Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / offline-installer / 04d95d44b43222b6dcef5a3750bea8ab906aad48 / . / patches / base_vfw.yaml
blob: fb4a01743586c619661858f57649a678e664303c [file] [log] [blame]
Michal Ptacek7168a9a2019-11-04 06:45:08 +0000[diff] [blame]1##########################################################################
2#
3#==================LICENSE_START==========================================
4#
5#
6# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
7#
8# Licensed under the Apache License, Version 2.0 (the "License");
9# you may not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11# http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16# See the License for the specific language governing permissions and
17# limitations under the License.
18#
19#==================LICENSE_END============================================
20#
21# ECOMP is a trademark and service mark of AT&T Intellectual Property.
22#
23##########################################################################
24
25heat_template_version: 2013-05-23
26
27description: Heat template that deploys vFirewall demo app for ONAP
28
29##############
30# #
31# PARAMETERS #
32# #
33##############
34
35parameters:
36 vfw_image_name:
37 type: string
38 label: Image name or ID
39 description: Image to be used for compute instance
40 vfw_flavor_name:
41 type: string
42 label: Flavor
43 description: Type of instance (flavor) to be used
44 vpg_image_name:
45 type: string
46 label: Image name or ID
47 description: Image to be used for compute instance
48 vpg_flavor_name:
49 type: string
50 label: Flavor
51 description: Type of instance (flavor) to be used
52 vsn_image_name:
53 type: string
54 label: Image name or ID
55 description: Image to be used for compute instance
56 vsn_flavor_name:
57 type: string
58 label: Flavor
59 description: Type of instance (flavor) to be used
60 public_net_id:
61 type: string
62 label: Public network name or ID
63 description: Public network that enables remote connection to VNF
64 unprotected_private_net_id:
65 type: string
66 label: Unprotected private network name or ID
67 description: Private network that connects vPacketGenerator with vFirewall
68 protected_private_net_id:
69 type: string
70 label: Protected private network name or ID
71 description: Private network that connects vFirewall with vSink
72 onap_private_net_id:
73 type: string
74 label: ONAP management network name or ID
75 description: Private network that connects ONAP components and the VNF
76 onap_private_subnet_id:
77 type: string
78 label: ONAP management sub-network name or ID
79 description: Private sub-network that connects ONAP components and the VNF
80 unprotected_private_net_cidr:
81 type: string
82 label: Unprotected private network CIDR
83 description: The CIDR of the unprotected private network
84 protected_private_net_cidr:
85 type: string
86 label: Protected private network CIDR
87 description: The CIDR of the protected private network
88 onap_private_net_cidr:
89 type: string
90 label: ONAP private network CIDR
91 description: The CIDR of the protected private network
92 vfw_int_unprotected_private_ip_0:
93 type: string
94 label: vFirewall private IP address towards the unprotected network
95 description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator
96 vfw_int_protected_private_ip_0:
97 type: string
98 label: vFirewall private IP address towards the protected network
99 description: Private IP address that is assigned to the vFirewall to communicate with the vSink
100 vfw_onap_private_ip_0:
101 type: string
102 label: vFirewall private IP address towards the ONAP management network
103 description: Private IP address that is assigned to the vFirewall to communicate with ONAP components
104 vfw_int_protected_private_floating_ip:
105 type: string
106 label: same value as vpg_int_unprotected_private_ip_0
107 description: IP to inform OpenStack to enable vfw protected private port to allow packets coming from the packet generator
108 vpg_int_unprotected_private_ip_0:
109 type: string
110 label: vPacketGenerator private IP address towards the unprotected network
111 description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall
112 vpg_onap_private_ip_0:
113 type: string
114 label: vPacketGenerator private IP address towards the ONAP management network
115 description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components
116 vsn_int_protected_private_ip_0:
117 type: string
118 label: vSink private IP address towards the protected network
119 description: Private IP address that is assigned to the vSink to communicate with the vFirewall
120 vsn_onap_private_ip_0:
121 type: string
122 label: vSink private IP address towards the ONAP management network
123 description: Private IP address that is assigned to the vSink to communicate with ONAP components
124 vfw_name_0:
125 type: string
126 label: vFirewall name
127 description: Name of the vFirewall
128 vpg_name_0:
129 type: string
130 label: vPacketGenerator name
131 description: Name of the vPacketGenerator
132 vsn_name_0:
133 type: string
134 label: vSink name
135 description: Name of the vSink
136 vnf_id:
137 type: string
138 label: VNF ID
139 description: The VNF ID is provided by ONAP
140 vnf_name:
141 type: string
142 label: VNF NAME
143 description: The VNF NAME is provided by ONAP
144 vf_module_id:
145 type: string
146 label: vFirewall module ID
147 description: The vFirewall Module ID is provided by ONAP
148 dcae_collector_ip:
149 type: string
150 label: DCAE collector IP address
151 description: IP address of the DCAE collector
152 dcae_collector_port:
153 type: string
154 label: DCAE collector port
155 description: Port of the DCAE collector
156 key_name:
157 type: string
158 label: Key pair name
159 description: Public/Private key pair name
160 pub_key:
161 type: string
162 label: Public key
163 description: Public key to be installed on the compute instance
164 install_script_version:
165 type: string
166 label: Installation script version number
167 description: Version number of the scripts that install the vFW demo app
168 demo_artifacts_version:
169 type: string
170 label: Artifacts version used in demo vnfs
171 description: Artifacts (jar, tar.gz) version used in demo vnfs
172 nexus_artifact_repo:
173 type: string
174 description: Root URL for the Nexus repository for Maven artifacts.
175 cloud_env:
176 type: string
177 label: Cloud environment
178 description: Cloud environment (e.g., openstack, rackspace)
179 sec_group:
180 type: string
181 description: ONAP Security Group
182
183#############
184# #
185# RESOURCES #
186# #
187#############
188
189resources:
190 random-str:
191 type: OS::Heat::RandomString
192 properties:
193 length: 4
194
195 my_keypair:
196 type: OS::Nova::KeyPair
197 properties:
198 name:
199 str_replace:
200 template: vnfname_base_rand
201 params:
202 base: { get_param: key_name }
203 rand: { get_resource: random-str }
204 vnfname: { get_param: vnf_name }
205 public_key: { get_param: pub_key }
206 save_private_key: false
207
208 # NETWORK_ROLE: unprotected_private
209 # NETWORK_TYPE: internal
210 int_unprotected_private_network:
211 type: OS::Neutron::Net
212 properties:
213 name:
214 str_replace:
215 template: vnfname_netid
216 params:
217 netid: { get_param: unprotected_private_net_id }
218 vnfname: { get_param: vnf_name }
219
220 # NETWORK_ROLE: protected_private
221 # NETWORK_TYPE: internal
222 int_protected_private_network:
223 type: OS::Neutron::Net
224 properties:
225 name:
226 str_replace:
227 template: vnfname_netid
228 params:
229 netid: { get_param: protected_private_net_id }
230 vnfname: { get_param: vnf_name }
231
232 # NETWORK_ROLE: unprotected_private
233 # NETWORK_TYPE: internal
234 int_unprotected_private_subnet:
235 type: OS::Neutron::Subnet
236 properties:
237 network: { get_resource: int_unprotected_private_network }
238 cidr: { get_param: unprotected_private_net_cidr }
239
240 # NETWORK_ROLE: protected_private
241 # NETWORK_TYPE: internal
242 int_protected_private_subnet:
243 type: OS::Neutron::Subnet
244 properties:
245 network: { get_resource: int_protected_private_network }
246 cidr: { get_param: protected_private_net_cidr }
247
248 ### Virtual Firewall instantiation ###
249
250 # VM_TYPE: vfw
251 # NETWORK_ROLE: protected_private
252 # NETWORK_TYPE: internal
253 vfw_0_int_unprotected_private_port_0:
254 type: OS::Neutron::Port
255 properties:
256 network: { get_resource: int_unprotected_private_network }
257 fixed_ips: [{"subnet": { get_resource: int_unprotected_private_subnet }, "ip_address": { get_param: vfw_int_unprotected_private_ip_0 }}]
258 security_groups:
259 - { get_param: sec_group }
260
261 # VM_TYPE: vfw
262 # NETWORK_ROLE: protected_private
263 # NETWORK_TYPE: internal
264 vfw_0_int_protected_private_port_0:
265 type: OS::Neutron::Port
266 properties:
267 allowed_address_pairs: [{ "ip_address": { get_param: vfw_int_protected_private_floating_ip }}]
268 network: { get_resource: int_protected_private_network }
269 fixed_ips: [{"subnet": { get_resource: int_protected_private_subnet }, "ip_address": { get_param: vfw_int_protected_private_ip_0 }}]
270 security_groups:
271 - { get_param: sec_group }
272
273 # VM_TYPE: vfw
274 # NETWORK_ROLE: onap_private
275 # NETWORK_TYPE: external
276 vfw_0_onap_private_port_0:
277 type: OS::Neutron::Port
278 properties:
279 network: { get_param: onap_private_net_id }
280 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vfw_onap_private_ip_0 }}]
281 security_groups:
282 - { get_param: sec_group }
283
284 # VM_TYPE: vfw
285 vfw_server_0:
286 type: OS::Nova::Server
287 properties:
288 image: { get_param: vfw_image_name }
289 flavor: { get_param: vfw_flavor_name }
290 name: { get_param: vfw_name_0 }
291 key_name: { get_resource: my_keypair }
292 networks:
293 - network: { get_param: public_net_id }
294 - port: { get_resource: vfw_0_int_unprotected_private_port_0 }
295 - port: { get_resource: vfw_0_int_protected_private_port_0 }
296 - port: { get_resource: vfw_0_onap_private_port_0 }
297 metadata:
298 vnf_id: { get_param: vnf_id }
299 vf_module_id: { get_param: vf_module_id }
300 vnf_name: { get_param: vnf_name }
301 user_data_format: RAW
302 user_data:
303 str_replace:
304 params:
305 __dcae_collector_ip__ : { get_param: dcae_collector_ip }
306 __dcae_collector_port__ : { get_param: dcae_collector_port }
307 __demo_artifacts_version__ : { get_param: demo_artifacts_version }
308 __install_script_version__ : { get_param: install_script_version }
309 __vfw_private_ip_0__ : { get_param: vfw_int_unprotected_private_ip_0 }
310 __vfw_private_ip_1__ : { get_param: vfw_int_protected_private_ip_0 }
311 __vfw_private_ip_2__ : { get_param: vfw_onap_private_ip_0 }
312 __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr }
313 __protected_private_net_cidr__ : { get_param: protected_private_net_cidr }
314 __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
315 __cloud_env__ : { get_param: cloud_env }
316 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
317 template: |
318 #!/bin/bash
319
320 # nasty hack to bypass cloud-init issues
321 sed -i '1i nameserver 8.8.8.8' /etc/resolv.conf
322 iface_correct=`ip a | grep 10.8.8 | awk {'print $7'}`
323 route add default gw 10.8.8.1 ${iface_correct}
324
325 # Create configuration files
326 mkdir /opt/config
327 echo "__dcae_collector_ip__" > /opt/config/dcae_collector_ip.txt
328 echo "__dcae_collector_port__" > /opt/config/dcae_collector_port.txt
329 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
330 echo "__install_script_version__" > /opt/config/install_script_version.txt
331 echo "__vfw_private_ip_0__" > /opt/config/vfw_private_ip_0.txt
332 echo "__vfw_private_ip_1__" > /opt/config/vfw_private_ip_1.txt
333 echo "__vfw_private_ip_2__" > /opt/config/vfw_private_ip_2.txt
334 echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt
335 echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt
336 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
337 echo "__cloud_env__" > /opt/config/cloud_env.txt
338 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
339
340 # Download and run install script
341 apt-get update
342 apt-get -y install unzip
343 if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
344 curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip
345 unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_firewall_install.sh
346 cd /opt
347 chmod +x v_firewall_install.sh
348 ./v_firewall_install.sh
349
350
351 ### Virtual Packet Generator instantiation ###
352
353 vpg_0_int_unprotected_private_port_0:
354 type: OS::Neutron::Port
355 properties:
356 network: { get_resource: int_unprotected_private_network }
357 fixed_ips: [{"subnet": { get_resource: int_unprotected_private_subnet }, "ip_address": { get_param: vpg_int_unprotected_private_ip_0 }}]
358 security_groups:
359 - { get_param: sec_group }
360
361 vpg_0_onap_private_port_0:
362 type: OS::Neutron::Port
363 properties:
364 network: { get_param: onap_private_net_id }
365 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vpg_onap_private_ip_0 }}]
366 security_groups:
367 - { get_param: sec_group }
368
369 vpg_server_0:
370 type: OS::Nova::Server
371 properties:
372 image: { get_param: vpg_image_name }
373 flavor: { get_param: vpg_flavor_name }
374 name: { get_param: vpg_name_0 }
375 key_name: { get_resource: my_keypair }
376 networks:
377 - network: { get_param: public_net_id }
378 - port: { get_resource: vpg_0_int_unprotected_private_port_0 }
379 - port: { get_resource: vpg_0_onap_private_port_0 }
380 metadata:
381 vnf_id: { get_param: vnf_id }
382 vf_module_id: { get_param: vf_module_id }
383 vnf_name: { get_param: vnf_name }
384 user_data_format: RAW
385 user_data:
386 str_replace:
387 params:
388 __fw_ipaddr__: { get_param: vfw_int_unprotected_private_ip_0 }
389 __protected_net_cidr__: { get_param: protected_private_net_cidr }
390 __sink_ipaddr__: { get_param: vsn_int_protected_private_ip_0 }
391 __demo_artifacts_version__ : { get_param: demo_artifacts_version }
392 __install_script_version__ : { get_param: install_script_version }
393 __vpg_private_ip_0__ : { get_param: vpg_int_unprotected_private_ip_0 }
394 __vpg_private_ip_1__ : { get_param: vpg_onap_private_ip_0 }
395 __unprotected_private_net_cidr__ : { get_param: unprotected_private_net_cidr }
396 __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
397 __cloud_env__ : { get_param: cloud_env }
398 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
399 template: |
400 #!/bin/bash
401
402 # nasty hack to bypass cloud-init issues
403 sed -i '1i nameserver 8.8.8.8' /etc/resolv.conf
404 iface_correct=`ip a | grep 10.8.8 | awk {'print $7'}`
405 route add default gw 10.8.8.1 ${iface_correct}
406
407 # Create configuration files
408 mkdir /opt/config
409 echo "__fw_ipaddr__" > /opt/config/fw_ipaddr.txt
410 echo "__protected_net_cidr__" > /opt/config/protected_net_cidr.txt
411 echo "__sink_ipaddr__" > /opt/config/sink_ipaddr.txt
412 echo "__demo_artifacts_version__" > /opt/config/demo_artifacts_version.txt
413 echo "__install_script_version__" > /opt/config/install_script_version.txt
414 echo "__vpg_private_ip_0__" > /opt/config/vpg_private_ip_0.txt
415 echo "__vpg_private_ip_1__" > /opt/config/vpg_private_ip_1.txt
416 echo "__unprotected_private_net_cidr__" > /opt/config/unprotected_private_net_cidr.txt
417 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
418 echo "__cloud_env__" > /opt/config/cloud_env.txt
419 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
420
421 # Download and run install script
422 apt-get update
423 apt-get -y install unzip
424 if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
425 curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip
426 unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_packetgen_install.sh
427 cd /opt
428 chmod +x v_packetgen_install.sh
429 ./v_packetgen_install.sh
430
431
432 ### Virtual Sink instantiation ###
433
434 vsn_0_int_protected_private_port_0:
435 type: OS::Neutron::Port
436 properties:
437 network: { get_resource: int_protected_private_network }
438 fixed_ips: [{"subnet": { get_resource: int_protected_private_subnet }, "ip_address": { get_param: vsn_int_protected_private_ip_0 }}]
439 security_groups:
440 - { get_param: sec_group }
441
442 vsn_0_onap_private_port_0:
443 type: OS::Neutron::Port
444 properties:
445 network: { get_param: onap_private_net_id }
446 fixed_ips: [{"subnet": { get_param: onap_private_subnet_id }, "ip_address": { get_param: vsn_onap_private_ip_0 }}]
447 security_groups:
448 - { get_param: sec_group }
449
450 vsn_server_0:
451 type: OS::Nova::Server
452 properties:
453 image: { get_param: vsn_image_name }
454 flavor: { get_param: vsn_flavor_name }
455 name: { get_param: vsn_name_0 }
456 key_name: { get_resource: my_keypair }
457 networks:
458 - network: { get_param: public_net_id }
459 - port: { get_resource: vsn_0_int_protected_private_port_0 }
460 - port: { get_resource: vsn_0_onap_private_port_0 }
461 metadata:
462 vnf_id: { get_param: vnf_id }
463 vf_module_id: { get_param: vf_module_id }
464 vnf_name: { get_param: vnf_name }
465 user_data_format: RAW
466 user_data:
467 str_replace:
468 params:
469 __protected_net_gw__: { get_param: vfw_int_protected_private_ip_0 }
470 __unprotected_net__: { get_param: unprotected_private_net_cidr }
471 __install_script_version__ : { get_param: install_script_version }
472 __vsn_private_ip_0__ : { get_param: vsn_int_protected_private_ip_0 }
473 __vsn_private_ip_1__ : { get_param: vsn_onap_private_ip_0 }
474 __protected_private_net_cidr__ : { get_param: protected_private_net_cidr }
475 __onap_private_net_cidr__ : { get_param: onap_private_net_cidr }
476 __cloud_env__ : { get_param: cloud_env }
477 __nexus_artifact_repo__: { get_param: nexus_artifact_repo }
478 template: |
479 #!/bin/bash
480
481 # nasty hack to bypass cloud-init issues
482 sed -i '1i nameserver 8.8.8.8' /etc/resolv.conf
483 iface_correct=`ip a | grep 10.8.8 | awk {'print $7'}`
484 route add default gw 10.8.8.1 ${iface_correct}
485
486 # Create configuration files
487 mkdir /opt/config
488 echo "__protected_net_gw__" > /opt/config/protected_net_gw.txt
489 echo "__unprotected_net__" > /opt/config/unprotected_net.txt
490 echo "__install_script_version__" > /opt/config/install_script_version.txt
491 echo "__vsn_private_ip_0__" > /opt/config/vsn_private_ip_0.txt
492 echo "__vsn_private_ip_1__" > /opt/config/vsn_private_ip_1.txt
493 echo "__protected_private_net_cidr__" > /opt/config/protected_private_net_cidr.txt
494 echo "__onap_private_net_cidr__" > /opt/config/onap_private_net_cidr.txt
495 echo "__cloud_env__" > /opt/config/cloud_env.txt
496 echo "__nexus_artifact_repo__" > /opt/config/nexus_artifact_repo.txt
497
498 # Download and run install script
499 apt-get update
500 apt-get -y install unzip
501 if [[ "__install_script_version__" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
502 curl -k -L "__nexus_artifact_repo__/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vfw&a=vfw-scripts&e=zip&v=__install_script_version__" -o /opt/vfw-scripts-__install_script_version__.zip
503 unzip -j /opt/vfw-scripts-__install_script_version__.zip -d /opt v_sink_install.sh
504 cd /opt
505 chmod +x v_sink_install.sh
506 ./v_sink_install.sh