From 3627a6c1f7c09ce92ab42a53c79bca2bebee8183 Mon Sep 17 00:00:00 2001 From: Ruoyu Ying Date: Mon, 8 Jul 2019 20:35:12 +0800 Subject: [PATCH] Further enhancement for the vIPSec script * Setup vpp through scripts instead of using the vipsec image due to cloud init limitation * Add router to fix network issues that happens randomly Issue-ID: INT-793 Signed-off-by: Ruoyu Ying Change-Id: I55ee8d9e2d2bf06d69b223a3e8d45b8b10b6b0c7 --- heat/vIPsec/vIPsec/base_vipsec.env | 97 +++++---- heat/vIPsec/vIPsec/base_vipsec.yaml | 417 ++++++++++++++++++++++-------------- 2 files changed, 303 insertions(+), 211 deletions(-) diff --git a/heat/vIPsec/vIPsec/base_vipsec.env b/heat/vIPsec/vIPsec/base_vipsec.env index 6146ff5c..f29eb4fc 100644 --- a/heat/vIPsec/vIPsec/base_vipsec.env +++ b/heat/vIPsec/vIPsec/base_vipsec.env @@ -1,58 +1,61 @@ parameters: - vipsec_image_name: PUT THE VM IMAGE NAME HERE (IPSEC image required) + basic_image_name: ubuntu-16.04 ipsec_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.large suggested) sink_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) packetgen_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) - public_net_id: PUT THE PUBLIC NETWORK ID HERE - protected_clientA_private_net_id: zdfw1fwl01_unprotected - protected_clientB_private_net_id: zdfw1fwl01_protected - onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE - onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE - ipsec_private_net_id: PUT THE IPSEC PRIVATE NETWORK NAME HERE - ipsec_private_subnet_id: PUT THE IPSEC PRIVATE NETWORK NAME HERE - protected_clientA_private_net_cidr: 192.168.10.0/24 - protected_clientB_private_net_cidr: 192.168.20.0/24 - onap_private_net_cidr: 10.0.0.0/16 - ipsec_private_net_cidr: 192.168.30.0/24 - vipsec_A_private_ip_0: 192.168.10.100 - vipsec_B_private_ip_0: 192.168.20.100 - vipsec_A_private_ip_1: 10.0.100.1 - vipsec_B_private_ip_1: 10.0.100.4 - vipsec_A_private_ip_2: 10.0.30.100 - vipsec_B_private_ip_2: 10.0.30.101 - vpg_private_ip_0: 192.168.10.200 - vpg_private_ip_1: 10.0.100.2 - vsn_private_ip_0: 192.168.20.250 - vsn_private_ip_1: 10.0.100.3 - vipsec_name_0: zdfw1fwl01fwl01 - vipsec_name_1: zdfw1fwl01fwl02 - vpg_name_0: zdfw1fwl01pgn01 - vsn_name_0: zdfw1fwl01snk01 - vipsec_A_private_0_port_vnic_type: normal or direct - vipsec_B_private_0_port_vnic_type: normal or direct - vipsec_private_1_port_vnic_type: normal or direct - vipsec_private_2_port_vnic_type: normal or direct - vpg_private_0_port_vnic_type: normal or direct - vpg_private_1_port_vnic_type: normal or direct - vsn_private_0_port_vnic_type: normal or direct - vsn_private_1_port_vnic_type: normal or direct - input_device_interface_A: TwentyFiveGigabitEthernet18/0/0 - input_device_interface_B: TwentyFiveGigabitEthernet18/0/1 - output_device_interface_A: TwentyFiveGigabitEthernet18/0/0 - output_device_interface_B: TwentyFiveGigabitEthernet18/0/1 - input_interface_A: 0000:00:06.0 - input_interface_B: 0000:00:06.0 - output_interface_A: 0000:00:07.0 - output_interface_B: 0000:00:07.0 + public_net_id: external + protected_clientA_private_net_id: private_net_clientA + protected_clientB_private_net_id: private_net_clientB + protected_clientA_provider_net_id: private-1 + protected_clientB_provider_net_id: private-1 + onap_private_net_id: oam_onap_vnf_test + onap_private_subnet_id: oam_onap_vnf_test + ipsec_private_net_id: ipsec_net + ipsec_provider_net_id: private-1 + protected_clientA_private_net_cidr: 192.168.70.0/24 + protected_clientB_private_net_cidr: 192.168.80.0/24 + onap_private_net_cidr: 20.0.0.0/16 + ipsec_private_net_cidr: 192.168.100.0/24 + vipsec_A_private_ip_0: 192.168.70.100 + vipsec_B_private_ip_0: 192.168.80.100 + vipsec_A_private_ip_1: 20.0.100.7 + vipsec_B_private_ip_1: 20.0.100.8 + vipsec_A_private_ip_2: 192.168.100.3 + vipsec_B_private_ip_2: 192.168.100.4 + vpg_private_ip_0: 192.168.70.200 + vpg_private_ip_1: 20.0.100.10 + vsn_private_ip_0: 192.168.80.250 + vsn_private_ip_1: 20.0.100.9 + vipsec_name_0: ipsec01 + vipsec_name_1: ipsec02 + vpg_name_0: vpg01 + vsn_name_0: vsn01 + vipsec_A_private_0_port_vnic_type: direct + vipsec_B_private_0_port_vnic_type: direct + vipsec_private_1_port_vnic_type: normal + vipsec_private_2_port_vnic_type: direct + vpg_private_0_port_vnic_type: direct + vpg_private_1_port_vnic_type: normal + vsn_private_0_port_vnic_type: direct + vsn_private_1_port_vnic_type: normal + input_device_interface_A: VirtualFunctionEthernet0/5/0 + input_device_interface_B: VirtualFunctionEthernet0/6/0 + output_device_interface_A: VirtualFunctionEthernet0/6/0 + output_device_interface_B: VirtualFunctionEthernet0/5/0 + input_interface_A: 0000:00:05.0 + input_interface_B: 0000:00:05.0 + output_interface_A: 0000:00:06.0 + output_interface_B: 0000:00:06.0 ipsec_A_MAC_address: 1:00:00:00:00:01 ipsec_B_MAC_address: 11:11:11:11:00:11 + ipsec_config: /opt/config/ipsec.config + vpp_config: /opt/config/vpp.config vnf_id: vIPsec_demo_app vf_module_id: vIPsec dcae_collector_ip: 10.0.4.1 - dcae_collector_port: 30235 - demo_artifacts_version: 1.5.0-SNAPSHOT - install_script_version: 1.5.0-SNAPSHOT + dcae_collector_port: 8081 + demo_artifacts_version: 1.4.0-SNAPSHOT + install_script_version: 1.4.0-SNAPSHOT key_name: vipsec_key - pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN + pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxk+Rp4jv6Ni0wJJQlY6jzcYgb/ujLFwOtVFX1mB6sAH35QnbJ5gj694If6eGg0qST+6GBUhUf856Jt4l7lLrfmJbisi2/IiRQHjbRgf4DmJ2Uko1sTqPjH80wyaBzRhmomA0Q2YtRypfQB2DrGP5a96iLil1N1h8pTL81Pw6J3VkgA53jFwv2+Pbn6vGCFGyFesDq5NZi5aEb4AWuHcXhhI4lxzBMDyXcNyaDsw1PNh+Mh3TaAdmuxA/vhbzaxY/WUHIbyNl8KBjDBWIue6tk1GXZ6lj259TEA5v76oDbqcPoSIKqQEYd5XvUTqgziVCA8SHx+XrjMydeBYr+7/RT cloud_env: openstack - sec_group: PUT THE ONAP SECURITY GROUP HERE diff --git a/heat/vIPsec/vIPsec/base_vipsec.yaml b/heat/vIPsec/vIPsec/base_vipsec.yaml index 6d401415..d64f30d3 100644 --- a/heat/vIPsec/vIPsec/base_vipsec.yaml +++ b/heat/vIPsec/vIPsec/base_vipsec.yaml @@ -31,10 +31,10 @@ description: Heat template that deploys vIPsec demo app for ONAP ############## parameters: - vipsec_image_name: + basic_image_name: type: string label: Image name or ID - description: Image to be used for compute instance + description: Image to be used for IPsec compute instance ipsec_flavor_name: type: string label: IPsec Flavor @@ -51,18 +51,26 @@ parameters: type: string label: Public network name or ID description: Public network that enables remote connection to VNF - external_net_id: - type: string - label: External network name or ID - description: External network that connects the two IPsec gateways protected_clientA_private_net_id: type: string - label: Unprotected private network name or ID + label: protected private network name or ID description: Private network that connects vPacketGenerator with vIPsec gateway A protected_clientB_private_net_id: type: string label: Protected private network name or ID description: Private network that connects vIPsec gateway B with vSink + protected_clientA_provider_net_id: + type: string + label: Provider network name or ID for client A + description: Private network that connects vPacketGenerator with vIPsec gateway A + protected_clientB_provider_net_id: + type: string + label: Provider network name or ID for client B + description: Private network that connects vIPsec gateway B with vSink + ipsec_provider_net_id: + type: string + label: Provider network name or ID between IPsec gateways + description: Private network that connects vIPsec gateway B with vIPsec gateway A onap_private_net_id: type: string label: ONAP management network name or ID @@ -75,10 +83,6 @@ parameters: type: string label: IPsec private network name or ID description: Private network that connects the two IPsec VNFs - ipsec_private_subnet_id: - type: string - label: IPsec sub-network name or ID - description: Private sub-network that connects the two IPsec VNFs protected_clientA_private_net_cidr: type: string label: Unprotected private network CIDR @@ -223,18 +227,6 @@ parameters: type: string label: Cloud environment description: Cloud environment (e.g., openstack, rackspace) - sec_group: - type: string - description: ONAP Security Group - sdnc_model_name: - type: string - description: SDNC Model Name metatada - sdnc_model_version: - type: string - description: SDNC Model Version metatada - sdnc_artifact_name: - type: string - description: SDNC Artifact Name metatada input_device_interface_A: type: string description: Device BDF name for the interface @@ -296,15 +288,73 @@ resources: public_key: { get_param: pub_key } save_private_key: false - protected_clientA_private_network: + security_group_ipsec: + type: OS::Neutron::SecurityGroup + properties: + name: "ipsec_sg" + rules: + - {direction: ingress, remote_ip_prefix: 0.0.0.0/0, protocol: icmp } + - {direction: ingress, remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 22, port_range_max: 22} + + onap_private_net: type: OS::Neutron::Net + properties: + name: { get_param: onap_private_net_id } + + onap_private_subnet: + type: OS::Neutron::Subnet + properties: + name: { get_param: onap_private_subnet_id } + network_id: { get_resource: onap_private_net } + cidr: { get_param: onap_private_net_cidr } + dns_nameservers: [ "8.8.8.8" ] + + router: + type: OS::Neutron::Router + properties: + name: + list_join: ['-', [{ get_param: 'OS::stack_name' }, 'router']] + external_gateway_info: + network: { get_param: public_net_id } + + oam_router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: onap_private_subnet } + + ipsec_0_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: vipsec_A_private_1_port } + + ipsec_1_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: vipsec_B_private_1_port } + + protected_clientA_private_network: + type: OS::Neutron::ProviderNet properties: name: { get_param: protected_clientA_private_net_id } + physical_network: { get_param: protected_clientA_provider_net_id } + network_type: vlan protected_clientB_private_network: - type: OS::Neutron::Net + type: OS::Neutron::ProviderNet properties: name: { get_param: protected_clientB_private_net_id } + physical_network: { get_param: protected_clientB_provider_net_id } + network_type: vlan + + protected_ipsec_network: + type: OS::Neutron::ProviderNet + properties: + name: { get_param: ipsec_private_net_id } + physical_network: { get_param: ipsec_provider_net_id } + network_type: vlan protected_clientA_private_subnet: type: OS::Neutron::Subnet @@ -318,75 +368,79 @@ resources: network_id: { get_resource: protected_clientB_private_network } cidr: { get_param: protected_clientB_private_net_cidr } + ipsec_private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: protected_ipsec_network } + cidr: { get_param: ipsec_private_net_cidr } + # Virtual IPsec instantiation vipsec_A_private_0_port: type: OS::Neutron::Port properties: network: { get_resource: protected_clientA_private_network } binding:vnic_type: { get_param: vipsec_A_private_0_port_vnic_type} - fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet}, "ipaddress": { get_param: vipsec_A_private_ip_0 }}] + fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet}, "ip_address": { get_param: vipsec_A_private_ip_0 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } vipsec_A_private_1_port: type: OS::Neutron::Port properties: - #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] - network: { get_param: onap_private_net_id } + network: { get_resource: onap_private_net } binding:vnic_type: { get_param: vipsec_private_1_port_vnic_type} - fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vipsec_A_private_ip_1 }}] + fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vipsec_A_private_ip_1 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } vipsec_A_private_2_port: type: OS::Neutron::Port properties: - #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] - network: { get_param: ipsec_private_net_id } + allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] + network: { get_resource: protected_ipsec_network } binding:vnic_type: { get_param: vipsec_private_2_port_vnic_type} - fixed_ips: [{"subnet": { get_param: ipsec_private_subnet_id }, "ip_address": { get_param: vipsec_A_private_ip_2 }}] + fixed_ips: [{"subnet": { get_resource: ipsec_private_subnet }, "ip_address": { get_param: vipsec_A_private_ip_2 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } vipsec_B_private_0_port: type: OS::Neutron::Port properties: network: { get_resource: protected_clientB_private_network } binding:vnic_type: { get_param: vipsec_B_private_0_port_vnic_type} - fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet}, "ipaddress": { get_param: vipsec_B_private_ip_0 }}] + fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet}, "ip_address": { get_param: vipsec_B_private_ip_0 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } vipsec_B_private_1_port: type: OS::Neutron::Port properties: - #allowed_address_pairs: [{ "ip_address": { get_param: vpg_private_ip_0 }}] - network: { get_param: onap_private_net_id } + network: { get_resource: onap_private_net } binding:vnic_type: { get_param: vipsec_private_1_port_vnic_type} - fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vipsec_B_private_ip_1 }}] + fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vipsec_B_private_ip_1 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } vipsec_B_private_2_port: type: OS::Neutron::Port properties: - network: { get_param: ipsec_private_net_id } + network: { get_resource: protected_ipsec_network } binding:vnic_type: { get_param: vipsec_private_2_port_vnic_type} - fixed_ips: [{"subnet": { get_param: ipsec_private_subnet_id }, "ip_address": { get_param: vipsec_B_private_ip_2 }}] + fixed_ips: [{"subnet": { get_resource: ipsec_private_subnet }, "ip_address": { get_param: vipsec_B_private_ip_2 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } vipsec_0: type: OS::Nova::Server properties: - image: { get_param: vipsec_image_name } + image: { get_param: basic_image_name } flavor: { get_param: ipsec_flavor_name } name: { get_param: vipsec_name_0 } key_name: { get_resource: my_keypair } networks: - - network: { get_param: public_net_id } - port: { get_resource: vipsec_A_private_0_port } - port: { get_resource: vipsec_A_private_1_port } + - port: { get_resource: vipsec_A_private_2_port } metadata: { vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} user_data_format: RAW user_data: @@ -434,10 +488,23 @@ resources: # Download and run install script apt-get update - cd /root/comms/dpdk/x86_64-native-linuxapp-gcc/kmod - modeprobe uio - insmod igb_uio.ko + wget https://packagecloud.io/install/repositories/fdio/release/script.deb.sh + bash ./script.deb.sh + apt install -y vpp + apt install -y vpp-plugin-dpdk + apt install -y make gcc libnuma-dev python cd /opt + git clone http://dpdk.org/git/dpdk + cd dpdk + export RTE_TARGET=x86_64-native-linuxapp-gcc/ + export DESTDIR=/opt/dpdk + export RTE_SDK=/opt/dpdk + make install T=x86_64-native-linux-gcc + modprobe uio + insmod x86_64-native-linux-gcc/kmod/igb_uio.ko + python ./usertools/dpdk-devbind.py -b igb_uio 00:06.0 + python ./usertools/dpdk-devbind.py -b igb_uio 00:05.0 + cd /opt/config cat > __vpp_config__<< NEWFILE unix { @@ -470,7 +537,6 @@ resources: } vdev crypto_aesni_gcm0 - num-mbufs 370000 no-multi-seg } @@ -509,14 +575,14 @@ resources: vipsec_1: type: OS::Nova::Server properties: - image: { get_param: vipsec_image_name } + image: { get_param: basic_image_name } flavor: { get_param: ipsec_flavor_name } name: { get_param: vipsec_name_1 } key_name: { get_resource: my_keypair } networks: - - network: { get_param: public_net_id } - port: { get_resource: vipsec_B_private_0_port } - port: { get_resource: vipsec_B_private_1_port } + - port: { get_resource: vipsec_B_private_2_port } metadata: { vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} user_data_format: RAW user_data: @@ -564,10 +630,23 @@ resources: # Download and run install script apt-get update - cd /root/comms/dpdk/x86_64-native-linuxapp-gcc/kmod - modeprobe uio - insmod igb_uio.ko + wget https://packagecloud.io/install/repositories/fdio/release/script.deb.sh + bash ./script.deb.sh + apt install -y vpp + apt install -y vpp-plugin-dpdk + apt install -y make gcc libnuma-dev python cd /opt + git clone http://dpdk.org/git/dpdk + cd /opt/dpdk + export RTE_TARGET=x86_64-native-linuxapp-gcc/ + export DESTDIR=/opt/dpdk + export RTE_SDK=/opt/dpdk + make install T=x86_64-native-linux-gcc + modprobe uio + insmod x86_64-native-linux-gcc/kmod/igb_uio.ko + python ./usertools/dpdk-devbind.py -b igb_uio 00:05.0 + python ./usertools/dpdk-devbind.py -b igb_uio 00:06.0 + cd /opt/config cat > __vpp_config__<< NEWFILE unix { @@ -600,7 +679,6 @@ resources: } vdev crypto_aesni_gcm0 - num-mbufs 370000 no-multi-seg } @@ -645,70 +723,76 @@ resources: binding:vnic_type: { get_param: vpg_private_0_port_vnic_type} fixed_ips: [{"subnet": { get_resource: protected_clientA_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } vpg_private_1_port: type: OS::Neutron::Port properties: - network: { get_param: onap_private_net_id } + network: { get_resource: onap_private_net } binding:vnic_type: { get_param: vpg_private_1_port_vnic_type} - fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}] + fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vpg_private_ip_1 }}] security_groups: - - { get_param: sec_group } - - vpg_0: - type: OS::Nova::Server - properties: - image: { get_param: vipsec_image_name } - flavor: { get_param: packetgen_flavor_name } - name: { get_param: vpg_name_0 } - key_name: { get_resource: my_keypair } - networks: - - network: { get_param: public_net_id } - - port: { get_resource: vpg_private_0_port } - - port: { get_resource: vpg_private_1_port } - metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} - user_data_format: RAW - user_data: - str_replace: - params: - __ipsec_ipaddr__: { get_param: vipsec_A_private_ip_0 } - __protected_clientB_net_cidr__: { get_param: protected_clientB_private_net_cidr } - __sink_ipaddr__: { get_param: vsn_private_ip_0 } - __demo_artifacts_version__ : { get_param: demo_artifacts_version } - __install_script_version__ : { get_param: install_script_version } - __vpg_private_ip_0__ : { get_param: vpg_private_ip_0 } - __vpg_private_ip_1__ : { get_param: vpg_private_ip_1 } - __protected_clientA_net_cidr__ : { get_param: protected_clientA_private_net_cidr } - __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } - __cloud_env__ : { get_param: cloud_env } - __nexus_artifact_repo__: { get_param: nexus_artifact_repo } - template: | - #!/bin/bash + - { get_resource: security_group_ipsec } - # Create configuration files - mkdir /opt/config - echo "__ipsec_ipaddr__" > /opt/config/vipsec_ipaddr.txt - echo "__protected_clientB_net_cidr__" > /opt/config/protected_clientB_net_cidr.txt - echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt - echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt - echo "__install_script_version__" > /opt/config/install_script_version.txt - echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt - echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt - echo "__protected_clientA__net_cidr__" > /opt/config/protected_clientA_net_cidr.txt - echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt - echo "__cloud_env__" > /opt/config/cloud_env.txt - echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt - # Download and run install script - apt-get update - apt-get -y install unzip - if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi - curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip - unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh - cd /opt - chmod +x v_packetgen_install.sh - ./v_packetgen_install.sh + vpg_0_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: vpg_private_1_port } + + vpg_0: + type: OS::Nova::Server + properties: + image: { get_param: basic_image_name } + flavor: { get_param: packetgen_flavor_name } + name: { get_param: vpg_name_0 } + key_name: { get_resource: my_keypair } + networks: + - port: { get_resource: vpg_private_0_port } + - port: { get_resource: vpg_private_1_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} + user_data_format: RAW + user_data: + str_replace: + params: + __ipsec_ipaddr__: { get_param: vipsec_A_private_ip_0 } + __protected_clientB_net_cidr__: { get_param: protected_clientB_private_net_cidr } + __sink_ipaddr__: { get_param: vsn_private_ip_0 } + __demo_artifacts_version__ : { get_param: demo_artifacts_version } + __install_script_version__ : { get_param: install_script_version } + __vpg_private_ip_0__ : { get_param: vpg_private_ip_0 } + __vpg_private_ip_1__ : { get_param: vpg_private_ip_1 } + __protected_clientA_net_cidr__ : { get_param: protected_clientA_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__ipsec_ipaddr__" > /opt/config/vipsec_ipaddr.txt + echo "__protected_clientB_net_cidr__" > /opt/config/protected_clientB_net_cidr.txt + echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt + echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt + echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt + echo "__protected_clientA__net_cidr__" > /opt/config/protected_clientA_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip + unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh + cd /opt + chmod +x v_packetgen_install.sh + ./v_packetgen_install.sh # Virtual Sink instantiation @@ -719,63 +803,68 @@ resources: binding:vnic_type: { get_param: vsn_private_0_port_vnic_type} fixed_ips: [{"subnet": { get_resource: protected_clientB_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } vsn_private_1_port: type: OS::Neutron::Port properties: - network: { get_param: onap_private_net_id } + network: { get_resource: onap_private_net } binding:vnic_type: { get_param: vsn_private_1_port_vnic_type} - fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}] + fixed_ips: [{"subnet": { get_resource: onap_private_subnet }, "ip_address": { get_param: vsn_private_ip_1 }}] security_groups: - - { get_param: sec_group } + - { get_resource: security_group_ipsec } - vsn_0: - type: OS::Nova::Server + vsn_floating_ip: + type: OS::Neutron::FloatingIP properties: - image: { get_param: vipsec_image_name } - flavor: { get_param: sink_flavor_name } - name: { get_param: vsn_name_0 } - key_name: { get_resource: my_keypair } - networks: - - network: { get_param: public_net_id } - - port: { get_resource: vsn_private_0_port } - - port: { get_resource: vsn_private_1_port } - metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} - user_data_format: RAW - user_data: - str_replace: - params: - __protected_net_gw__: { get_param: vipsec_B_private_ip_0 } - __protected_net_A__: { get_param: protected_clientA_private_net_cidr } - __install_script_version__ : { get_param: install_script_version } - __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 } - __vsn_private_ip_1__ : { get_param: vsn_private_ip_1 } - __protected_clientB_private_net_cidr__ : { get_param: protected_clientB_private_net_cidr } - __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } - __cloud_env__ : { get_param: cloud_env } - __nexus_artifact_repo__: { get_param: nexus_artifact_repo } - template: | - #!/bin/bash - - # Create configuration files - mkdir /opt/config - echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt - echo "__protected_net_A__" > /opt/config/protected_net_A.txt - echo "__install_script_version__" > /opt/config/install_script_version.txt - echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt - echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt - echo "__protected_clientB_private_net_cidr__" > /opt/config/protected_clientB_private_net_cidr.txt - echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt - echo "__cloud_env__" > /opt/config/cloud_env.txt - echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt - - # Download and run install script - apt-get update - apt-get -y install unzip - if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi - curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip - unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_sink_install.sh - cd /opt - chmod +x v_sink_install.sh - ./v_sink_install.sh + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: vsn_private_1_port } + + vsn_0: + type: OS::Nova::Server + properties: + image: { get_param: basic_image_name } + flavor: { get_param: sink_flavor_name } + name: { get_param: vsn_name_0 } + key_name: { get_resource: my_keypair } + networks: + - port: { get_resource: vsn_private_0_port } + - port: { get_resource: vsn_private_1_port } + metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }} + user_data_format: RAW + user_data: + str_replace: + params: + __protected_net_gw__: { get_param: vipsec_B_private_ip_0 } + __protected_net_A__: { get_param: protected_clientA_private_net_cidr } + __install_script_version__ : { get_param: install_script_version } + __vsn_private_ip_0__ : { get_param: vsn_private_ip_0 } + __vsn_private_ip_1__ : { get_param: vsn_private_ip_1 } + __protected_clientB_private_net_cidr__ : { get_param: protected_clientB_private_net_cidr } + __onap_private_net_cidr__ : { get_param: onap_private_net_cidr } + __cloud_env__ : { get_param: cloud_env } + __nexus_artifact_repo__: { get_param: nexus_artifact_repo } + template: | + #!/bin/bash + + # Create configuration files + mkdir /opt/config + echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt + echo "__protected_net_A__" > /opt/config/protected_net_A.txt + echo "__install_script_version__" > /opt/config/install_script_version.txt + echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt + echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt + echo "__protected_clientB_private_net_cidr__" > /opt/config/protected_clientB_private_net_cidr.txt + echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt + echo "__cloud_env__" > /opt/config/cloud_env.txt + echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt + + # Download and run install script + apt-get update + apt-get -y install unzip + if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi + curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec-scripts&e=zip&v=__install_script_version__" -o /opt/vipsec-scripts-__install_script_version__.zip + unzip -j /opt/vipsec-scripts-__install_script_version__.zip -d /opt v_sink_install.sh + cd /opt + chmod +x v_sink_install.sh + ./v_sink_install.sh -- 2.16.6