -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) INCLUDE_DIR=$(CODE_ROOT)/code/evel_library #****************************************************************************** diff --git a/vnfs/VESreporting_vLB5.0/Makefile b/vnfs/VESreporting_vLB5.0/Makefile index a9eb05e1..76029120 100644 --- a/vnfs/VESreporting_vLB5.0/Makefile +++ b/vnfs/VESreporting_vLB5.0/Makefile @@ -18,8 +18,9 @@ CC=gcc ARCH=$(shell getconf LONG_BIT) +MACHINE_ARCH=$(shell uname -m) CODE_ROOT=$(CURDIR)/../.. -LIBS_DIR=$(CODE_ROOT)/libs/x86_$(ARCH) +LIBS_DIR=$(CODE_ROOT)/libs/$(MACHINE_ARCH) INCLUDE_DIR=$(CODE_ROOT)/code/evel_library #****************************************************************************** diff --git a/vnfs/vFW/scripts/v_firewall_init_arm64.sh b/vnfs/vFW/scripts/v_firewall_init_arm64.sh new file mode 100755 index 00000000..7fce884c --- /dev/null +++ b/vnfs/vFW/scripts/v_firewall_init_arm64.sh @@ -0,0 +1,82 @@ +#!/bin/bash +set -x + +# Convert Network CIDR to Netmask +mask2cidr() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + *) echo "Error: $dec is not recognized"; exit 1 + esac + done + echo "$nbits" +} + +# Start VPP +if ! which start; then + echo "#!/bin/bash" > /usr/local/sbin/start + echo "systemctl start \$1" >> /usr/local/sbin/start + chmod u+x /usr/local/sbin/start +fi +start vpp +sleep 1 + +# Configure VPP for vFirewall +IPADDR1=$(ifconfig enp2s0 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +IPADDR2=$(ifconfig enp3s0 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +HWADDR1=$(ifconfig enp2s0 | grep -Po "HWaddr \K(.*)") +HWADDR2=$(ifconfig enp3s0 | grep -Po "HWaddr \K(.*)") +FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') +FAKE_HWADDR2=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') + +IPADDR1_MASK=$(ifconfig enp2s0 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR1_CIDR=$(mask2cidr $IPADDR1_MASK) +IPADDR2_MASK=$(ifconfig enp3s0 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR2_CIDR=$(mask2cidr $IPADDR2_MASK) + +ifconfig enp2s0 down +ifconfig enp3s0 down +ifconfig enp2s0 hw ether $FAKE_HWADDR1 +ifconfig enp3s0 hw ether $FAKE_HWADDR2 +ip addr flush dev enp2s0 +ip addr flush dev enp3s0 +ifconfig enp2s0 up +ifconfig enp3s0 up +vppctl tap connect tap111 hwaddr $HWADDR1 +vppctl tap connect tap222 hwaddr $HWADDR2 +vppctl set int ip address tapcli-0 $IPADDR1"/"$IPADDR1_CIDR +vppctl set int ip address tapcli-1 $IPADDR2"/"$IPADDR2_CIDR +vppctl set int state tapcli-0 up +vppctl set int state tapcli-1 up +brctl addbr br0 +brctl addif br0 tap111 +brctl addif br0 enp2s0 +brctl addbr br1 +brctl addif br1 tap222 +brctl addif br1 enp3s0 +ifconfig br0 up +ifconfig br1 up +sleep 1 + +# Start HoneyComb +VERSION=$(cat /opt/config/demo_artifacts_version.txt) +mkdir -p /var/lib/honeycomb/persist/{config,context}/ +echo "" > /var/lib/honeycomb/persist/context/data.json +echo "" > /var/lib/honeycomb/persist/config/data.json +# /opt/honeycomb/sample-distribution-$VERSION/honeycomb &>/dev/null &disown +systemctl restart honeycomb +sleep 1 + +# Start VES client +cd /opt/VES/evel/evel-library/code/VESreporting/ +./go-client.sh &>/dev/null &disown diff --git a/vnfs/vFW/scripts/v_firewall_install_arm64.sh b/vnfs/vFW/scripts/v_firewall_install_arm64.sh new file mode 100755 index 00000000..c97fa91f --- /dev/null +++ b/vnfs/vFW/scripts/v_firewall_install_arm64.sh @@ -0,0 +1,110 @@ +#!/bin/bash +set -x + +NEXUS_ARTIFACT_REPO=$(cat /opt/config/nexus_artifact_repo.txt) +DEMO_ARTIFACTS_VERSION=$(cat /opt/config/demo_artifacts_version.txt) +if [[ "$DEMO_ARTIFACTS_VERSION" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi +INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) +CLOUD_ENV=$(cat /opt/config/cloud_env.txt) + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# OpenStack network configuration +if [[ $CLOUD_ENV == "openstack" ]] +then + echo 127.0.0.1 $(hostname) >> /etc/hosts + + # Allow remote login as root + mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk + cp /home/ubuntu/.ssh/authorized_keys /root/.ssh + + MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + + IP=$(cat /opt/config/vfw_private_ip_0.txt) + BITS=$(cat /opt/config/unprotected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp2s0" >> /etc/network/interfaces + echo "iface enp2s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vfw_private_ip_1.txt) + BITS=$(cat /opt/config/protected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp3s0" >> /etc/network/interfaces + echo "iface enp3s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vfw_private_ip_2.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp4s0" >> /etc/network/interfaces + echo "iface enp4s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + ifup enp2s0 + ifup enp3s0 + ifup enp4s0 +fi + +# Download required dependencies +echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +apt-get update +apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk gcc libcurl4-openssl-dev python-pip bridge-utils apt-transport-https ca-certificates +pip install jsonschema + +# Download artifacts for virtual firewall +mkdir /opt/honeycomb +cd /opt + +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip v_firewall_init_arm64.sh > /opt/v_firewall_init.sh +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip vfirewall.sh > /opt/vfirewall.sh +wget -O sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf&a=sample-distribution&c=hc&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" +wget -O ves-$DEMO_ARTIFACTS_VERSION-demo.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.ves5&a=ves&c=demo&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" +wget -O ves_vfw_reporting-$DEMO_ARTIFACTS_VERSION-demo.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.ves5&a=ves_vfw_reporting&c=demo&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" + +tar -zmxvf ves-$DEMO_ARTIFACTS_VERSION-demo.tar.gz +mv ves-$DEMO_ARTIFACTS_VERSION VES +tar -zmxvf ves_vfw_reporting-$DEMO_ARTIFACTS_VERSION-demo.tar.gz +mv ves_vfw_reporting-$DEMO_ARTIFACTS_VERSION /opt/VES/evel/evel-library/code/VESreporting +tar -zmxvf sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz + +mv sample-distribution-$DEMO_ARTIFACTS_VERSION honeycomb +sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' honeycomb/sample-distribution-$DEMO_ARTIFACTS_VERSION/config/honeycomb.json +rm *.tar.gz + +chmod +x v_firewall_init.sh +chmod +x vfirewall.sh +chmod +x /opt/VES/evel/evel-library/code/VESreporting/go-client.sh + +# Install VPP +rm /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] http://linux.enea.com/apt-mk/xenial nightly extra" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/queens/main ./" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +apt-get update +apt-get -o Dpkg::Options::="--force-overwrite" install -y vpp vpp-lib vpp-dbg vpp-plugins vpp-dev dpdk dpdk-dev dpdk-igb-uio-dkms dpdk-rte-kni-dkms honeycomb +sleep 1 + +# Install VES +cd /opt/VES/evel/evel-library/bldjobs/ +make clean +make +sleep 1 + +# Run instantiation script +cd /opt +mv vfirewall.sh /etc/init.d +update-rc.d vfirewall.sh defaults +./v_firewall_init.sh diff --git a/vnfs/vFW/scripts/v_packetgen_init_arm64.sh b/vnfs/vFW/scripts/v_packetgen_init_arm64.sh new file mode 100755 index 00000000..ca2cb7c1 --- /dev/null +++ b/vnfs/vFW/scripts/v_packetgen_init_arm64.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -x + +# Convert Network CIDR to Netmask +mask2cidr() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + *) echo "Error: $dec is not recognized"; exit 1 + esac + done + echo "$nbits" +} + +# Start VPP +if ! which start; then + echo "#!/bin/bash" > /usr/local/sbin/start + echo "systemctl start \$1" >> /usr/local/sbin/start + chmod u+x /usr/local/sbin/start +fi +start vpp +sleep 1 + +# Configure VPP for vPacketGenerator +IPADDR1=$(ifconfig enp2s0 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +HWADDR1=$(ifconfig enp2s0 | grep -Po "HWaddr \K(.*)") +FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') +PROTECTED_NET_CIDR=$(cat /opt/config/protected_net_cidr.txt) +FW_IPADDR=$(cat /opt/config/fw_ipaddr.txt) +SINK_IPADDR=$(cat /opt/config/sink_ipaddr.txt) + +IPADDR1_MASK=$(ifconfig enp2s0 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR1_CIDR=$(mask2cidr $IPADDR1_MASK) + +ifconfig enp2s0 down +ifconfig enp2s0 hw ether $FAKE_HWADDR1 +ip addr flush dev enp2s0 +ifconfig enp2s0 up +vppctl tap connect tap111 hwaddr $HWADDR1 +vppctl set int ip address tapcli-0 $IPADDR1"/"$IPADDR1_CIDR +vppctl set int state tapcli-0 up +brctl addbr br0 +brctl addif br0 tap111 +brctl addif br0 enp2s0 +ifconfig br0 up +vppctl ip route add $PROTECTED_NET_CIDR via $FW_IPADDR +sleep 1 + +# Install packet streams +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp1 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp2 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp3 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp4 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp5 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp6 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp7 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp8 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp9 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp10 +vppctl exec /opt/pg_streams/stream_fw_udp1 +vppctl exec /opt/pg_streams/stream_fw_udp2 +vppctl exec /opt/pg_streams/stream_fw_udp3 +vppctl exec /opt/pg_streams/stream_fw_udp4 +vppctl exec /opt/pg_streams/stream_fw_udp5 +vppctl exec /opt/pg_streams/stream_fw_udp6 +vppctl exec /opt/pg_streams/stream_fw_udp7 +vppctl exec /opt/pg_streams/stream_fw_udp8 +vppctl exec /opt/pg_streams/stream_fw_udp9 +vppctl exec /opt/pg_streams/stream_fw_udp10 +sleep 1 + +# Start HoneyComb +#VERSION=$(cat /opt/config/demo_artifacts_version.txt) +mkdir -p /var/lib/honeycomb/persist/{config,context}/ +echo "" > /var/lib/honeycomb/persist/context/data.json +echo "" > /var/lib/honeycomb/persist/config/data.json +#/opt/honeycomb/sample-distribution-$VERSION/honeycomb &>/dev/null &disown +systemctl restart honeycomb +sleep 20 + +# Enable traffic flows +cd /opt +chmod +x run_traffic_fw_demo.sh +./run_traffic_fw_demo.sh &>/dev/null &disown diff --git a/vnfs/vFW/scripts/v_packetgen_install_arm64.sh b/vnfs/vFW/scripts/v_packetgen_install_arm64.sh new file mode 100755 index 00000000..8dee6977 --- /dev/null +++ b/vnfs/vFW/scripts/v_packetgen_install_arm64.sh @@ -0,0 +1,89 @@ +#!/bin/bash +set -x + +NEXUS_ARTIFACT_REPO=$(cat /opt/config/nexus_artifact_repo.txt) +DEMO_ARTIFACTS_VERSION=$(cat /opt/config/demo_artifacts_version.txt) +if [[ "$DEMO_ARTIFACTS_VERSION" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi +INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) +CLOUD_ENV=$(cat /opt/config/cloud_env.txt) + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# OpenStack network configuration +if [[ $CLOUD_ENV == "openstack" ]] +then + echo 127.0.0.1 $(hostname) >> /etc/hosts + + # Allow remote login as root + mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk + cp /home/ubuntu/.ssh/authorized_keys /root/.ssh + + MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + + IP=$(cat /opt/config/vpg_private_ip_0.txt) + BITS=$(cat /opt/config/unprotected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp1s0" >> /etc/network/interfaces + echo "iface enp1s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vpg_private_ip_1.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp2s0" >> /etc/network/interfaces + echo "iface enp2s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + ifup enp1s0 + ifup enp2s0 +fi + +# Download required dependencies +echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +apt-get update +apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk gcc libcurl4-openssl-dev python-pip bridge-utils apt-transport-https ca-certificates +pip install jsonschema + +# Download code for packet generator +mkdir /opt/honeycomb +cd /opt + +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip v_packetgen_init_arm64.sh > /opt/v_packetgen_init.sh +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip vpacketgen.sh > /opt/vpacketgen.sh +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip run_traffic_fw_demo.sh > /opt/run_traffic_fw_demo.sh +wget -O sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf&a=sample-distribution&c=hc&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" +wget -O vfw_pg_streams-$DEMO_ARTIFACTS_VERSION-demo.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw_pg_streams&c=demo&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION" + +tar -zmxvf sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz +tar -zmxvf vfw_pg_streams-$DEMO_ARTIFACTS_VERSION-demo.tar.gz +mv vfw_pg_streams-$DEMO_ARTIFACTS_VERSION pg_streams +mv sample-distribution-$DEMO_ARTIFACTS_VERSION honeycomb +sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' honeycomb/sample-distribution-$DEMO_ARTIFACTS_VERSION/config/honeycomb.json +rm *.tar.gz +chmod +x v_packetgen_init.sh +chmod +x vpacketgen.sh + +# Install VPP +rm /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] http://linux.enea.com/apt-mk/xenial nightly extra" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +echo "deb [trusted=yes] http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/queens/main ./" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list +apt-get update +apt-get -o Dpkg::Options::="--force-overwrite" install -y vpp vpp-lib vpp-dbg vpp-plugins vpp-dev dpdk dpdk-dev dpdk-igb-uio-dkms dpdk-rte-kni-dkms honeycomb +sleep 1 + +# Run instantiation script +cd /opt +mv vpacketgen.sh /etc/init.d +update-rc.d vpacketgen.sh defaults +./v_packetgen_init.sh diff --git a/vnfs/vFW/scripts/v_sink_install_arm64.sh b/vnfs/vFW/scripts/v_sink_install_arm64.sh new file mode 100755 index 00000000..73f6ee53 --- /dev/null +++ b/vnfs/vFW/scripts/v_sink_install_arm64.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) +CLOUD_ENV=$(cat /opt/config/cloud_env.txt) + +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# OpenStack network configuration +if [[ $CLOUD_ENV == "openstack" ]] +then + echo 127.0.0.1 $(hostname) >> /etc/hosts + + # Allow remote login as root + mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk + cp /home/ubuntu/.ssh/authorized_keys /root/.ssh + + MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + + IP=$(cat /opt/config/vsn_private_ip_0.txt) + BITS=$(cat /opt/config/protected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp2s0" >> /etc/network/interfaces + echo "iface enp2s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + IP=$(cat /opt/config/vsn_private_ip_1.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) + echo "auto enp3s0" >> /etc/network/interfaces + echo "iface enp3s0 inet static" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces + echo " mtu $MTU" >> /etc/network/interfaces + + ifup enp2s0 + ifup enp3s0 +fi + +# Download required dependencies +echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list +apt-get update +apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk apt-transport-https ca-certificates darkstat + +# Configure and run Darkstat +sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g" /etc/darkstat/init.cfg +sed -i "s/INTERFACE=.*/INTERFACE=\"-i enp2s0\"/g" /etc/darkstat/init.cfg +/etc/init.d/darkstat start + +# Download scripts for virtual sink +cd /opt +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip v_sink_init.sh > /opt/v_sink_init.sh +unzip -p -j /opt/vfw-scripts-$INSTALL_SCRIPT_VERSION.zip vsink.sh > /opt/vsink.sh +chmod +x v_sink_init.sh +chmod +x vsink.sh + +# Run instantiation script +mv vsink.sh /etc/init.d +update-rc.d vsink.sh defaults +./v_sink_init.sh