-## Building containers\r
-\r
-To accommodate the git repo access issue, the cgts-client and distributed client are\r
-cloned into temp before docker building\r
-\r
-```sh\r
-mkdir -p temp\r
-cd temp\r
-git clone --depth 1 --branch master https://opendev.org/starlingx/config.git\r
-git clone --depth 1 --branch master https://opendev.org/starlingx/distcloud-client.git\r
-cd -\r
-```\r
-\r
-```sh\r
-docker-compose build\r
-```\r
-\r
-## Running the tests\r
-\r
-\r
-```sh\r
-source ./admin_openrc.sh\r
-export |grep OS_AUTH_URL\r
-export |grep OS_USERNAME\r
-export |grep OS_PASSWORD\r
-docker-compose up -d\r
-docker-compose run --rm --no-deps --entrypoint=pytest api /tests/unit /tests/integration\r
-```\r
-\r
-## Running the tests with a O-Cloud\r
-\r
-Prerequisite: in case of testing against real ocloud, download openrc file from ocloud dashboard, e.g. \r
-\r
-```sh\r
-admin_openrc.sh\r
-docker-compose run --rm --no-deps --entrypoint=pytest api /tests/unit /tests/integration-ocloud\r
-\r
-docker-compose run --rm --no-deps --entrypoint=pytest api /tests/integration-ocloud --log-level=DEBUG --log-file=/test\r
-s/debug.log\r
-```\r
-\r
-## Tear down containers\r
-\r
-```sh\r
-docker-compose down --remove-orphans\r
-```\r
-\r
-## Test with local virtualenv\r
-\r
-```sh\r
-python3.8 -m venv .venv && source .venv/bin/activate\r
-pip install -r requirements.txt -c constraints.txt\r
-pip install -r requirements-test.txt\r
-pip install -e o2ims\r
-# pip install -e o2dms -e o2common\r
-pytest tests/unit\r
-pytest tests/integration\r
-pytest tests/e2e\r
-```\r
-\r
-\r
-Test O2DMS with docker-compose\r
-==============================\r
-\r
-## setup account over INF and get token\r
-\r
-```sh\r
-USER="admin-user"\r
-NAMESPACE="kube-system"\r
-\r
-cat <<EOF > admin-login.yaml\r
-apiVersion: v1\r
-kind: ServiceAccount\r
-metadata:\r
- name: ${USER}\r
- namespace: kube-system\r
----\r
-apiVersion: rbac.authorization.k8s.io/v1\r
-kind: ClusterRoleBinding\r
-metadata:\r
- name: ${USER}\r
-roleRef:\r
- apiGroup: rbac.authorization.k8s.io\r
- kind: ClusterRole\r
- name: cluster-admin\r
-subjects:\r
-- kind: ServiceAccount\r
- name: ${USER}\r
- namespace: kube-system\r
-EOF\r
-kubectl apply -f admin-login.yaml\r
-TOKEN_DATA=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${USER} | awk '{print $1}') | grep "token:" | awk '{print $2}')\r
-\r
-```\r
-\r
-## setup remote cli to access kubenetes cluster over INF\r
-\r
-```sh\r
-sudo apt-get install -y apt-transport-https\r
-echo "deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" | \\r
-sudo tee -a /etc/apt/sources.list.d/kubernetes.list\r
-sudo apt-get update\r
-sudo apt-get install -y kubectl\r
-\r
-source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.\r
-echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.\r
-\r
-https://get.helm.sh/helm-v3.5.3-linux-amd64.tar.gz\r
-tar xvf helm-v3.5.3-linux-amd64.tar.gz\r
-sudo cp linux-amd64/helm /usr/local/bin\r
-\r
-source <(helm completion bash)\r
-echo "source <(helm completion bash)" >> ~/.bashrc\r
-\r
-OAM_IP=<INF OAM IP>\r
-NAMESPACE=default\r
-TOKEN_DATA=<TOKEN_DATA from INF>\r
-\r
-USER="admin-user"\r
-\r
-kubectl config set-cluster inf-cluster --server=https://${OAM_IP}:6443 --insecure-skip-tls-verify\r
-kubectl config set-credentials ${USER} --token=$TOKEN_DATA\r
-kubectl config set-context ${USER}@inf-cluster --cluster=inf-cluster --user ${USER} --namespace=${NAMESPACE}\r
-kubectl config use-context ${USER}@inf-cluster\r
-\r
-kubectl get pods -A\r
-\r
-```\r
-\r
-\r
-## setup local repo: o2imsrepo\r
-\r
-```sh\r
-helm repo add chartmuseum https://chartmuseum.github.io/charts\r
-helm repo update\r
-helm pull chartmuseum/chartmuseum # download chartmuseum-3.4.0.tgz to local\r
-tar zxvf chartmuseum-3.4.0.tgz\r
-\r
-export NODE_IP=<INF OAM IP>\r
-\r
-cat <<EOF>chartmuseum-override.yaml\r
-env:\r
- open:\r
- DISABLE_API: false\r
-service:\r
- type: NodePort\r
- nodePort: 30330\r
-EOF\r
-\r
-helm install chartmuseumrepo chartmuseum/chartmuseum -f chartmuseum-override.yaml\r
-kubectl get pods\r
-Kubectl get services\r
-\r
-helm repo add o2imsrepo http://${NODE_IP}:30330\r
-helm repo update\r
-\r
-helm repo add bitnami https://charts.bitnami.com/bitnami\r
-helm repo update\r
-\r
-helm pull bitnami/mysql\r
-helm push mysql-8.8.16.tgz o2imsrepo\r
-helm repo update\r
-\r
-helm install my-release o2imsrepo/mysql\r
-kubectl get pods\r
-helm del my-release\r
-\r
-```\r
-\r
-\r
-\r
-## Verify CFW over INF: Test with cnf firewall-host-netdevice\r
-\r
-## Setup host netdevice over INF\r
-\r
-```sh\r
-ssh sysadmin@<inf oam IP>\r
-sudo ip link add name veth11 type veth peer name veth12\r
-sudo ip link add name veth21 type veth peer name veth22\r
-sudo ip link |grep veth\r
-exit\r
-```\r
-\r
-\r
-## verify CNF over INF\r
-```sh\r
-git clone https://github.com/biny993/firewall-host-netdevice.git\r
-\r
-cat <<EOF> cfw-hostdev-override.yaml\r
-\r
-image:\r
- repository: ubuntu\r
- tag: 18.04\r
- pullPolicy: IfNotPresent\r
-\r
-resources:\r
- cpu: 2\r
- memory: 2Gi\r
- hugepage: 256Mi\r
-\r
-#global vars for parent and subcharts.\r
-\r
-\r
- unprotectedNetPortVpg: veth11\r
- unprotectedNetPortVfw: veth12\r
- unprotectedNetCidr: 10.10.1.0/24\r
- unprotectedNetGwIp: 10.10.1.1\r
-\r
- protectedNetPortVfw: veth21\r
- protectedNetPortVsn: veth22\r
- protectedNetCidr: 10.10.2.0/24\r
- protectedNetGwIp: 10.10.2.1\r
-\r
- vfwPrivateIp0: 10.10.1.1\r
- vfwPrivateIp1: 10.10.2.1\r
-\r
- vpgPrivateIp0: 10.10.1.2\r
-\r
- vsnPrivateIp0: 10.10.2.2\r
-\r
-EOF\r
-\r
-helm install cfw1 firewall-host-netdevice -f cfw-hostdev-override.yaml\r
-kubectl get pods\r
-helm del cfw1\r
-```\r
-\r
-## push repo to o2imsrepo\r
-\r
-```sh\r
-tar -zcvf firewall-host-netdevice-1.0.0.tgz firewall-host-netdevice/\r
-helm push firewall-host-netdevice-1.0.0.tgz o2imsrepo\r
-helm repo update\r
-helm search repo firewall\r
-\r
-helm install cfw1 o2imsrepo/firewall-host-netdevice -f cfw-hostdev-override.yaml\r
-kubectl get pods\r
-helm del cfw1\r
-```\r
-\r
-## build docker image for o2 services\r
-```sh\r
-cd o2\r
-docker-compose build\r
-\r
-```\r
-\r
-## bootstrap o2 service with docker-compose\r
-```sh\r
-\r
-mkdir -p temp/kubeconfig/\r
-cp <your .kube/config> temp/kubeconfig/\r
-\r
-source ./admin_openrc.sh\r
-export K8S_KUBECONFIG=/etc/kubeconfig/config\r
-docker-compose up -d\r
-docker logs -f o2_redis_pubsub_1\r
-\r
-```\r
-\r
-## simiulate SMO to deploy CFW\r
-\r
-```sh\r
-\r
-curl --location --request GET 'http://localhost:5005/o2ims_infrastructureInventory/v1/deploymentManagers'\r
-export dmsId=<DMS ID>\r
-curl --location --request POST 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeploymentDescriptor' \\r
---header 'Content-Type: application/json' \\r
---data-raw '{\r
- "name": "cfwdesc1",\r
- "description": "demo nf deployment descriptor",\r
- "artifactRepoUrl": "http://128.224.115.15:30330",\r
- "artifactName": "firewall-host-netdevice",\r
- "inputParams": \r
- "{\n \"image\": {\n \"repository\": \"ubuntu\",\n \"tag\": 18.04,\n \"pullPolicy\": \"IfNotPresent\"\n },\n \"resources\": {\n \"cpu\": 2,\n \"memory\": \"2Gi\",\n \"hugepage\": \"256Mi\",\n \"unprotectedNetPortVpg\": \"veth11\",\n \"unprotectedNetPortVfw\": \"veth12\",\n \"unprotectedNetCidr\": \"10.10.1.0/24\",\n \"unprotectedNetGwIp\": \"10.10.1.1\",\n \"protectedNetPortVfw\": \"veth21\",\n \"protectedNetPortVsn\": \"veth22\",\n \"protectedNetCidr\": \"10.10.2.0/24\",\n \"protectedNetGwIp\": \"10.10.2.1\",\n \"vfwPrivateIp0\": \"10.10.1.1\",\n \"vfwPrivateIp1\": \"10.10.2.1\",\n \"vpgPrivateIp0\": \"10.10.1.2\",\n \"vsnPrivateIp0\": \"10.10.2.2\"\n }\n}",\r
- "outputParams": "{\"output1\": 100}"\r
-}'\r
-\r
-curl --location --request GET 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeploymentDescriptor'\r
-\r
-curl --location --request POST 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment' \\r
---header 'Content-Type: application/json' \\r
---data-raw '{\r
- "name": "cfw100",\r
- "description": "demo nf deployment",\r
- "descriptorId": "<NfDeploymentDescriptorId>",\r
- "parentDeploymentId": ""\r
-}'\r
-\r
-curl --location --request GET 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment'\r
-\r
-export NfDeploymentId=<NfDeployment Id>\r
-\r
-```\r
-\r
-## check logs\r
-\r
-```sh\r
-docker logs -f o2_redis_pubsub_1\r
-kubectl get pods\r
-kubectl logs -f cfw100-sink-host-netdevice-59bf6fbd4b-845p4\r
-```\r
-\r
-## watch traffic stats\r
-\r
-open browswer with url: http://<NODE_IP>:30667\r
-\r
-\r
-## bring down CFW\r
-\r
-```sh\r
-curl --location --request DELETE 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment/${NfDeploymentId}'\r
-```\r
+## Building containers
+
+To accommodate the git repo access issue, the cgts-client and distributed client are
+cloned into temp before docker building
+
+```sh
+mkdir -p temp
+cd temp
+git clone --branch r/stx.7.0 https://opendev.org/starlingx/config.git
+git clone --branch master https://opendev.org/starlingx/distcloud-client.git
+(cd distcloud-client && git reset --hard eb4e7eeeb09bdf2e1b80984b378c5a8ea9930f04)
+git clone --depth 1 --branch r/stx.7.0 https://opendev.org/starlingx/fault.git
+cd config
+git checkout bca406d1
+patch -p1 < ../../cgtsclient-insecure.patch
+cd -
+```
+
+```sh
+docker-compose build
+```
+
+## Running the tests
+
+
+```sh
+source ./admin_openrc.sh
+export |grep OS_AUTH_URL
+export |grep OS_USERNAME
+export |grep OS_PASSWORD
+docker-compose up -d
+docker-compose run --rm --no-deps --entrypoint=pytest api /tests/unit /tests/integration
+```
+
+## Running the tests with a O-Cloud
+
+Prerequisite: in case of testing against real ocloud, download openrc file from ocloud dashboard, e.g.
+
+```sh
+admin_openrc.sh
+docker-compose run --rm --no-deps --entrypoint=pytest api /tests/unit /tests/integration-ocloud
+
+docker-compose run --rm --no-deps --entrypoint=pytest api /tests/integration-ocloud --log-level=DEBUG --log-file=/test
+s/debug.log
+```
+
+## Tear down containers
+
+```sh
+docker-compose down --remove-orphans
+```
+
+## Test with local virtualenv
+
+```sh
+python3.8 -m venv .venv && source .venv/bin/activate
+pip install -r requirements.txt -c constraints.txt
+pip install -r requirements-test.txt
+pip install -e o2ims
+# pip install -e o2dms -e o2common
+pytest tests/unit
+pytest tests/integration
+pytest tests/e2e
+```
+
+
+Test O2DMS with docker-compose
+==============================
+
+## setup account over INF and get token
+
+```sh
+USER="admin-user"
+NAMESPACE="kube-system"
+
+cat <<EOF > admin-login.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: ${USER}
+ namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: ${USER}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: ${USER}
+ namespace: kube-system
+EOF
+kubectl apply -f admin-login.yaml
+TOKEN_DATA=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${USER} | awk '{print $1}') | grep "token:" | awk '{print $2}')
+
+```
+
+## setup remote cli to access kubenetes cluster over INF
+
+```sh
+sudo apt-get install -y apt-transport-https
+echo "deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" | \
+sudo tee -a /etc/apt/sources.list.d/kubernetes.list
+sudo apt-get update
+sudo apt-get install -y kubectl
+
+source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.
+echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.
+
+https://get.helm.sh/helm-v3.5.3-linux-amd64.tar.gz
+tar xvf helm-v3.5.3-linux-amd64.tar.gz
+sudo cp linux-amd64/helm /usr/local/bin
+
+source <(helm completion bash)
+echo "source <(helm completion bash)" >> ~/.bashrc
+
+OAM_IP=<INF OAM IP>
+NAMESPACE=default
+TOKEN_DATA=<TOKEN_DATA from INF>
+
+USER="admin-user"
+
+kubectl config set-cluster inf-cluster --server=https://${OAM_IP}:6443 --insecure-skip-tls-verify
+kubectl config set-credentials ${USER} --token=$TOKEN_DATA
+kubectl config set-context ${USER}@inf-cluster --cluster=inf-cluster --user ${USER} --namespace=${NAMESPACE}
+kubectl config use-context ${USER}@inf-cluster
+
+kubectl get pods -A
+
+```
+
+
+## setup local repo: o2imsrepo
+
+```sh
+helm repo add chartmuseum https://chartmuseum.github.io/charts
+helm repo update
+helm pull chartmuseum/chartmuseum # download chartmuseum-3.4.0.tgz to local
+tar zxvf chartmuseum-3.4.0.tgz
+
+export NODE_IP=<INF OAM IP>
+
+cat <<EOF>chartmuseum-override.yaml
+env:
+ open:
+ DISABLE_API: false
+service:
+ type: NodePort
+ nodePort: 30330
+EOF
+
+helm install chartmuseumrepo chartmuseum/chartmuseum -f chartmuseum-override.yaml
+kubectl get pods
+Kubectl get services
+
+helm repo add o2imsrepo http://${NODE_IP}:30330
+helm repo update
+
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo update
+
+helm pull bitnami/mysql
+helm push mysql-8.8.16.tgz o2imsrepo
+helm repo update
+
+helm install my-release o2imsrepo/mysql
+kubectl get pods
+helm del my-release
+
+```
+
+
+
+## Verify CFW over INF: Test with cnf firewall-host-netdevice
+
+## Setup host netdevice over INF
+
+```sh
+ssh sysadmin@<inf oam IP>
+sudo ip link add name veth11 type veth peer name veth12
+sudo ip link add name veth21 type veth peer name veth22
+sudo ip link |grep veth
+exit
+```
+
+
+## verify CNF over INF
+```sh
+git clone https://github.com/biny993/firewall-host-netdevice.git
+
+cat <<EOF> cfw-hostdev-override.yaml
+
+image:
+ repository: ubuntu
+ tag: 18.04
+ pullPolicy: IfNotPresent
+
+resources:
+ cpu: 2
+ memory: 2Gi
+ hugepage: 256Mi
+
+#global vars for parent and subcharts.
+
+
+ unprotectedNetPortVpg: veth11
+ unprotectedNetPortVfw: veth12
+ unprotectedNetCidr: 10.10.1.0/24
+ unprotectedNetGwIp: 10.10.1.1
+
+ protectedNetPortVfw: veth21
+ protectedNetPortVsn: veth22
+ protectedNetCidr: 10.10.2.0/24
+ protectedNetGwIp: 10.10.2.1
+
+ vfwPrivateIp0: 10.10.1.1
+ vfwPrivateIp1: 10.10.2.1
+
+ vpgPrivateIp0: 10.10.1.2
+
+ vsnPrivateIp0: 10.10.2.2
+
+EOF
+
+helm install cfw1 firewall-host-netdevice -f cfw-hostdev-override.yaml
+kubectl get pods
+helm del cfw1
+```
+
+## push repo to o2imsrepo
+
+```sh
+tar -zcvf firewall-host-netdevice-1.0.0.tgz firewall-host-netdevice/
+helm push firewall-host-netdevice-1.0.0.tgz o2imsrepo
+helm repo update
+helm search repo firewall
+
+helm install cfw1 o2imsrepo/firewall-host-netdevice -f cfw-hostdev-override.yaml
+kubectl get pods
+helm del cfw1
+```
+
+## build docker image for o2 services
+```sh
+cd o2
+docker-compose build
+
+```
+
+## bootstrap o2 service with docker-compose
+```sh
+
+mkdir -p temp/kubeconfig/
+cp <your .kube/config> temp/kubeconfig/
+
+source ./admin_openrc.sh
+export K8S_KUBECONFIG=/etc/kubeconfig/config
+docker-compose up -d
+docker logs -f o2_redis_pubsub_1
+
+```
+
+## simiulate SMO to deploy CFW
+
+```sh
+
+curl --location --request GET 'http://localhost:5005/o2ims_infrastructureInventory/v1/deploymentManagers'
+export dmsId=<DMS ID>
+curl --location --request POST 'http://localhost:5005/o2dms/v1/${dmsId}/O2dms_DeploymentLifecycle/NfDeploymentDescriptor' \
+--header 'Content-Type: application/json' \
+--data-raw '{
+ "name": "cfwdesc1",
+ "description": "demo nf deployment descriptor",
+ "artifactRepoUrl": "http://128.224.115.15:30330",
+ "artifactName": "firewall-host-netdevice",
+ "inputParams":
+ "{\n \"image\": {\n \"repository\": \"ubuntu\",\n \"tag\": 18.04,\n \"pullPolicy\": \"IfNotPresent\"\n },\n \"resources\": {\n \"cpu\": 2,\n \"memory\": \"2Gi\",\n \"hugepage\": \"256Mi\",\n \"unprotectedNetPortVpg\": \"veth11\",\n \"unprotectedNetPortVfw\": \"veth12\",\n \"unprotectedNetCidr\": \"10.10.1.0/24\",\n \"unprotectedNetGwIp\": \"10.10.1.1\",\n \"protectedNetPortVfw\": \"veth21\",\n \"protectedNetPortVsn\": \"veth22\",\n \"protectedNetCidr\": \"10.10.2.0/24\",\n \"protectedNetGwIp\": \"10.10.2.1\",\n \"vfwPrivateIp0\": \"10.10.1.1\",\n \"vfwPrivateIp1\": \"10.10.2.1\",\n \"vpgPrivateIp0\": \"10.10.1.2\",\n \"vsnPrivateIp0\": \"10.10.2.2\"\n }\n}",
+ "outputParams": "{\"output1\": 100}"
+}'
+
+curl --location --request GET 'http://localhost:5005/o2dms/v1/${dmsId}/O2dms_DeploymentLifecycle/NfDeploymentDescriptor'
+
+curl --location --request POST 'http://localhost:5005/o2dms/v1/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment' \
+--header 'Content-Type: application/json' \
+--data-raw '{
+ "name": "cfw100",
+ "description": "demo nf deployment",
+ "descriptorId": "<NfDeploymentDescriptorId>",
+ "parentDeploymentId": ""
+}'
+
+curl --location --request GET 'http://localhost:5005/o2dms/v1/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment'
+
+export NfDeploymentId=<NfDeployment Id>
+
+```
+
+## check logs
+
+```sh
+docker logs -f o2_redis_pubsub_1
+kubectl get pods
+kubectl logs -f cfw100-sink-host-netdevice-59bf6fbd4b-845p4
+```
+
+## watch traffic stats
+
+open browswer with url: http://<NODE_IP>:30667
+
+
+## bring down CFW
+
+```sh
+curl --location --request DELETE 'http://localhost:5005/o2dms/v1/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment/${NfDeploymentId}'
+```
Code Review / pti / o2.git / blobdiff