Gitiles
Code Review Sign In
gerrit.nordix.org / onap / testsuite / 0d5b0bfeb5539261019d26abbc5d5feaf0c090f3 / . / robot / assets / asdc / base_vfw / base_vfw.yaml
blob: 076a834077ba8c870528b4be3d1631f13ad06a8f [file] [log] [blame]
DR695Hccff30b2017-02-17 18:44:24 -0500[diff] [blame]1heat_template_version: 2013-05-23
2
3description: Heat template to deploy vFirewall demo app for OpenECOMP
4
5parameters:
6 vfw_image_name:
7 type: string
8 label: Image name or ID
9 description: Image to be used for compute instance
10 vfw_flavor_name:
11 type: string
12 label: Flavor
13 description: Type of instance (flavor) to be used
14 public_net_id:
15 type: string
16 label: Public network name or ID
17 description: Public network that enables remote connection to VNF
18 unprotected_private_net_id:
19 type: string
20 label: Unprotected private network name or ID
21 description: Private network that connects vPacketGenerator with vFirewall
22 protected_private_net_id:
23 type: string
24 label: Protected private network name or ID
25 description: Private network that connects vFirewall with vSink
26 ecomp_private_net_id:
27 type: string
28 label: ECOMP management network name or ID
29 description: Private network that connects ECOMP component and the VNF
30 ecomp_private_subnet_id:
31 type: string
32 label: ECOMP management sub-network name or ID
33 description: Private sub-network that connects ECOMP component and the VNF
34 unprotected_private_net_cidr:
35 type: string
36 label: Unprotected private network CIDR
37 description: The CIDR of the unprotected private network
38 protected_private_net_cidr:
39 type: string
40 label: Protected private network CIDR
41 description: The CIDR of the protected private network
42 ecomp_private_net_cidr:
43 type: string
44 label: ECOMP private network CIDR
45 description: The CIDR of the protected private network
46 vfw_private_ip_0:
47 type: string
48 label: vFirewall private IP address towards the unprotected network
49 description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator
50 vfw_private_ip_1:
51 type: string
52 label: vFirewall private IP address towards the protected network
53 description: Private IP address that is assigned to the vFirewall to communicate with the vSink
54 vfw_private_ip_2:
55 type: string
56 label: vFirewall private IP address towards the ECOMP management network
57 description: Private IP address that is assigned to the vFirewall to communicate with ECOMP components
58 vpg_private_ip_0:
59 type: string
60 label: vPacketGenerator private IP address towards the unprotected network
61 description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall
62 vpg_private_ip_1:
63 type: string
64 label: vPacketGenerator private IP address towards the ECOMP management network
65 description: Private IP address that is assigned to the vPacketGenerator to communicate with ECOMP components
66 vsn_private_ip_0:
67 type: string
68 label: vSink private IP address towards the protected network
69 description: Private IP address that is assigned to the vSink to communicate with the vFirewall
70 vsn_private_ip_1:
71 type: string
72 label: vSink private IP address towards the ECOMP management network
73 description: Private IP address that is assigned to the vSink to communicate with ECOMP components
74 vfw_name_0:
75 type: string
76 label: vFirewall name
77 description: Name of the vFirewall
78 vpg_name_0:
79 type: string
80 label: vPacketGenerator name
81 description: Name of the vPacketGenerator
82 vsn_name_0:
83 type: string
84 label: vSink name
85 description: Name of the vSink
86 vnf_id:
87 type: string
88 label: VNF ID
89 description: The VNF ID is provided by ECOMP
90 vf_module_id:
91 type: string
92 label: vFirewall module ID
93 description: The vFirewall Module ID is provided by ECOMP
94 webserver_ip:
95 type: string
96 label: Webserver IP address
97 description: IP address of the webserver that hosts the source code and binaries
98 dcae_collector_ip:
99 type: string
100 label: DCAE collector IP address
101 description: IP address of the DCAE collector
102 dcae_collector_port:
103 type: string
104 label: DCAE collector port
105 description: Port of the DCAE collector
106 key_name:
107 type: string
108 label: Key pair name
109 description: Public/Private key pair name
110 pub_key:
111 type: string
112 label: Public key
113 description: Public key to be installed on the compute instance
114 repo_user:
115 type: string
116 label: Repository username
117 description: Username to access the repository that hosts the demo packages
118 repo_passwd:
119 type: string
120 label: Repository password
121 description: Password to access the repository that hosts the demo packages
122 repo_url:
123 type: string
124 label: Repository URL
125 description: URL of the repository that hosts the demo packages
126
127resources:
128 my_keypair:
129 type: OS::Nova::KeyPair
130 properties:
131 name: { get_param: key_name }
132 public_key: { get_param: pub_key }
133 save_private_key: false
134
135 unprotected_private_network:
136 type: OS::Neutron::Net
137 properties:
138 name: { get_param: unprotected_private_net_id }
139
140 protected_private_network:
141 type: OS::Neutron::Net
142 properties:
143 name: { get_param: protected_private_net_id }
144
145 unprotected_private_subnet:
146 type: OS::Neutron::Subnet
147 properties:
148 network_id: { get_resource: unprotected_private_network }
149 cidr: { get_param: unprotected_private_net_cidr }
150
151 protected_private_subnet:
152 type: OS::Neutron::Subnet
153 properties:
154 network_id: { get_resource: protected_private_network }
155 cidr: { get_param: protected_private_net_cidr }
156
157 vfw_0:
158 type: OS::Nova::Server
159 properties:
160 image: { get_param: vfw_image_name }
161 flavor: { get_param: vfw_flavor_name }
162 name: { get_param: vfw_name_0 }
163 key_name: { get_resource: my_keypair }
164 networks:
165 - network: { get_param: public_net_id }
166 - port: { get_resource: vfw_private_0_port }
167 - port: { get_resource: vfw_private_1_port }
168 - port: { get_resource: vfw_private_2_port }
169 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
170 user_data_format: RAW
171 user_data:
172 str_replace:
173 params:
174 __webserver__: { get_param: webserver_ip }
175 __dcae_collector_ip__ : { get_param: dcae_collector_ip }
176 __dcae_collector_port__ : { get_param: dcae_collector_port }
177 __repo_url__ : { get_param: repo_url }
178 __repo_user__ : { get_param: repo_user }
179 __repo_passwd__ : { get_param: repo_passwd }
180 template: |
181 #!/bin/bash
182
183 WEBSERVER_IP=__webserver__
184 DCAE_COLLECTOR_IP=__dcae_collector_ip__
185 DCAE_COLLECTOR_PORT=__dcae_collector_port__
186 REPO_URL=__repo_url__
187 REPO_USER=__repo_user__
188 REPO_PASSWD=__repo_passwd__
189
190 # Download required dependencies
191 add-apt-repository -y ppa:openjdk-r/ppa
192 apt-get update
193 apt-get install -y make wget openjdk-8-jdk gcc libcurl4-openssl-dev python-pip bridge-utils apt-transport-https ca-certificates
194 pip install jsonschema
195
196 # Install Nexus certificate
197 echo "$WEBSERVER_IP ecomp-nexus" >> /etc/hosts
198 keytool -printcert -sslserver $WEBSERVER_IP:8443 -rfc > nexus.crt
199 cp nexus.crt /usr/local/share/ca-certificates/
200 update-ca-certificates
201
202 # Download vFirewall code for virtual firewall
203 mkdir /opt/config
204 cd /opt
205 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/v_firewall_init.sh
206 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/vfirewall.sh
207 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/VESvFW.tar.gz
208 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/vpp.tar.gz
209 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/honeycomb.tar.gz
210 tar -zxvf VESvFW.tar.gz
211 tar -zxvf vpp.tar.gz
212 tar -zxvf honeycomb.tar.gz
213 rm *.tar.gz
214 chmod +x v_firewall_init.sh
215 chmod +x vfirewall.sh
216 echo $DCAE_COLLECTOR_IP > config/dcae_collector_ip.txt
217 echo $DCAE_COLLECTOR_PORT > config/dcae_collector_port.txt
218
219 # Install VPP
220 cd /opt/vpp/build-root/
221 dpkg -i vpp-lib_16.09-3~gc021053_amd64.deb
222 dpkg -i vpp_16.09-3~gc021053_amd64.deb
223 dpkg -i vpp-dbg_16.09-3~gc021053_amd64.deb
224 dpkg -i vpp-dev_16.09-3~gc021053_amd64.deb
225 dpkg -i vpp-dpdk-dev_16.09-3~gc021053_amd64.deb
226 dpkg -i vpp-plugins_16.09-3~gc021053_amd64.deb
227 sleep 1
228
229 # Install VES
230 cd /opt/VES1.1/bldjobs/
231 make clean
232 make
233 sleep 1
234
235 # Run instantiation script
236 cd /opt
237 mv vfirewall.sh /etc/init.d
238 update-rc.d vfirewall.sh defaults
239 ./v_firewall_init.sh
240
241 vfw_private_0_port:
242 type: OS::Neutron::Port
243 properties:
244 network: { get_resource: unprotected_private_network }
245 fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vfw_private_ip_0 }}]
246
247 vfw_private_1_port:
248 type: OS::Neutron::Port
249 properties:
250 network: { get_resource: protected_private_network }
251 fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vfw_private_ip_1 }}]
252
253 vfw_private_2_port:
254 type: OS::Neutron::Port
255 properties:
256 network: { get_param: ecomp_private_net_id }
257 fixed_ips: [{"subnet": { get_param: ecomp_private_subnet_id }, "ip_address": { get_param: vfw_private_ip_2 }}]
258
259 vpg_0:
260 type: OS::Nova::Server
261 properties:
262 image: { get_param: vfw_image_name }
263 flavor: { get_param: vfw_flavor_name }
264 name: { get_param: vpg_name_0 }
265 key_name: { get_resource: my_keypair }
266 networks:
267 - network: { get_param: public_net_id }
268 - port: { get_resource: vpg_private_0_port }
269 - port: { get_resource: vpg_private_1_port }
270 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
271 user_data_format: RAW
272 user_data:
273 str_replace:
274 params:
275 __webserver__: { get_param: webserver_ip }
276 __fw_ipaddr__: { get_param: vfw_private_ip_0 }
277 __protected_net_cidr__: { get_param: protected_private_net_cidr }
278 __sink_ipaddr__: { get_param: vsn_private_ip_0 }
279 __repo_url__ : { get_param: repo_url }
280 __repo_user__ : { get_param: repo_user }
281 __repo_passwd__ : { get_param: repo_passwd }
282 template: |
283 #!/bin/bash
284
285 WEBSERVER_IP=__webserver__
286 FW_IPADDR=__fw_ipaddr__
287 PROTECTED_NET_CIDR=__protected_net_cidr__
288 SINK_IPADDR=__sink_ipaddr__
289 REPO_URL=__repo_url__
290 REPO_USER=__repo_user__
291 REPO_PASSWD=__repo_passwd__
292
293 # Download required dependencies
294 add-apt-repository -y ppa:openjdk-r/ppa
295 apt-get update
296 apt-get install -y make wget openjdk-8-jdk gcc libcurl4-openssl-dev python-pip bridge-utils apt-transport-https ca-certificates
297 pip install jsonschema
298
299 # Install Nexus certificate
300 echo "$WEBSERVER_IP ecomp-nexus" >> /etc/hosts
301 keytool -printcert -sslserver $WEBSERVER_IP:8443 -rfc > nexus.crt
302 cp nexus.crt /usr/local/share/ca-certificates/
303 update-ca-certificates
304
305 # Download vFirewall demo code for packet generator
306 mkdir /opt/config
307 cd /opt
308 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/v_packetgen_init.sh
309 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/vpacketgen.sh
310 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/vpp.tar.gz
311 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/honeycomb.tar.gz
312 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/pg_streams.tar.gz
313 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/run_traffic_fw_demo.sh
314 tar -zxvf vpp.tar.gz
315 tar -zxvf honeycomb.tar.gz
316 tar -zxvf pg_streams.tar.gz
317 rm *.tar.gz
318 chmod +x v_packetgen_init.sh
319 chmod +x vpacketgen.sh
320 echo $FW_IPADDR > config/fw_ipaddr.txt
321 echo $PROTECTED_NET_CIDR > config/protected_net_cidr.txt
322 echo $SINK_IPADDR > config/sink_ipaddr.txt
323
324 # Install VPP
325 cd /opt/vpp/build-root/
326 dpkg -i vpp-lib_16.09-3~gc021053_amd64.deb
327 dpkg -i vpp_16.09-3~gc021053_amd64.deb
328 dpkg -i vpp-dbg_16.09-3~gc021053_amd64.deb
329 dpkg -i vpp-dev_16.09-3~gc021053_amd64.deb
330 dpkg -i vpp-dpdk-dev_16.09-3~gc021053_amd64.deb
331 dpkg -i vpp-plugins_16.09-3~gc021053_amd64.deb
332 sleep 1
333
334 # Run instantiation script
335 cd /opt
336 mv vpacketgen.sh /etc/init.d
337 update-rc.d vpacketgen.sh defaults
338 ./v_packetgen_init.sh
339
340 vpg_private_0_port:
341 type: OS::Neutron::Port
342 properties:
343 network: { get_resource: unprotected_private_network }
344 fixed_ips: [{"subnet": { get_resource: unprotected_private_subnet }, "ip_address": { get_param: vpg_private_ip_0 }}]
345
346 vpg_private_1_port:
347 type: OS::Neutron::Port
348 properties:
349 network: { get_param: ecomp_private_net_id }
350 fixed_ips: [{"subnet": { get_param: ecomp_private_subnet_id }, "ip_address": { get_param: vpg_private_ip_1 }}]
351
352 vsn_0:
353 type: OS::Nova::Server
354 properties:
355 image: { get_param: vfw_image_name }
356 flavor: { get_param: vfw_flavor_name }
357 name: { get_param: vsn_name_0 }
358 key_name: { get_resource: my_keypair }
359 networks:
360 - network: { get_param: public_net_id }
361 - port: { get_resource: vsn_private_0_port }
362 - port: { get_resource: vsn_private_1_port }
363 metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }}
364 user_data_format: RAW
365 user_data:
366 str_replace:
367 params:
368 __webserver__: { get_param: webserver_ip }
369 __protected_net_gw__: { get_param: vfw_private_ip_1 }
370 __unprotected_net__: { get_param: unprotected_private_net_cidr }
371 __repo_url__ : { get_param: repo_url }
372 __repo_user__ : { get_param: repo_user }
373 __repo_passwd__ : { get_param: repo_passwd }
374 template: |
375 #!/bin/bash
376
377 WEBSERVER_IP=__webserver__
378 PROTECTED_NET_GW=__protected_net_gw__
379 UNPROTECTED_NET=__unprotected_net__
380 UNPROTECTED_NET=$(echo $UNPROTECTED_NET | cut -d'/' -f1)
381 REPO_URL=__repo_url__
382 REPO_USER=__repo_user__
383 REPO_PASSWD=__repo_passwd__
384
385 # Download required dependencies
386 add-apt-repository -y ppa:openjdk-r/ppa
387 apt-get update
388 apt-get install -y make wget openjdk-8-jdk apt-transport-https ca-certificates darkstat
389
390 # Configure and run darkstat
391 sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g" /etc/darkstat/init.cfg
392 sed -i "s/INTERFACE=.*/INTERFACE=\"-i eth1\"/g" /etc/darkstat/init.cfg
393 /etc/init.d/darkstat start
394
395 # Install Nexus certificate
396 echo "$WEBSERVER_IP ecomp-nexus" >> /etc/hosts
397 keytool -printcert -sslserver $WEBSERVER_IP:8443 -rfc > nexus.crt
398 cp nexus.crt /usr/local/share/ca-certificates/
399 update-ca-certificates
400
401 mkdir /opt/config
402 cd /opt
403 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/v_sink_init.sh
404 wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/vsink.sh
405 chmod +x v_sink_init.sh
406 chmod +x vsink.sh
407 echo $PROTECTED_NET_GW > config/protected_net_gw.txt
408 echo $UNPROTECTED_NET > config/unprotected_net.txt
409 mv vsink.sh /etc/init.d
410 update-rc.d vsink.sh defaults
411 ./v_sink_init.sh
412
413 vsn_private_0_port:
414 type: OS::Neutron::Port
415 properties:
416 network: { get_resource: protected_private_network }
417 fixed_ips: [{"subnet": { get_resource: protected_private_subnet }, "ip_address": { get_param: vsn_private_ip_0 }}]
418
419 vsn_private_1_port:
420 type: OS::Neutron::Port
421 properties:
422 network: { get_param: ecomp_private_net_id }
423 fixed_ips: [{"subnet": { get_param: ecomp_private_subnet_id }, "ip_address": { get_param: vsn_private_ip_1 }}]