From bebfc014ed37005f8db44f37d2121bf05e0b07ec Mon Sep 17 00:00:00 2001 From: changzhi Date: Fri, 19 Aug 2016 17:51:31 +0800 Subject: [PATCH] Tacker deploy OpenWRT as VNF guide This patch adds step by step instructions to deploy OpenWRT as VNF guide. Change-Id: I70fff61a98092ec9ce672402a90d02e74429f33f Closes-bug: #1517664 --- doc/source/index.rst | 1 + doc/source/install/deploy_openwrt.rst | 180 ++++++++++++++++++++++++++ 2 files changed, 181 insertions(+) create mode 100644 doc/source/install/deploy_openwrt.rst diff --git a/doc/source/index.rst b/doc/source/index.rst index 224f1b17f..2c75ca957 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -41,6 +41,7 @@ Getting Started :maxdepth: 1 install/getting_started.rst + install/deploy_openwrt.rst Feature Documentation ===================== diff --git a/doc/source/install/deploy_openwrt.rst b/doc/source/install/deploy_openwrt.rst new file mode 100644 index 000000000..09b1daf99 --- /dev/null +++ b/doc/source/install/deploy_openwrt.rst @@ -0,0 +1,180 @@ +.. + Copyright 2014-2015 OpenStack Foundation + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + +======================== +Deploying OpenWRT as VNF +======================== + +Once tacker is installed successfully, follow the steps given below to get +started with deploying OpenWRT as VNF. + +1. Ensure Glance already contains OpenWRT image. Normally, Tacker tries +to add OpenWRT image to Glance while installing via devstack. By running +**glance image-list** to check OpenWRT image if exists. If not, download +the image from +`OpenWRT official site +`_. +And upload this image into Glance by using the command below: + +.. code-block:: console + + glance image-create --name OpenWRT \ + --disk-format qcow2 \ + --container-format bare \ + --progress < openwrt-x86-kvm_guest-combined-ext4.img + +.. + +2. Create a yaml template named tosca-vnfd-openwrt-with-firewall-rules.yaml +which contains basic configuration of OpenWRT and some firewall rules of +OpenWRT. All contents of the template file shows below: + +.. code-block:: ini + + tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 + + description: OpenWRT with services + + metadata: + template_name: OpenWRT + + topology_template: + node_templates: + VDU1: + type: tosca.nodes.nfv.VDU.Tacker + capabilities: + nfv_compute: + properties: + num_cpus: 1 + mem_size: 512 MB + disk_size: 1 GB + properties: + image: OpenWRT + config: + firewall: | + package firewall + + config defaults + option syn_flood '1' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'REJECT' + + config zone + option name 'lan' + list network 'lan' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'ACCEPT' + + config zone + option name 'wan' + list network 'wan' + list network 'wan6' + option input 'REJECT' + option output 'ACCEPT' + option forward 'REJECT' + option masq '1' + option mtu_fix '1' + + config forwarding + option src 'lan' + option dest 'wan' + + config rule + option name 'Allow-DHCP-Renew' + option src 'wan' + option proto 'udp' + option dest_port '68' + option target 'ACCEPT' + option family 'ipv4' + + config rule + option name 'Allow-Ping' + option src 'wan' + option proto 'icmp' + option icmp_type 'echo-request' + option family 'ipv4' + option target 'ACCEPT' + mgmt_driver: openwrt + monitoring_policy: + name: ping + parameters: + count: 3 + interval: 10 + actions: + failure: respawn + + CP1: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + anti_spoofing_protection: false + requirements: + - virtualLink: + node: VL1 + - virtualBinding: + node: VDU1 + + VL1: + type: tosca.nodes.nfv.VL + properties: + network_name: net_mgmt + vendor: Tacker + +.. + +The above template file comes from two files. One is `tosca-vnfd-openwrt.yaml +`_ and other one is +`tosca-config-openwrt-with-firewall.yaml +`_. +In this template file, we specify the **mgmt_driver: openwrt** which means +this VNFD is managed by `openwrt driver +`_. This driver can inject firewall rules +which defined in VNFD into OpenWRT instance by using SSH protocol. We can +run **cat /etc/config/firewall** to confirm the firewall rules if inject +succeed. + +3.Create a sample vnfd: + +.. code-block:: console + + tacker vnfd-create \ + --vnfd-file tosca-vnfd-openwrt-with-firewall-rules.yaml \ + +.. + +4.Create a VNF: + +.. code-block:: console + + tacker vnf-create --vnfd-name +.. + +This VNF will contains all the firewall rules that VNFD contains +by using 'cat /etc/config/firewall' in VNF. + + +5.Check the status: + +.. code-block:: console + + tacker vnf-list + tacker vnf-show +..