NFP - Devstack and Diskimage Create Scripts
Change-Id: I2f49329206a925d2fd5b3935d21f0bde0b95e42e Implements: blueprint gbp-network-services-framework Co-Authored-By: Deepak S <in.live.in@live.in> Co-Authored-By: Yogesh Rajmane <yogesh.rajmane@oneconvergence.com> Co-Authored-By: DhuldevValekar <dhuldev.valekar@oneconvergence.com> Co-Authored-By: ashutosh mishra <mca.ashu4@gmail.com>
This commit is contained in:
Rajendra Machani
committed by
ashutosh mishra
ashutosh mishra
parent
623e6fafe1
commit
1af3c0e892
23
devstack/exercises/nfp_service/fw_base_vm.sh
Normal file
23
devstack/exercises/nfp_service/fw_base_vm.sh
Normal file
@@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
|
||||
source /home/stack/devstack/openrc neutron service
|
||||
|
||||
#service chain node and spec creation
|
||||
gbp servicechain-node-create --service-profile base_mode_fw_vm --config 'custom_json:{"mimetype": "config/custom+json","rules": [{"action": "log", "name": "tcp", "service": "tcp/80"}, {"action": "log", "name": "tcp", "service": "tcp/8080"}, {"action": "accept", "name": "tcp", "service": "tcp/22"}, {"action": "accept", "name": "icmp", "service": "icmp"}]}' FWNODE
|
||||
gbp servicechain-spec-create --nodes "FWNODE" fw-chainspec
|
||||
|
||||
# Redirect action, rule, classifier and rule-set
|
||||
gbp policy-action-create --action-type REDIRECT --action-value fw-chainspec redirect-to-fw
|
||||
gbp policy-action-create --action-type ALLOW allow-to-fw
|
||||
gbp policy-classifier-create --protocol tcp --direction bi fw-web-classifier-tcp
|
||||
gbp policy-classifier-create --protocol udp --direction bi fw-web-classifier-udp
|
||||
gbp policy-classifier-create --protocol icmp --direction bi fw-web-classifier-icmp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-tcp --actions redirect-to-fw fw-web-redirect-rule
|
||||
gbp policy-rule-create --classifier fw-web-classifier-tcp --actions allow-to-fw fw-web-allow-rule-tcp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-udp --actions allow-to-fw fw-web-allow-rule-udp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-icmp --actions allow-to-fw fw-web-allow-rule-icmp
|
||||
gbp policy-rule-set-create --policy-rules "fw-web-redirect-rule fw-web-allow-rule-tcp fw-web-allow-rule-udp fw-web-allow-rule-icmp" fw-webredirect-ruleset
|
||||
|
||||
#provider, consumer E-W groups creation
|
||||
gbp group-create fw-consumer --consumed-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
gbp group-create fw-provider --provided-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
21
devstack/exercises/nfp_service/fw_base_vm_clean.sh
Normal file
21
devstack/exercises/nfp_service/fw_base_vm_clean.sh
Normal file
@@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
|
||||
source /home/stack/devstack/openrc neutron service
|
||||
|
||||
gbp group-delete fw-provider
|
||||
gbp group-delete fw-consumer
|
||||
|
||||
gbp policy-rule-set-delete fw-webredirect-ruleset
|
||||
gbp policy-rule-delete fw-web-redirect-rule
|
||||
gbp policy-rule-delete fw-web-allow-rule-tcp
|
||||
gbp policy-rule-delete fw-web-allow-rule-icmp
|
||||
gbp policy-rule-delete fw-web-allow-rule-udp
|
||||
gbp policy-classifier-delete fw-web-classifier-tcp
|
||||
gbp policy-classifier-delete fw-web-classifier-icmp
|
||||
gbp policy-classifier-delete fw-web-classifier-udp
|
||||
gbp policy-action-delete redirect-to-fw
|
||||
gbp policy-action-delete allow-to-fw
|
||||
|
||||
gbp servicechain-spec-delete fw-chainspec
|
||||
gbp servicechain-node-delete FWNODE
|
||||
|
||||
22
devstack/exercises/nfp_service/lb_base.sh
Normal file
22
devstack/exercises/nfp_service/lb_base.sh
Normal file
@@ -0,0 +1,22 @@
|
||||
#!/bin/bash
|
||||
|
||||
source /home/stack/devstack/openrc demo demo
|
||||
|
||||
# Service chain node and spec creation
|
||||
gbp servicechain-node-create --service-profile base_mode_lb --template-file ./templates/haproxy_base_mode.template LBNODE
|
||||
gbp servicechain-spec-create --nodes "LBNODE" lb_chainspec
|
||||
|
||||
# REDIRECT action, classifier, rule and rule-set
|
||||
gbp policy-action-create --action-type REDIRECT --action-value lb_chainspec redirect-to-lb
|
||||
gbp policy-classifier-create --protocol tcp --direction bi lb-webredirect
|
||||
gbp policy-rule-create --classifier lb-webredirect --actions redirect-to-lb lb-web-redirect-rule
|
||||
gbp policy-rule-set-create --policy-rules "lb-web-redirect-rule" lb-webredirect-ruleset
|
||||
|
||||
# Network service policy
|
||||
gbp network-service-policy-create --network-service-params type=ip_single,name=vip_ip,value=self_subnet lb_nsp
|
||||
|
||||
# Consumer PTG
|
||||
gbp group-create lb-consumer --consumed-policy-rule-sets "lb-webredirect-ruleset=None"
|
||||
|
||||
# Provider PTG
|
||||
gbp group-create lb-provider --provided-policy-rule-sets "lb-webredirect-ruleset=None" --network-service-policy lb_nsp
|
||||
28
devstack/exercises/nfp_service/lb_base_clean.sh
Normal file
28
devstack/exercises/nfp_service/lb_base_clean.sh
Normal file
@@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
|
||||
source /home/stack/devstack/openrc demo demo
|
||||
|
||||
echo "Make sure that policy-targets associated to PTGs are deleted!!"
|
||||
|
||||
# Delete PTG
|
||||
gbp group-delete lb-consumer
|
||||
gbp group-delete lb-provider
|
||||
|
||||
# Delete network service policy
|
||||
gbp network-service-policy-delete lb_nsp
|
||||
|
||||
# Delete rule-set
|
||||
gbp policy-rule-set-delete lb-webredirect-ruleset
|
||||
|
||||
# Delete rules
|
||||
gbp policy-rule-delete lb-web-redirect-rule
|
||||
|
||||
# Delete classifier
|
||||
gbp policy-classifier-delete lb-webredirect
|
||||
|
||||
# Delete actions
|
||||
gbp policy-action-delete redirect-to-lb
|
||||
|
||||
# Delete service chain node and specs
|
||||
gbp servicechain-spec-delete lb_chainspec
|
||||
gbp servicechain-node-delete LBNODE
|
||||
@@ -0,0 +1,65 @@
|
||||
{
|
||||
"AWSTemplateFormatVersion" : "2010-09-09",
|
||||
"Description": "Template to test Haproxy Loadbalacer service",
|
||||
|
||||
"Parameters": {
|
||||
"Subnet": {
|
||||
"Description": "Pool Subnet CIDR, on which VIP port should be created",
|
||||
"Type": "String"
|
||||
},
|
||||
"vip_ip": {
|
||||
"Description": "VIP IP Address",
|
||||
"Type": "String"
|
||||
},
|
||||
"service_chain_metadata": {
|
||||
"Description": "sc metadata",
|
||||
"Type": "String"
|
||||
}
|
||||
},
|
||||
|
||||
"Resources" : {
|
||||
"HttpHM": {
|
||||
"Type": "OS::Neutron::HealthMonitor",
|
||||
"Properties": {
|
||||
"admin_state_up": true,
|
||||
"delay": 20,
|
||||
"expected_codes": "200",
|
||||
"http_method": "GET",
|
||||
"max_retries": 3,
|
||||
"timeout": 10,
|
||||
"type": "HTTP",
|
||||
"url_path": "/"
|
||||
}
|
||||
},
|
||||
"HaproxyPool": {
|
||||
"Type": "OS::Neutron::Pool",
|
||||
"Properties": {
|
||||
"admin_state_up": true,
|
||||
"description": "Haproxy pool from teplate",
|
||||
"lb_method": "ROUND_ROBIN",
|
||||
"monitors": [{"Ref":"HttpHM"}],
|
||||
"name": "Haproxy pool",
|
||||
"provider": "haproxy",
|
||||
"protocol": "HTTP",
|
||||
"subnet_id": {"Ref":"Subnet"},
|
||||
"vip": {
|
||||
"subnet": {"Ref":"Subnet"},
|
||||
"address": {"Ref":"vip_ip"},
|
||||
"name": "Haproxy vip",
|
||||
"description": {"Ref":"service_chain_metadata"},
|
||||
"protocol_port": 80,
|
||||
"connection_limit": -1,
|
||||
"admin_state_up": true
|
||||
}
|
||||
}
|
||||
},
|
||||
"HaproxyLb": {
|
||||
"Type": "OS::Neutron::LoadBalancer",
|
||||
"Properties": {
|
||||
"pool_id": {"Ref":"HaproxyPool"},
|
||||
"protocol_port": 80
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user