## Building containers To accommodate the git repo access issue, the cgts-client and distributed client are cloned into temp before docker building ```sh mkdir -p temp cd temp git clone --depth 1 --branch master https://opendev.org/starlingx/config.git git clone --depth 1 --branch master https://opendev.org/starlingx/distcloud-client.git cd - ``` ```sh docker-compose build ``` ## Running the tests ```sh source ./admin_openrc.sh export |grep OS_AUTH_URL export |grep OS_USERNAME export |grep OS_PASSWORD docker-compose up -d docker-compose run --rm --no-deps --entrypoint=pytest api /tests/unit /tests/integration ``` ## Running the tests with a O-Cloud Prerequisite: in case of testing against real ocloud, download openrc file from ocloud dashboard, e.g. ```sh admin_openrc.sh docker-compose run --rm --no-deps --entrypoint=pytest api /tests/unit /tests/integration-ocloud docker-compose run --rm --no-deps --entrypoint=pytest api /tests/integration-ocloud --log-level=DEBUG --log-file=/test s/debug.log ``` ## Tear down containers ```sh docker-compose down --remove-orphans ``` ## Test with local virtualenv ```sh python3.8 -m venv .venv && source .venv/bin/activate pip install -r requirements.txt -c constraints.txt pip install -r requirements-test.txt pip install -e o2ims # pip install -e o2dms -e o2common pytest tests/unit pytest tests/integration pytest tests/e2e ``` Test O2DMS with docker-compose ============================== ## setup account over INF and get token ```sh USER="admin-user" NAMESPACE="kube-system" cat < admin-login.yaml apiVersion: v1 kind: ServiceAccount metadata: name: ${USER} namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ${USER} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: ${USER} namespace: kube-system EOF kubectl apply -f admin-login.yaml TOKEN_DATA=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${USER} | awk '{print $1}') | grep "token:" | awk '{print $2}') ``` ## setup remote cli to access kubenetes cluster over INF ```sh sudo apt-get install -y apt-transport-https echo "deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" | \ sudo tee -a /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubectl source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first. echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell. https://get.helm.sh/helm-v3.5.3-linux-amd64.tar.gz tar xvf helm-v3.5.3-linux-amd64.tar.gz sudo cp linux-amd64/helm /usr/local/bin source <(helm completion bash) echo "source <(helm completion bash)" >> ~/.bashrc OAM_IP= NAMESPACE=default TOKEN_DATA= USER="admin-user" kubectl config set-cluster inf-cluster --server=https://${OAM_IP}:6443 --insecure-skip-tls-verify kubectl config set-credentials ${USER} --token=$TOKEN_DATA kubectl config set-context ${USER}@inf-cluster --cluster=inf-cluster --user ${USER} --namespace=${NAMESPACE} kubectl config use-context ${USER}@inf-cluster kubectl get pods -A ``` ## setup local repo: o2imsrepo ```sh helm repo add chartmuseum https://chartmuseum.github.io/charts helm repo update helm pull chartmuseum/chartmuseum # download chartmuseum-3.4.0.tgz to local tar zxvf chartmuseum-3.4.0.tgz export NODE_IP= cat <chartmuseum-override.yaml env: open: DISABLE_API: false service: type: NodePort nodePort: 30330 EOF helm install chartmuseumrepo chartmuseum/chartmuseum -f chartmuseum-override.yaml kubectl get pods Kubectl get services helm repo add o2imsrepo http://${NODE_IP}:30330 helm repo update helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update helm pull bitnami/mysql helm push mysql-8.8.16.tgz o2imsrepo helm repo update helm install my-release o2imsrepo/mysql kubectl get pods helm del my-release ``` ## Verify CFW over INF: Test with cnf firewall-host-netdevice ## Setup host netdevice over INF ```sh ssh sysadmin@ sudo ip link add name veth11 type veth peer name veth12 sudo ip link add name veth21 type veth peer name veth22 sudo ip link |grep veth exit ``` ## verify CNF over INF ```sh git clone https://github.com/biny993/firewall-host-netdevice.git cat < cfw-hostdev-override.yaml image: repository: ubuntu tag: 18.04 pullPolicy: IfNotPresent resources: cpu: 2 memory: 2Gi hugepage: 256Mi #global vars for parent and subcharts. unprotectedNetPortVpg: veth11 unprotectedNetPortVfw: veth12 unprotectedNetCidr: 10.10.1.0/24 unprotectedNetGwIp: 10.10.1.1 protectedNetPortVfw: veth21 protectedNetPortVsn: veth22 protectedNetCidr: 10.10.2.0/24 protectedNetGwIp: 10.10.2.1 vfwPrivateIp0: 10.10.1.1 vfwPrivateIp1: 10.10.2.1 vpgPrivateIp0: 10.10.1.2 vsnPrivateIp0: 10.10.2.2 EOF helm install cfw1 firewall-host-netdevice -f cfw-hostdev-override.yaml kubectl get pods helm del cfw1 ``` ## push repo to o2imsrepo ```sh tar -zcvf firewall-host-netdevice-1.0.0.tgz firewall-host-netdevice/ helm push firewall-host-netdevice-1.0.0.tgz o2imsrepo helm repo update helm search repo firewall helm install cfw1 o2imsrepo/firewall-host-netdevice -f cfw-hostdev-override.yaml kubectl get pods helm del cfw1 ``` ## build docker image for o2 services ```sh cd o2 docker-compose build ``` ## bootstrap o2 service with docker-compose ```sh mkdir -p temp/kubeconfig/ cp temp/kubeconfig/ source ./admin_openrc.sh export K8S_KUBECONFIG=/etc/kubeconfig/config docker-compose up -d docker logs -f o2_redis_pubsub_1 ``` ## simiulate SMO to deploy CFW ```sh curl --location --request GET 'http://localhost:5005/o2ims_infrastructureInventory/v1/deploymentManagers' export dmsId= curl --location --request POST 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeploymentDescriptor' \ --header 'Content-Type: application/json' \ --data-raw '{ "name": "cfwdesc1", "description": "demo nf deployment descriptor", "artifactRepoUrl": "http://128.224.115.15:30330", "artifactName": "firewall-host-netdevice", "inputParams": "{\n \"image\": {\n \"repository\": \"ubuntu\",\n \"tag\": 18.04,\n \"pullPolicy\": \"IfNotPresent\"\n },\n \"resources\": {\n \"cpu\": 2,\n \"memory\": \"2Gi\",\n \"hugepage\": \"256Mi\",\n \"unprotectedNetPortVpg\": \"veth11\",\n \"unprotectedNetPortVfw\": \"veth12\",\n \"unprotectedNetCidr\": \"10.10.1.0/24\",\n \"unprotectedNetGwIp\": \"10.10.1.1\",\n \"protectedNetPortVfw\": \"veth21\",\n \"protectedNetPortVsn\": \"veth22\",\n \"protectedNetCidr\": \"10.10.2.0/24\",\n \"protectedNetGwIp\": \"10.10.2.1\",\n \"vfwPrivateIp0\": \"10.10.1.1\",\n \"vfwPrivateIp1\": \"10.10.2.1\",\n \"vpgPrivateIp0\": \"10.10.1.2\",\n \"vsnPrivateIp0\": \"10.10.2.2\"\n }\n}", "outputParams": "{\"output1\": 100}" }' curl --location --request GET 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeploymentDescriptor' curl --location --request POST 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment' \ --header 'Content-Type: application/json' \ --data-raw '{ "name": "cfw100", "description": "demo nf deployment", "descriptorId": "", "parentDeploymentId": "" }' curl --location --request GET 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment' export NfDeploymentId= ``` ## check logs ```sh docker logs -f o2_redis_pubsub_1 kubectl get pods kubectl logs -f cfw100-sink-host-netdevice-59bf6fbd4b-845p4 ``` ## watch traffic stats open browswer with url: http://:30667 ## bring down CFW ```sh curl --location --request DELETE 'http://localhost:5005/o2dms/${dmsId}/O2dms_DeploymentLifecycle/NfDeployment/${NfDeploymentId}' ```