diff --git a/azure_case/README.md b/azure_case/README.md index 332b866..ffca79c 100755 --- a/azure_case/README.md +++ b/azure_case/README.md @@ -1,55 +1,46 @@ -# Network Service - Commercial VNFs +# Commercial VNF Use Case -In this examples we demonstrate how to construct a simple network service consisting of a load balancer and a firewall. To make it a tad more interesting we will be deploying a simple web service to allow for complete user experience: +Upon completion of this example we will have a complete running network service. ![ns](https://user-images.githubusercontent.com/30900001/52050834-12889e00-2552-11e9-9a68-452e92cc7014.png) -If we break it down to how we would typically build such a service the basic steps would probably be: - -1. Provision a firewall and configure it’s network interfaces and the network settings - -2. Provision a load balancer and setup basic settings - -3. Provision a web server instance, configure it, and setup basic web content - -4. Compose the service flow by setting the load balancer to accept traffic on a certain port, direct it to the firewall, configure the firewall to allow web traffic to the web server, etc. - -This example contains blueprints implementing each of these steps. These can be easily modified for other VNFs or different infrastructure. - -Upon completion of this example we will have a complete running network service. +This series of blueprints demonstrates how to install a simple network service consisting of a load balancer and a firewall. To make it a tad more interesting we will be deploying a simple web service to allow for complete user experience. -Note! The infrastructure used in this example is Microsoft Azure, and the demonstrated VNFs are: -* F5 BIG-IP VE (Load balancer) -* Fortigate (Firewall) -* Httpd (Web Server) +**Note!** +The infrastructure used in this example is OpenStack, and the demonstrated VNFs are: + * F5 BIG-IP VE (Load balancer) + * Fortigate (Firewall) + * Httpd (Web Server) -## Cloudify Manager +## Common Prerequisites: -Before we get started, please make sure you have a Cloudify manager deployed. +* Cloudify Manager 4.5.5, for more info: [Cloudify-Getting-Started](https://cloudify.co/download/). -The cloudify manager is available in multiple formats ranging from Docker to RPM. In this tutorial we will be using the docker option and assume that it is deployed on your local computer. It can be of course deployed using any other method and on any given platform. +* These plugins should exist on your manager. (E.g. You can just run `cfy plugins bundle-upload`, which will satisfy all plugin requirements.): + * [cloudify-azure-plugin](https://github.com/cloudify-cosmo/cloudify-openstack-plugin/releases), version 2.1.1 or higher. + * [cloudify-utilities-plugin](https://github.com/cloudify-incubator/cloudify-utilities-plugin/releases), version 1.12.5 or higher. -To learn more about Cloudify manager deployment go to: [Cloudify-Getting-Started](https://cloudify.co/download/) +* These secrets should exist on your manager: + * `azure_client_id`: Service Principal appId. You can set this up via the CLI: `cfy secrets create azure_client_id -s [secret value]`. + * `azure_client_secret`: Service Principal password. You can set this up via the CLI: `cfy secrets create azure_client_secret -s [secret value]`. + * `azure_subscription_id`: Service Principal ID. You can set this up via the CLI: `cfy secrets create azure_subscription_id -s [secret value]`. + * `azure_tenant_id`: Service Principal tenant. You can set this up via the CLI: `cfy secrets create azure_tenant_id -s [secret value]`. + * `azure_location`: Specifies the supported Azure location for the resource. You can set this up via the CLI: `cfy secrets create azure_location -s [secret value]`. + * `agent_key_private`: The content of an RSA private key. (E.g. You can upload this key from a file: `cfy secrets create agent_key_private -f ~/.ssh/id_rsa`). + * `agent_key_public`: The content of an RSA public key. (E.g. You can upload this key from a file: `cfy secrets create agent_key_private -f ~/.ssh/id_rsa.pub`). -## Example overview -Creation of the whole service consists of the following steps. Each step is available as a blueprint (yaml file) in this example folder. +## Installation -1. *Environment preparation* -Create networks, a resource group, and a security group. For more details check [common/README](common/README.md) -2. *Provisioning of the VNFs* -Create the virtual machines in Azure and connect those to the proper networks. -Each VNF is created using a blueprint named ``VNFM--Prov-Azure-vm.yaml``: -* **bigip/VNFM-F5-Prov-Azure-vm.yaml** - [BIG IP Provisioning instruction](bigip/README.md##Provisioning) -* **fortigate/VNFM-Fortigate-Prov-Azure-vm.yaml** - [Fortigate Provisioning instruction](fortigate/README.md##Provisioning) -* **httpd/VNFM-HTTPD-Prov-Azure-vm.yaml** - [HTTPD Provisioning instruction](httpd/README.md##Provisioning) -3. *Configure the VNFs* -Apply basic configuration of the VNFs. This is done using blueprints named ``VNFM--Conf.yaml``: -* **bigip/VNFM-F5-Conf.yaml** (licensing and VLAN configuration) - [BIG IP Configuration instruction](bigip/README.md##Configuration) -* **fortigate/VNFM-Fortigate-Conf.yaml** (Setting firewall rules and port forwarding) - [Fortigate Configuration instruction](fortigate/README.md##Configuration) -* **httpd/VNFM-HTTPD-Conf.yaml** (Creation of Web Server) - [HTTPD Configuration instruction](httpd/README.md##Configuration) -4. *Service chaining* -The last step creates a service chain of connected network services (Load Balancer, Firewall and Web Server). In this case service chaining consists of port forwarding rule on Fortigate and load balancing rule on BIG IP in order to pass traffic through. -Use the ``service/NS-LB-Firewall-F5-Fortigate-HTTPD.yaml`` - [Service creation instruction](service/README.md) +The installation is broken into a few basic steps. Go to the relevant README and progress through these steps in the correct order. -Once all steps had been performed, you should be able to access the web page displayed by the web service by accessing the ip of the load balancer (This IP will be the output of the service deployment flow, and will be titled web_server). +1. [Prepare the environment](network-topology/README.md##Installation): Create networks, a resource group, and a security group. +1. Provisioning of the VNFs: + 1. [Provision the load balancer](bigip/README.md##Provisioning) and setup basic settings. + 1. [Provision the firewall](fortigate/README.md##Provisioning) and configure its network interfaces and the network settings. + 1. [Provision the web server](httpd/README.md##Provisioning) instance, configure it, and setup basic web content. +1. Compose the service flow by: + 1. [Configuration the load balancer](bigip/README.md##Configuration) and setup basic settings. + 1. [Configuration the firewall](fortigate/README.md##Configuration) and configure its network interfaces and the network settings. + 1. [Configuration the web server](httpd/README.md##Configuration) instance, configure it, and setup basic web content. +1. [Create service](service/README.md) The last step creates a service chain of connected network services (Load Balancer, Firewall and Web Server). In this case service chaining consists of port forwarding rule on Fortigate and load balancing rule on BIG IP in order to pass traffic through. diff --git a/azure_case/bigip/README.md b/azure_case/bigip/README.md index a5e9c68..3bfe063 100755 --- a/azure_case/bigip/README.md +++ b/azure_case/bigip/README.md @@ -1,82 +1,68 @@ -# F5 Big-IP on Azure +# BIG-IP Load Balancer -## Prerequisites: +This blueprint installs the BIG-IP load balancer on Azure. -### Common resource creation -Prior to any deployment You have to upload plugins, create secrets and create common environment - [instructions](../common/README.md) +### Prerequisites -### Secrets +First make sure that you have satisfied the global requirements in the [main README](../README.md). -Create the below secrets in the secret store management: -* **bigip_username** - Username for BIG IP VE, it is set during provisioning and used during configuration, "admin" is not allowed -* **bigip_password** - Password for BIG IP VE, it is set during provisioning and used during configuration. The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following: Contains an uppercase character, Contains a lowercase character, Contains a numeric digit, Contains a special character. Control characters are not allowed -* **bigip_license_key** - License key for BIG IP VE, it is being applied during configuration. - -You can create those with the following cfy commands:\ -``cfy secrets create bigip_username -s ``\ -``cfy secrets create bigip_password -s ``\ -``cfy secrets create bigip_license_key -s `` +* These additional secrets should exist on your manager: + * `bigip_username`: Username for BIG IP VE. It is set during provisioning and used during configuration, "admin" is not allowed. You can set this up via the CLI: `cfy secrets create bigip_username -s [secret value]`. + * `bigip_password`: Password for BIG IP VE. It is set during provisioning and used during configuration. The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following: Contains an uppercase character, Contains a lowercase character, Contains a numeric digit, Contains a special character. Control characters are not allowed. . You can set this up via the CLI: `cfy secrets create bigip_password -s [secret value]`. + * `bigip_license`: License key for BIG IP VE. It is being applied during configuration. . You can set this up via the CLI: `cfy secrets create bigip_license -s [secret value]`. ## Provisioning -VNFM-F5-Prov-Azure-vm.yaml is responsible for creation BIG-IP Virtual Machine connected to 3 networks: -* Management, -* WAN, -* Public. +* Blueprint: The `infrastructure.yaml` blueprint is responsible for creation BIG-IP Virtual Machine. This VM is connected to 3 networks: + * Management + * WAN + * Public Network's NICs are connected to security group created in network deployment. Networks and security group names are fetched from network deployment using `get_capability` intrinsic function. -### Inputs -* *virtual_machine_size* - Name of Virtual Machine Size in Azure - default: Standard_A7 -* *vm_name* - Name of Virtual Machine - default: BIGIP -* *virtual_machine_image_sku* - An instance of an offer, such as a major release of a distribution - default: 'f5-big-all-1slot-byol' -* *virtual_machine_image_publisher* - Name of the organization that created the image - default: 'f5-networks' -* *virtual_machine_image_offer* - The name of a group of related images created by a publisher - default: 'f5-big-ip-byol' -* *retry_after* - The number of seconds for each task retry interval (in the - case of iteratively checking the status of an asynchronous operation) - default: 5 -* *resource_prefix* - Prefix of every resource created at this deployment on Azure - default: cfy -* *resource_suffix* - Suffix of every resource created at this deployment on Azure - default: 0 -* *network_api_version* - API Version for Network - default: "2015-06-15" -* *azure_network_deployment_name* - Name of deployment responsible for creation resource group, security group and networks - - default: VNFM-Networking-Prov-Azure-networks +* Inputs: + * `virtual_machine_size`: Name of Virtual Machine Size in Azure. Default: `Standard_A7`. + * `virtual_machine_image_sku`: An instance of an offer, such as a major release of a distribution. Default: `f5-big-all-1slot-byol`. + * `virtual_machine_image_publisher`: Name of the organization that created the image. Default: `f5-networks`. + * `virtual_machine_image_offer`: The name of a group of related images created by a publisher. Default: `f5-big-ip-byol`. + * `azure_network_deployment_name`: Name of deployment responsible for creation resource group, security group and networks. Default: `VNFM-Networking-Prov-Azure-networks`. ### Installation -Resources created in Prerequisites subsection are fetched in existing_networks.yaml blueprint file using capabilities and VNFM-F5-Prov-Azure-vm.yaml is using it. - -To provision BIG-IP execute: +Upload the blueprint, create the deployment and execute install workflow in one command using the CLI: -``cfy install VNFM-F5-Prov-Azure-vm.yaml -b VNFM-F5-Prov-Azure-vm`` +```bash +cfy install infrastructure.yaml -b \ + VNFM-F5-Prov-Azure-vm +``` -### Uninstalling +###Uninstalling -To delete BIG IP execute: +Uninstall the **VNFM-F5-Prov-Azure-vm** deployment: -``cfy uninstall VNFM-F5-Prov-Azure-vm`` +``` +cfy uninstall VNFM-F5-Prov-Azure-vm +``` ## Configuration -The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name -is required as an input. Exposed IP addresses are fetched using *get_capability* function, ie:\ -``{ get_capability: [ {get_input: prov_deployment_name}, wan_ip ] }`` +The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name is required as an input. Exposed IP addresses are fetched using `get_capability` function: `{ get_capability: [ {get_input: prov_deployment_name}, wan_ip ] }`. -VNFM-F5-Conf.yaml is responsible for licensing BIG IP with the provided registration key and applying VLAN configuration necessary for further LTM configuration. -It consists of 2 nodes: -1. *license* - Applies license using [install_license.txt](Resources/templates/install_license.txt) file and revokes it using [revoke_license.txt](Resources/templates/revoke_license.txt). -2. *vlan_configuration* - Creates VLAN configuration on WAN and Public interfaces - using [vlan_config.txt](Resources/templates/vlan_config.txt) to apply it during install and [vlan_config_delete.txt](Resources/templates/vlan_config_delete.txt) to tear it down during uninstall. +* Blueprint: The `application.yaml` blueprint is responsible for licensing BIG IP with the provided registration key and applying VLAN configuration necessary for further LTM configuration. It consists of two nodes: + * `license`: Applies license using [install_license.txt](Resources/templates/install_license.txt) file and revokes it using [revoke_license.txt](Resources/templates/revoke_license.txt). + * `vlan_configuration`: Creates VLAN configuration on WAN and Public interfaces - using [vlan_config.txt](Resources/templates/vlan_config.txt) to apply it during install and [vlan_config_delete.txt](Resources/templates/vlan_config_delete.txt) to tear it down during uninstall. +* Inputs: + * `prov_deployment_name`: Name of BIG IP Provisioning deployment created in previous section. Default: `VNFM-F5-Prov-Azure-vm`. -### Inputs - -* *prov_deployment_name* - Name of BIG IP Provisioning deployment created in previous section ### Install -``cfy install VNFM-F5-Conf.yaml -b VNFM-F5-Conf`` +`cfy install application.yaml -b VNFM-F5-Conf` ### Uninstall -During uninstall the license is revoked so it can be used on different BIG IP VE or on the same one again. -Also VLAN configuration is deleted. -``cfy uninstall VNFM-F5-Conf`` +During uninstall the license is revoked so it can be used on different BIG IP VE or on the same one again. Also VLAN configuration is deleted. + +`cfy uninstall VNFM-F5-Conf` diff --git a/azure_case/bigip/Resources/blueprints/existing_networks.yaml b/azure_case/bigip/Resources/blueprints/existing_networks.yaml old mode 100644 new mode 100755 index ca79f37..6c9ddf3 --- a/azure_case/bigip/Resources/blueprints/existing_networks.yaml +++ b/azure_case/bigip/Resources/blueprints/existing_networks.yaml @@ -4,7 +4,7 @@ description: > Fetch existing: Resource group, security group, network and 4 subnets. imports: - - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml + - http://cloudify.co/spec/cloudify/4.5.5/types.yaml - plugin:cloudify-azure-plugin inputs: diff --git a/azure_case/bigip/Resources/blueprints/nics.yaml b/azure_case/bigip/Resources/blueprints/nics.yaml old mode 100644 new mode 100755 diff --git a/azure_case/bigip/Resources/templates/install_license.txt b/azure_case/bigip/Resources/templates/install_license.txt old mode 100644 new mode 100755 diff --git a/azure_case/bigip/Resources/templates/revoke_license.txt b/azure_case/bigip/Resources/templates/revoke_license.txt old mode 100644 new mode 100755 diff --git a/azure_case/bigip/Resources/templates/vlan_config.txt b/azure_case/bigip/Resources/templates/vlan_config.txt old mode 100644 new mode 100755 diff --git a/azure_case/bigip/Resources/templates/vlan_config_delete.txt b/azure_case/bigip/Resources/templates/vlan_config_delete.txt old mode 100644 new mode 100755 diff --git a/azure_case/bigip/VNFM-F5-Conf.yaml b/azure_case/bigip/application.yaml similarity index 95% rename from azure_case/bigip/VNFM-F5-Conf.yaml rename to azure_case/bigip/application.yaml index dada796..31897b1 100755 --- a/azure_case/bigip/VNFM-F5-Conf.yaml +++ b/azure_case/bigip/application.yaml @@ -4,7 +4,7 @@ description: > Licensing BIG IP with provided registration key and applying VLAN configuration. imports: - - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml + - http://cloudify.co/spec/cloudify/4.5.5/types.yaml - plugin:cloudify-utilities-plugin inputs: @@ -37,7 +37,7 @@ node_templates: calls: - template: Resources/templates/install_license.txt params: - REG_KEY: { get_secret: bigip_license_key } + REG_KEY: { get_secret: bigip_license } delete: inputs: terminal_auth: *terminal_auth diff --git a/azure_case/bigip/VNFM-F5-Prov-Azure-vm.yaml b/azure_case/bigip/infrastructure.yaml old mode 100644 new mode 100755 similarity index 99% rename from azure_case/bigip/VNFM-F5-Prov-Azure-vm.yaml rename to azure_case/bigip/infrastructure.yaml index 875c350..659777f --- a/azure_case/bigip/VNFM-F5-Prov-Azure-vm.yaml +++ b/azure_case/bigip/infrastructure.yaml @@ -3,6 +3,14 @@ tosca_definitions_version: cloudify_dsl_1_3 description: > Create an instance of BIG-IP on Azure. +dsl_definitions: + + client_config: &client_config + subscription_id: { get_secret: azure_subscription_id } + tenant_id: { get_secret: azure_tenant_id } + client_id: { get_secret: azure_client_id } + client_secret: { get_secret: azure_client_secret } + imports: - Resources/blueprints/nics.yaml @@ -28,15 +36,6 @@ inputs: description: The name of a group of related images created by a publisher. default: 'f5-big-ip-byol' - -dsl_definitions: - - client_config: &client_config - subscription_id: { get_secret: azure_subscription_id } - tenant_id: { get_secret: azure_tenant_id } - client_id: { get_secret: azure_client_id } - client_secret: { get_secret: azure_client_secret } - node_templates: virtual_machine: diff --git a/azure_case/common/README.md b/azure_case/common/README.md deleted file mode 100755 index 09801b6..0000000 --- a/azure_case/common/README.md +++ /dev/null @@ -1,97 +0,0 @@ -# Common resources - -Before installation of any service, suitable resource group, networks and security group must be created. - -The following resources are created in Azure using the ``VNFM-Networking-Prov-Azure-networks.yaml`` blueprint: -* **Management Network** - This network connects the Cloudify manager to all managed components. -* **LAN network** - This network connects the firewall to the web server. -* **WAN network** - This network connects the load balancer to the web server. -* **Public network** - This is the public network accessible to the user. BIG IP exposes the web server on the Public network interface. -* **Security group** - Security group for VNF NICs, defined by *network_security_group_rules* input, -* **Resource group** - Group that is required to create any other resource in Azure. - -Those resources are fetched by all other provisioning deployments. - -## Prerequisites: - -Prior to installation you have to upload plugins and create secrets. - -### Plugins - -Upload: -* **cloudify-azure-plugin** - Tested for version 2.1.1 -* **cloudify-utilities-plugin** - Tested for version 1.12.5 - -You can do this using Cloudify UI from *Cloudify Catalog* page with *Plugins Catalog* widget just by picking the plugin and clicking *Upload*.\ -Using *cfy* you can upload those with following commands:\ -``cfy plugins upload https://github.com/cloudify-incubator/cloudify-utilities-plugin/releases/download/1.12.5/cloudify_utilities_plugin-1.12.5-py27-none-linux_x86_64-centos-Core.wgn -y https://github.com/cloudify-incubator/cloudify-utilities-plugin/releases/download/1.12.5/plugin.yaml`` - -``cfy plugins upload https://github.com/cloudify-incubator/cloudify-azure-plugin/releases/download/2.1.1/cloudify_azure_plugin-2.1.1-py27-none-linux_x86_64-centos-Core.wgn -y https://github.com/cloudify-incubator/cloudify-azure-plugin/releases/download/2.1.1/plugin.yaml`` - -### Secrets - -Create the below secrets in the secret store management: -* **Azure secrets:** - * *azure_client_id* - Service Principal appId - * *azure_client_secret* - Service Principal password - * *azure_subscription_id* - Service Principal ID - * *azure_tenant_id* - Service Principal tenant - * *azure_location* - Specifies the supported Azure location for the resource - -You can create those with the following cfy commands:\ -``cfy secrets create azure_client_id -s ``\ -``cfy secrets create azure_client_secret -s ``\ -``cfy secrets create azure_subscription_id -s ``\ -``cfy secrets create azure_tenant_id -s ``\ -``cfy secrets create azure_location -s `` - -## Environment creation - -### Inputs -* *retry_after* - The number of seconds for each task retry interval (in the - case of iteratively checking the status of an asynchronous operation) - default: 5 -* *resource_prefix* - Prefix of every resource created at this deployment on Azure - default: cfy -* *resource_suffix* - Suffix of every resource created at this deployment on Azure - default: 0 -* *mgmt_subnet_cidr* - Management subnet CIDR - default: 10.10.1.0/24 -* *public_subnet_cidr* -Public subnet CIDR - default: 10.10.2.0/24 -* *wan_subnet_cidr* - WAN subnet CIDR - default: 10.10.3.0/24 -* *lan_subnet_cidr* - LAN subnet CIDR - default: 10.10.4.0/24 -* *network_api_version* - API Version for Network - default: "2015-06-15" -* *network_security_group_rules* - Security group rules for VNF's NICs - - default: - ```` - - name: all_tcp - properties: - description: All TCP - protocol: Tcp - sourcePortRange: '*' - destinationPortRange: '*' - sourceAddressPrefix: '*' - destinationAddressPrefix: '*' - priority: 100 - access: Allow - direction: Inbound - - name: all_ucp - properties: - description: All UDP - protocol: Udp - sourcePortRange: '*' - destinationPortRange: '*' - sourceAddressPrefix: '*' - destinationAddressPrefix: '*' - priority: 101 - access: Allow - direction: Inbound - ```` -### Installation - -Install using VNFM-Networking-Prov-Azure-networks.yaml blueprint: - -``cfy install VNFM-Networking-Prov-Azure-networks.yaml -b VNFM-Networking-Prov-Azure-networks`` - -**It should be installed only one time before start of provisioning services.** -It will be reused automatically by blueprints using the capabilities mechanism. - -###Uninstalling - -``cfy uninstall VNFM-Networking-Prov-Azure-networks`` diff --git a/azure_case/fortigate/README.md b/azure_case/fortigate/README.md index a663176..88dc483 100755 --- a/azure_case/fortigate/README.md +++ b/azure_case/fortigate/README.md @@ -1,80 +1,66 @@ -# FortiGate NGFW Single VM on Azure +# FortiGate Firewall -## Prerequisites: +This blueprint installs the NGFW Single VM on Azure. -### Common resource creation -Prior to any deployment You have to upload plugins, create secrets and create common environment - [instructions](../common/README.md) +### Prerequisites -### Secrets +First make sure that you have satisfied the global requirements in the [main README](../README.md). -Create the below secrets in the secret store management: -* **fortigate_username** - Username for Fortigate VM, it is set during provisioning and used during configuration, -* **fortigate_password** - Password for Fortigate VM, it is set during provisioning and used during configuration. -* **fortigate_license** - Content of license file, its used during provisioning to license Fortigate - -You can create those with the following cfy commands:\ -``cfy secrets create fortigate_username -s ``\ -``cfy secrets create fortigate_password -s ``\ -``cfy secrets create fortigate_license -f `` +* These additional secrets should exist on your manager: + * `fortigate_username`: Username for Fortigate VM. It is set during provisioning and used during configuration, "admin" is not allowed. You can set this up via the CLI: `cfy secrets create fortigate_username -s [secret value]`. + * `fortigate_password`: Password for Fortigate VM. It is set during provisioning and used during configuration. The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following: Contains an uppercase character, Contains a lowercase character, Contains a numeric digit, Contains a special character. Control characters are not allowed. . You can set this up via the CLI: `cfy secrets create fortigate_password -s [secret value]`. + * `fortigate_license`: Content of license file, its used during provisioning to license Fortigate. You can set this up via the CLI: `cfy secrets create fortigate_license -s [secret value]`. ## Provisioning -``VNFM-Fortigate-Prov-Azure-vm.yaml`` is responsible for FortiGate NGFW Single VM provisioning. VM is connected to 3 networks: -* Management, -* WAN, -* LAN. - -Network's NICs are connected to the security group created in the network deployment. -Networks and security group names are fetched from network deployment using `get_capability` intrinsic function. - -### Inputs - -* *retry_after* - The number of seconds for each task retry interval (in the - case of iteratively checking the status of an asynchronous operation) - default: 5 -* *resource_prefix* - Prefix of every resource created at this deployment on Azure - default: cfy -* *resource_suffix* - Suffix of every resource created at this deployment on Azure - default: 0 -* *azure_network_deployment_name* - Name of deployment responsible for creation resource group, security group and networks - - default: VNFM-Networking-Prov-Azure-networks -* *vm_size* - Name of Virtual Machine Size in Azure - default: Standard_B2s -* *vm_os_family* - default: linux -* *vm_image_publisher* - Name of the organization that created the image - default: fortinet -* *vm_image_offer* - The name of a group of related images created by a publisher - default: fortinet_fortigate-vm_v5 -* *vm_image_sku* - An instance of an offer, such as a major release of a distribution - fortinet_fg-vm -* *vm_image_version* - Version of the image - default: 6.0.3 -* *vnf_vm_name* - Name of VM - default: fortigate -* *fortigate_license_filename* - Name of the Fortigate license file (It will be uploaded to Fortigate VM with this name). It should have .lic file extension. - default: FGVM02TM19000054.lic +* Blueprint: The `infrastructure.yaml` blueprint is responsible for FortiGate NGFW Single VM provisioning. This VM is connected to 3 networks: + * Management + * WAN + * LAN -### Installation +The networks' NICs are connected to the security group created in the network deployment. The networks and security group names are fetched from network deployment using `get_capability` intrinsic function. + +* Inputs: + * `fortigate_license_filename`: This is the name of the Fortigate license file. It will be uploaded to Fortigate VM with this name. It should have .lic file extension. Default: `FGVM02TM19000054.lic`. + * `vm_size`: Name of Virtual Machine Size in Azure. Default: `Standard_B2s`. + * `vm_os_family`: Default: `linux`. + * `vm_image_publisher`: Name of the organization that created the image. Default: `fortinet`. + * `vm_image_offer`: The name of a group of related images created by a publisher. Default: `fortinet_fortigate-vm_v5` + * `vm_image_sku`: An instance of an offer, such as a major release of a distribution. Default: `fortinet_fg-vm` + * `vm_image_version`: Version of the image. Default: `6.0.3`. + * `azure_network_deployment_name`: Name of deployment responsible for creation resource group, security group and networks. Default: `VNFM-Networking-Prov-Azure-networks`. -Resources created in Prerequesites subsection are fetched using capabilities exposed by *azure-networks* deployment and ``VNFM-Fortigate-Prov-Azure-vm.yaml`` is using it. -To provision FortiGate NGFW Single VM: +### Installation -``cfy install VNFM-Fortigate-Prov-Azure-vm.yaml -b VNFM-Fortigate-Prov-Azure-vm`` +Upload the blueprint, create the deployment and execute install workflow in one command using the CLI: -### Uninstalling -To delete Fortigate execute: +```bash +cfy install infrastructure.yaml -b \ + VNFM-Fortigate-Prov-Azure-vm +``` -``cfy uninstall VNFM-Fortigate-Prov-Azure-vm`` +###Uninstalling -## Configuration +Uninstall the **VNFM-Fortigate-Prov-Azure-vm** deployment: -The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name -is required as an input. Exposed IP addresses are fetched using *get_capability* function, ie:\ -``{ get_capability: [ { get_input: fortigate_vm_deployment_name }, vm_public_ip_address] }`` +``` +cfy uninstall VNFM-Fortigate-Prov-Azure-vm +``` -``VNFM-Fortigate-Conf.yaml`` is responsible for applying base configuration for the newly created FortiGate VM. It configures all of the interfaces. -It consists of one node: -1. *fortigate_vnf_config* - Applies base configuration for Fortigate (VNF name change and basic configuration to interfaces) using [fortigate-baseline.txt](Resources/templates/fortigate-baseline.txt) file. +## Configuration +The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name is required as an input. Exposed IP addresses are fetched using `get_capability` function: `{ get_capability: [ {get_input: prov_deployment_name}, wan_ip ] }`. -### Inputs +* Blueprint: The `application.yaml` blueprint is responsible for applying base configuration for the newly created FortiGate VM. It configures all of the interfaces. It consists of one node: + * `fortigate_vnf_config`: Applies base configuration for Fortigate (VNF name change and basic configuration to interfaces) using [fortigate-baseline.txt](Resources/templates/fortigate-baseline.txt) file. -* *fortigate_vm_deployment_name* - Name of Fortigate Provisioning deployment - default: VNFM-Fortigate-Prov-Azure-vm +* Inputs: + * `fortigate_vm_deployment_name`: Name of Fortigate Provisioning deployment. Default: `VNFM-Fortigate-Prov-Azure-vm`. ### Install -``cfy install VNFM-Fortigate-Conf.yaml -b VNFM-Fortigate-Conf`` +`cfy install application.yaml -b VNFM-Fortigate-Conf` ### Uninstall -``cfy uninstall VNFM-Fortigate-Conf`` +`cfy uninstall VNFM-Fortigate-Conf` diff --git a/azure_case/fortigate/Resources/templates/fortigate-baseline.txt b/azure_case/fortigate/Resources/templates/fortigate-baseline.txt old mode 100644 new mode 100755 diff --git a/azure_case/fortigate/VNFM-Fortigate-Conf.yaml b/azure_case/fortigate/application.yaml old mode 100644 new mode 100755 similarity index 95% rename from azure_case/fortigate/VNFM-Fortigate-Conf.yaml rename to azure_case/fortigate/application.yaml index a6e31ce..11fbf01 --- a/azure_case/fortigate/VNFM-Fortigate-Conf.yaml +++ b/azure_case/fortigate/application.yaml @@ -4,7 +4,7 @@ description: > Applies base configuration for newly created FortiGate VM. imports: - - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml + - http://cloudify.co/spec/cloudify/4.5.5/types.yaml - plugin:cloudify-utilities-plugin inputs: diff --git a/azure_case/fortigate/VNFM-Fortigate-Prov-Azure-vm.yaml b/azure_case/fortigate/infrastructure.yaml old mode 100644 new mode 100755 similarity index 99% rename from azure_case/fortigate/VNFM-Fortigate-Prov-Azure-vm.yaml rename to azure_case/fortigate/infrastructure.yaml index 9b4e607..df521f6 --- a/azure_case/fortigate/VNFM-Fortigate-Prov-Azure-vm.yaml +++ b/azure_case/fortigate/infrastructure.yaml @@ -1,7 +1,7 @@ tosca_definitions_version: cloudify_dsl_1_3 imports: - - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml + - http://cloudify.co/spec/cloudify/4.5.5/types.yaml - plugin:cloudify-azure-plugin - plugin:cloudify-utilities-plugin diff --git a/azure_case/httpd/README.md b/azure_case/httpd/README.md index 6e26784..8d7233f 100755 --- a/azure_case/httpd/README.md +++ b/azure_case/httpd/README.md @@ -1,73 +1,56 @@ -# HTTPD on Azure +# HTTPD Webserver -## Prerequisites: +This blueprint installs HTTPD webserver on an Azure VM. -### Common resource creation -Prior to any deployment You have to upload plugins, create secrets and create common environment - [instructions](../common/README.md) +### Prerequisites -### Secrets +First make sure that you have satisfied the global requirements in the [main README](../README.md). -Create the below secrets in the secret store management: -* **httpd_username** - Username for HTTPD VM, it is set during provisioning and used during configuration, -* **httpd_password** - Password for HTTPD VM, it is set during provisioning and used during configuration, -* **httpd_website** - Content of website file for HTTPD VM, it is set during provisioning and served after configuration. Exemplary website can be found under ``Resources/website/index.html``. - -You can create those with the following cfy commands:\ -``cfy secrets create httpd_username -s ``\ -``cfy secrets create httpd_password -s ``\ -``cfy secrets create httpd_website -s `` +* These additional secrets should exist on your manager: + * `httpd_username`: Username for HTTPD VM. It is set during provisioning and used during configuration, "admin" is not allowed. You can set this up via the CLI: `cfy secrets create httpd_username -s [secret value]`. + * `httpd_password`: Password for HTTPD VM. It is set during provisioning and used during configuration. The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following: Contains an uppercase character, Contains a lowercase character, Contains a numeric digit, Contains a special character. Control characters are not allowed. You can set this up via the CLI: `cfy secrets create httpd_password -s [secret value]`. + * `httpd_website`: Content of website file for HTTPD VM, it is set during provisioning and served after configuration. Exemplary website can be found under `Resources/website/index.html`. ## Provisioning -VNFM-HTTPD-Prov-Azure-vm.yaml is responsible for the creation of an Ubuntu VM connected to 2 networks: -* Management, -* LAN. - -For each network NIC, special security group is created (lan_security_group and mgmt_security_group). -Network names are fetched from network deployment using `get_capability` intrinsic function. - -### Inputs -* *image* - Image information - default: - publisher: Canonical \ - offer: UbuntuServer \ - sku: 18.04-LTS \ - version: latest -* *size* - Name of Virtual Machine Size in Azure - default: Basic_A0 -* *retry_after* - The number of seconds for each task retry interval (in the - case of iteratively checking the status of an asynchronous operation) - default: 5 -* *resource_prefix* - Prefix of every resource created at this deployment on Azure - default: cfy -* *resource_suffix* - Suffix of every resource created at this deployment on Azure - default: 0 -* *network_deployment_name* - Name of deployment responsible for creation resource group, security group and networks - - default: VNFM-Networking-Prov-Azure-networks +* Blueprint: The `infrastructure.yaml` blueprint is responsible for the creation of an Ubuntu VM. It is connected to 2 networks: + * Management + * LAN + +The networks' NICs are connected to the security group created in the network deployment. The networks and security group names are fetched from network deployment using `get_capability` intrinsic function. + +* Inputs: + * `image`: Image information. Default: `{'publisher': 'Canonical', 'offer': 'UbuntuServer', 'sku': '18.04-LTS', 'version': 'latest}'`. + * `network_deployment_name`: Name of deployment responsible for creation resource group, security group and networks. Default: `VNFM-Networking-Prov-Azure-networks`. ### Installation -Resources created in Prerequesites subsection are fetched using the capabilities mechanism. -To provision HTTPD: +Upload the blueprint, create the deployment and execute install workflow in one command using the CLI: -``cfy install VNFM-HTTPD-Prov-Azure-vm.yaml -b VNFM-HTTPD-Prov-Azure-vm`` +```bash +cfy install infrastructure.yaml -b \ + VNFM-HTTPD-Prov-Azure-vm +``` -### Uninstalling +###Uninstalling -To delete VM execute: +Uninstall the **VNFM-HTTPD-Prov-Azure-vm** deployment: -``cfy uninstall VNFM-HTTPD-Prov-Azure-vm`` +``` +cfy uninstall VNFM-HTTPD-Prov-Azure-vm +``` ## Configuration -VNFM-HTTPD-Conf.yaml is responsible for starting HTTPD process on the target VM, -*web_server* node is responsible for creating such server using the following command:\ -``screen -dmS -X python3 -m http.server 8080``\ -The IP address of the target VM is fetched from VNFM-HTTPD-Prov-Azure-vm deployment using capabilities. - -### Inputs +* Blueprint: The `application.yaml` blueprint is responsible for starting HTTPD process on the target VM, `web_server` node is responsible for creating such server using the following command: `screen -dmS -X python3 -m http.server 8080`. The IP address of the target VM is fetched from VNFM-HTTPD-Prov-Azure-vm deployment using capabilities. -* *httpd_vm_deployment_name* - Name of HTTPD Provisioning deployment +* Inputs: + * `httpd_vm_deployment_name`: Name of HTTPD Provisioning deployment. Default: `VNFM-HTTPD-Prov-Azure-vm`. ### Install -``cfy install VNFM-HTTPD-Conf.yaml -b VNFM-HTTPD-Conf`` +`cfy install application.yaml -b VNFM-HTTPD-Conf` ### Uninstall -``cfy uninstall VNFM-HTTPD-Conf`` +`cfy uninstall VNFM-HTTPD-Conf` diff --git a/azure_case/httpd/VNFM-HTTPD-Conf.yaml b/azure_case/httpd/application.yaml similarity index 92% rename from azure_case/httpd/VNFM-HTTPD-Conf.yaml rename to azure_case/httpd/application.yaml index d3fdaad..3c902ba 100755 --- a/azure_case/httpd/VNFM-HTTPD-Conf.yaml +++ b/azure_case/httpd/application.yaml @@ -3,7 +3,7 @@ description: > Starts HTTPD process on VM. imports: - - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml + - http://cloudify.co/spec/cloudify/4.5.5/types.yaml - plugin:cloudify-utilities-plugin inputs: diff --git a/azure_case/httpd/VNFM-HTTPD-Prov-Azure-vm.yaml b/azure_case/httpd/infrastructure.yaml similarity index 99% rename from azure_case/httpd/VNFM-HTTPD-Prov-Azure-vm.yaml rename to azure_case/httpd/infrastructure.yaml index 7fb11ec..599c3f0 100755 --- a/azure_case/httpd/VNFM-HTTPD-Prov-Azure-vm.yaml +++ b/azure_case/httpd/infrastructure.yaml @@ -1,7 +1,7 @@ tosca_definitions_version: cloudify_dsl_1_3 imports: - - http://www.getcloudify.org/spec/cloudify/4.3/types.yaml + - http://cloudify.co/spec/cloudify/4.5.5/types.yaml - plugin:cloudify-azure-plugin - plugin:cloudify-utilities-plugin diff --git a/azure_case/network-topology/README.md b/azure_case/network-topology/README.md new file mode 100755 index 0000000..1a28bf4 --- /dev/null +++ b/azure_case/network-topology/README.md @@ -0,0 +1,31 @@ +# Network Topology + +This blueprint installs the common infrastructure for the commercial VNF use case. + +The following resources will be created: + + * `Resource group`: Group that is required to create any other resource in Azure. + * `Management Network`: This network connects the Cloudify manager to all managed components. + * `LAN network`: This network connects the firewall to the web server. + * `WAN network`: This network connects the load balancer to the web server. + * `Public network`: This is the public network accessible to the user. BIG IP exposes the web server on the Public network interface. + * `Security group`: Security group for VNF NICs, defined by *network_security_group_rules* input, + +### Installation + +**Note: Only install this deployment once.** Other blueprints will reuse the existing deployment. + +Upload the blueprint, create the deployment and execute install workflow in one command using the CLI: + +```bash +cfy install infrastructure.yaml -b \ + VNFM-Networking-Prov-Azure-networks +``` + +###Uninstalling + +Uninstall the **VNFM-Networking-Prov-Azure-networks** deployment: + +``` +cfy uninstall VNFM-Networking-Prov-Azure-networks +``` diff --git a/azure_case/common/VNFM-Networking-Prov-Azure-networks.yaml b/azure_case/network-topology/infrastructure.yaml old mode 100644 new mode 100755 similarity index 98% rename from azure_case/common/VNFM-Networking-Prov-Azure-networks.yaml rename to azure_case/network-topology/infrastructure.yaml index 80b7bb2..67d9463 --- a/azure_case/common/VNFM-Networking-Prov-Azure-networks.yaml +++ b/azure_case/network-topology/infrastructure.yaml @@ -3,8 +3,16 @@ tosca_definitions_version: cloudify_dsl_1_3 description: > Create an Example Azure Network. +dsl_definitions: + + client_config: &client_config + subscription_id: { get_secret: azure_subscription_id } + tenant_id: { get_secret: azure_tenant_id } + client_id: { get_secret: azure_client_id } + client_secret: { get_secret: azure_client_secret } + imports: - - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml + - http://cloudify.co/spec/cloudify/4.5.5/types.yaml - plugin:cloudify-azure-plugin inputs: @@ -66,15 +74,6 @@ inputs: access: Allow direction: Inbound -dsl_definitions: - - client_config: &client_config - subscription_id: { get_secret: azure_subscription_id } - tenant_id: { get_secret: azure_tenant_id } - client_id: { get_secret: azure_client_id } - client_secret: { get_secret: azure_client_secret } - - node_templates: resource_group: diff --git a/azure_case/service/README.md b/azure_case/service/README.md index b688edc..e664a2e 100755 --- a/azure_case/service/README.md +++ b/azure_case/service/README.md @@ -1,40 +1,39 @@ # Network Service -Creates a service chain by creating forwarding rules on the VNFs (Fortigate and BIG IP). +This blueprint installs a service chain by creating forwarding rules on the VNFs (Fortigate and BIG IP). ## Prerequisites: -* **BIG IP Provisioning & Configuration** - [Instructions](../bigip/README.md) -* **Fortigate Provisioning & Configuration** - [Instructions](../fortigate/README.md) -* **HTTPD Provisioning & Configuration** - [Instructions](../httpd/README.md) +First make sure that you have satisfied the global requirements in the [main README](../README.md) as well as installed the following deployments: -## Service creation + * *BIG IP Provisioning & Configuration*: See [instructions](../bigip/README.md). + * *Fortigate Provisioning & Configuration*: See [instructions](../fortigate/README.md). + * *HTTPD Provisioning & Configuration*: See [instructions](../httpd/README.md). -NS-LB-Firewall-F5-Fortigate-HTTPD.yaml consists of 2 nodes: -1. *fg_port_forwarding* - prepares NAT rules and policies, which are required to perform the service chain. [fortigate-portforward-start.txt](Resources/templates/fortigate-portforward-start.txt) file is used to apply configuration during installation and [fortigate-portforward-stop.txt](Resources/templates/fortigate-portforward-stop.txt) to delete it during uninstall. -2. *ltm_config* - creates load balancing rule responsible for passing traffic from app (exposed on WAN fortigate interface) -to BIG-IP Public interface using [ltm_config.txt](Resources/templates/ltm_config.txt) file to apply configuration and [ltm_config_stop.txt](Resources/templates/ltm_config_stop.txt) to delete it during uninstall +## Service creation -IP addresses are fetched using *get_capability* function. +IP addresses are fetched using `get_capability` function. -### Inputs +* Blueprint: The `service.yaml` blueprint is responsible for orchestrating the service chaining. It consists of two nodes: + * `fg_port_forwarding`: Prepares NAT rules and policies, which are required to perform the service chain. [fortigate-portforward-start.txt](Resources/templates/fortigate-portforward-start.txt) file is used to apply configuration during installation and [fortigate-portforward-stop.txt](Resources/templates/fortigate-portforward-stop.txt) to delete it during uninstall. + * `ltm_config`: Creates load balancing rule responsible for passing traffic from app (exposed on WAN fortigate interface) to BIG-IP Public interface using [ltm_config.txt](Resources/templates/ltm_config.txt) file to apply configuration and [ltm_config_stop.txt](Resources/templates/ltm_config_stop.txt) to delete it during uninstall. -* *f5_prov_deployment_name* - The name of the BIG IP Provisioning deployment, used to get management and Public IPs from BIG IP VE - default: VNFM-F5-Prov-Azure-vm -* *fg_prov_deployment_name* - The name of the Fortigate Provisioning deployment, used to get management and WAN IPs from Fortigate VM - default: VNFM-Fortigate-Conf -* *httpd_prov_deployment_name* - The name of the HTTPD Provisioning deployment, used to fetch HTTPD LAN interface IP - default: VNFM-HTTPD-Prov-Azure-vm -* *lb_public_port* - Load balancer public network port on which the service is exposed - default: 8080 -* *wan_port* - Fortigate WAN port on which the service is going to be exposed - default: '8080' +* Inputs: + * `f5_prov_deployment_name`: The name of the BIG IP Provisioning deployment, used to get management and Public IPs from BIG IP VE. Default: `VNFM-F5-Prov-Azure-vm`. + * `fg_prov_deployment_name`: The name of the Fortigate Provisioning deployment, used to get management and WAN IPs from Fortigate VM. Default: `VNFM-Fortigate-Conf`. + * `httpd_prov_deployment_name`: The name of the HTTPD Provisioning deployment, used to fetch HTTPD LAN interface IP. Default: `VNFM-HTTPD-Prov-Azure-vm`. + * `lb_public_port`: Load balancer public network port on which the service is exposed. Default: `8080`. + * `wan_port`: Fortigate WAN port on which the service is going to be exposed. Default: `8080'`. ### Installation To apply service configuration execute: -``cfy install NS-LB-Firewall-F5-Fortigate-HTTPD.yaml -b NS-LB-Firewall-F5-Fortigate-HTTPD`` +``cfy install service.yaml -b NS-LB-Firewall-F5-Fortigate-HTTPD`` ### Service validation -After service creation You should be able to display web server exposed on Public interface of BIG-IP. -The URL is available on *web_server* deployment output. +After service creation You should be able to display web server exposed on Public interface of BIG-IP. The URL is available on *web_server* deployment output. ### Uninstalling diff --git a/azure_case/service/Resources/templates/fortigate-portforward-start.txt b/azure_case/service/Resources/templates/fortigate-portforward-start.txt old mode 100644 new mode 100755 diff --git a/azure_case/service/Resources/templates/fortigate-portforward-stop.txt b/azure_case/service/Resources/templates/fortigate-portforward-stop.txt old mode 100644 new mode 100755 diff --git a/azure_case/service/Resources/templates/ltm_config.txt b/azure_case/service/Resources/templates/ltm_config.txt old mode 100644 new mode 100755 diff --git a/azure_case/service/Resources/templates/ltm_config_stop.txt b/azure_case/service/Resources/templates/ltm_config_stop.txt old mode 100644 new mode 100755 diff --git a/azure_case/service/NS-LB-Firewall-F5-Fortigate-HTTPD.yaml b/azure_case/service/service.yaml old mode 100644 new mode 100755 similarity index 98% rename from azure_case/service/NS-LB-Firewall-F5-Fortigate-HTTPD.yaml rename to azure_case/service/service.yaml index e457fa8..53adb21 --- a/azure_case/service/NS-LB-Firewall-F5-Fortigate-HTTPD.yaml +++ b/azure_case/service/service.yaml @@ -4,7 +4,7 @@ description: > Creates port forwading on Fortigate and load balancing rule on BIG-IP LTM to allow traffic forwarding imports: - - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml + - http://cloudify.co/spec/cloudify/4.5.5/types.yaml - plugin:cloudify-utilities-plugin inputs: diff --git a/azure_case_e2e/README.md b/azure_case_e2e/README.md index 9a7e875..c031cf4 100755 --- a/azure_case_e2e/README.md +++ b/azure_case_e2e/README.md @@ -33,7 +33,7 @@ Create the below secrets in the secret store management: * *azure_location* - Specifies the supported Azure location for the resource * *bigip_username* - Username for BIG IP VE, it is set during provisioning and used during configuration, "admin" is not allowed * *bigip_password* - Password for BIG IP VE, it is set during provisioning and used during configuration. The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following: Contains an uppercase character, Contains a lowercase character, Contains a numeric digit, Contains a special character. Control characters are not allowed - * *bigip_license_key* - License key for BIG IP VE, it is being applied during configuration + * *bigip_license* - License key for BIG IP VE, it is being applied during configuration * *fortigate_username* - Username for Fortigate VM, it is set during provisioning and used during configuration * *fortigate_password* - Password for Fortigate VM, it is set during provisioning and used during configuration * *fortigate_license* - Content of license file, its used during provisioning to license Fortigate @@ -49,7 +49,7 @@ You can create those with the following cfy commands:\ ``cfy secrets create azure_location -s ``\ ``cfy secrets create bigip_username -s ``\ ``cfy secrets create bigip_password -s ``\ -``cfy secrets create bigip_license_key -s ``\ +``cfy secrets create bigip_license -s ``\ ``cfy secrets create fortigate_username -s ``\ ``cfy secrets create fortigate_password -s ``\ ``cfy secrets create fortigate_license -f ``\ @@ -59,21 +59,21 @@ You can create those with the following cfy commands:\ ### Inputs -* *common_prov_name* - The name of the Common resources provisioning deployment - default: VNFM-Networking-Prov-Azure-networks +* *network_prov_name* - The name of the common network resources provisioning deployment - default: VNFM-Networking-Prov-Azure-networks * *f5_prov_name* - The name of the BIG IP Provisioning deployment - default: VNFM-F5-Prov-Azure-vm * *f5_conf_name* - The name of the BIG IP Configuration deployment - default: VNFM-F5-Conf * *fg_prov_name* - The name of the Fortigate Provisioning deployment - default: VNFM-Fortigate-Prov-Azure-vm * *fg_conf_name* - The name of the Fortigate Configuration deployment - default: VNFM-Fortigate-Conf * *httpd_prov_name* - The name of the HTTPD Provisioning deployment - default: VNFM-HTTPD-Prov-Azure-vm * *httpd_conf_name* - The name of the HTTPD Configuration deployment - default: VNFM-HTTPD-Conf -* *service_prov_name* - The name of the Common resources provisioning deployment - default: NS-LB-Firewall-F5-Fortigate-HTTPD +* *service_prov_name* - The name of the service provisioning deployment - default: NS-LB-Firewall-F5-Fortigate-HTTPD ### Installation To apply the service configuration execute: -``cfy install VNFM-E2E-F5-Fortigate-HTTPD.yaml -b VNFM-E2E-F5-Fortigate-HTTPD`` +``cfy install e2e.yaml -b VNFM-E2E-F5-Fortigate-HTTPD`` ### Service validation diff --git a/azure_case_e2e/Resources/bigip.zip b/azure_case_e2e/Resources/bigip.zip index f559c9e..a26399c 100755 Binary files a/azure_case_e2e/Resources/bigip.zip and b/azure_case_e2e/Resources/bigip.zip differ diff --git a/azure_case_e2e/Resources/common.zip b/azure_case_e2e/Resources/common.zip deleted file mode 100755 index 38aaaba..0000000 Binary files a/azure_case_e2e/Resources/common.zip and /dev/null differ diff --git a/azure_case_e2e/Resources/fortigate.zip b/azure_case_e2e/Resources/fortigate.zip index 12d4bf0..bbf585d 100755 Binary files a/azure_case_e2e/Resources/fortigate.zip and b/azure_case_e2e/Resources/fortigate.zip differ diff --git a/azure_case_e2e/Resources/httpd.zip b/azure_case_e2e/Resources/httpd.zip index 23fab8a..cccaed4 100755 Binary files a/azure_case_e2e/Resources/httpd.zip and b/azure_case_e2e/Resources/httpd.zip differ diff --git a/azure_case_e2e/Resources/network-topology.zip b/azure_case_e2e/Resources/network-topology.zip new file mode 100755 index 0000000..03bcac1 Binary files /dev/null and b/azure_case_e2e/Resources/network-topology.zip differ diff --git a/azure_case_e2e/Resources/service.zip b/azure_case_e2e/Resources/service.zip index 7653507..29c814b 100755 Binary files a/azure_case_e2e/Resources/service.zip and b/azure_case_e2e/Resources/service.zip differ diff --git a/azure_case_e2e/VNFM-E2E-F5-Fortigate-HTTPD.yaml b/azure_case_e2e/VNFM-E2E-F5-Fortigate-HTTPD.yaml deleted file mode 100755 index abd735b..0000000 --- a/azure_case_e2e/VNFM-E2E-F5-Fortigate-HTTPD.yaml +++ /dev/null @@ -1,176 +0,0 @@ -tosca_definitions_version: cloudify_dsl_1_3 - -description: > - Master blueprint, which provisions all atomic components, configures them and - chains together. In partilucar: - * prepares the environment, including networks, subnets, security groups etc. - * provisions F5 BIG-IP VM - * provisions Fortigate VM - * provisions HTTPD VM - * configures F5 BIG-IP - * configures Fortigate - * configures HTTPD - * creates a service chain to allow traffic forwarding - -imports: - - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml - - plugin:cloudify-utilities-plugin - -inputs: - common_prov_name: - description: Name of common resources provisioning blueprint/deployment - default: VNFM-Networking-Prov-Azure-networks - - f5_prov_name: - description: Name of BIG IP Provisioning blueprint/deployment - default: VNFM-F5-Prov-Azure-vm - - f5_conf_name: - description: Name of BIG IP Configuration blueprint/deployment - default: VNFM-F5-Conf - - fg_prov_name: - description: Name of Fortigate Provisioning blueprint/deployment - default: VNFM-Fortigate-Prov-Azure-vm - - fg_conf_name: - description: Name of Fortigate Configuration blueprint/deployment - default: VNFM-Fortigate-Conf - - httpd_prov_name: - description: Name of HTTPD Provisioning blueprint/deployment - default: VNFM-HTTPD-Prov-Azure-vm - - httpd_conf_name: - description: Name of HTTPD Configuration blueprint/deployment - default: VNFM-HTTPD-Conf - - service_prov_name: - description: Name of service chain Provisioning blueprint/deployment - default: NS-LB-Firewall-F5-Fortigate-HTTPD - -node_templates: - - # Common - common_prov: - type: cloudify.nodes.DeploymentProxy - properties: - resource_config: - blueprint: - id: { get_input: common_prov_name } - blueprint_archive: Resources/common.zip - main_file_name: VNFM-Networking-Prov-Azure-networks.yaml - deployment: - id: { get_input: common_prov_name } - - # Provisioning - f5_prov: - type: cloudify.nodes.DeploymentProxy - properties: - resource_config: - blueprint: - id: { get_input: f5_prov_name } - blueprint_archive: Resources/bigip.zip - main_file_name: VNFM-F5-Prov-Azure-vm.yaml - deployment: - id: { get_input: f5_prov_name } - relationships: - - type: cloudify.relationships.depends_on - target: common_prov - - fg_prov: - type: cloudify.nodes.DeploymentProxy - properties: - resource_config: - blueprint: - id: { get_input: fg_prov_name } - blueprint_archive: Resources/fortigate.zip - main_file_name: VNFM-Fortigate-Prov-Azure-vm.yaml - deployment: - id: { get_input: fg_prov_name } - relationships: - - type: cloudify.relationships.depends_on - target: common_prov - - httpd_prov: - type: cloudify.nodes.DeploymentProxy - properties: - resource_config: - blueprint: - id: { get_input: httpd_prov_name } - blueprint_archive: Resources/httpd.zip - main_file_name: VNFM-HTTPD-Prov-Azure-vm.yaml - deployment: - id: { get_input: httpd_prov_name } - relationships: - - type: cloudify.relationships.depends_on - target: common_prov - - # Configuration - f5_conf: - type: cloudify.nodes.DeploymentProxy - properties: - resource_config: - blueprint: - id: { get_input: f5_conf_name } - blueprint_archive: Resources/bigip.zip - main_file_name: VNFM-F5-Conf.yaml - deployment: - id: { get_input: f5_conf_name } - relationships: - - type: cloudify.relationships.depends_on - target: f5_prov - - fg_conf: - type: cloudify.nodes.DeploymentProxy - properties: - resource_config: - blueprint: - id: { get_input: fg_conf_name } - blueprint_archive: Resources/fortigate.zip - main_file_name: VNFM-Fortigate-Conf.yaml - deployment: - id: { get_input: fg_conf_name } - relationships: - - type: cloudify.relationships.depends_on - target: fg_prov - - httpd_conf: - type: cloudify.nodes.DeploymentProxy - properties: - resource_config: - blueprint: - id: { get_input: httpd_conf_name } - blueprint_archive: Resources/httpd.zip - main_file_name: VNFM-HTTPD-Conf.yaml - deployment: - id: { get_input: httpd_conf_name } - relationships: - - type: cloudify.relationships.depends_on - target: httpd_prov - - # Service Chain - service_prov: - type: cloudify.nodes.DeploymentProxy - properties: - resource_config: - blueprint: - id: { get_input: service_prov_name } - blueprint_archive: Resources/service.zip - main_file_name: NS-LB-Firewall-F5-Fortigate-HTTPD.yaml - deployment: - id: { get_input: service_prov_name } - outputs: - web_server: web_server_value - relationships: - - type: cloudify.relationships.depends_on - target: f5_conf - - type: cloudify.relationships.depends_on - target: fg_conf - - type: cloudify.relationships.depends_on - target: httpd_conf - -outputs: - web_server: - description: Web server endpoint exposed on BIG IP Public interface - value: { get_attribute: [service_prov, deployment, outputs, web_server_value] } diff --git a/azure_case_e2e/e2e.yaml b/azure_case_e2e/e2e.yaml new file mode 100755 index 0000000..3414db7 --- /dev/null +++ b/azure_case_e2e/e2e.yaml @@ -0,0 +1,272 @@ +tosca_definitions_version: cloudify_dsl_1_3 + +description: > + This is the master blueprint for the Cloudify VNF example. It provisions all the atomic components, + configures, and then chains them together. In partilucar: + * prepares the environment, including networks, subnets, security groups etc. + * provisions F5 BIG-IP VM + * provisions Fortigate VM + * provisions HTTPD VM + * configures F5 BIG-IP + * configures Fortigate + * configures HTTPD + * creates a service chain to allow traffic forwarding + +# In this section, we import the basic node types, which will be later used in the +# node_templates section to define particular elements of the chain and the +# relationships between them. This section also imports the cloudify-utilities-plugin +# to allow using the Deployment Proxy mechanism. + +imports: + - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml + - plugin:cloudify-utilities-plugin + +# The inputs section includes the names of the particular blueprints and +# deployments which this blueprint will leverage. +inputs: + network_prov_name: + description: Name of network resources provisioning blueprint/deployment + default: VNFM-Networking-Prov-Azure-networks + + f5_prov_name: + description: Name of BIG IP Provisioning blueprint/deployment + default: VNFM-F5-Prov-Azure-vm + + f5_conf_name: + description: Name of BIG IP Configuration blueprint/deployment + default: VNFM-F5-Conf + + fg_prov_name: + description: Name of Fortigate Provisioning blueprint/deployment + default: VNFM-Fortigate-Prov-Azure-vm + + fg_conf_name: + description: Name of Fortigate Configuration blueprint/deployment + default: VNFM-Fortigate-Conf + + httpd_prov_name: + description: Name of HTTPD Provisioning blueprint/deployment + default: VNFM-HTTPD-Prov-Azure-vm + + httpd_conf_name: + description: Name of HTTPD Configuration blueprint/deployment + default: VNFM-HTTPD-Conf + + service_prov_name: + description: Name of service chain Provisioning blueprint/deployment + default: NS-LB-Firewall-F5-Fortigate-HTTPD + +# In the node_templates section, we define the nodes that will be instanciated. +# We use DeploymentProxy nodes to deploy other blueprints representing the example +# building blocks. +node_templates: + + # Network-topology: + # This blueprint is responsible for creating all of the common resources, + # which are later used in other blueprints. Especially: resource_group, + # networks, subnets and security groups. + # DeploymentProxy is being used for the blueprint uploading and the + # deployment creation. + # There's no relationships defined under this node, which means that during + # install it will be instantiated at first. + network_prov: + type: cloudify.nodes.DeploymentProxy + properties: + resource_config: + blueprint: + id: { get_input: network_prov_name } + blueprint_archive: Resources/network-topology.zip + main_file_name: infrastructure.yaml + deployment: + id: { get_input: network_prov_name } + + + ### PROVISIONING ### + + # F5 Provisioning: + # This blueprint is responsible for provisioning the F5 BIG-IP VM in Azure + # infrastructure, including the necessary storage account and network + # interfaces. + # DeploymentProxy is used for the blueprint uploading and the + # deployment creation. + # A "depends_on" relationship which targets the "network_prov" node is defined. + # It means, that during the install workflow, "f5_prov" node will be instantiated + # after "network_prov" node will. That will alllow the "f5_prov" node to create network + # interfaces in the networks created by "network_prov" blueprint. + f5_prov: + type: cloudify.nodes.DeploymentProxy + properties: + resource_config: + blueprint: + id: { get_input: f5_prov_name } + blueprint_archive: Resources/bigip.zip + main_file_name: infrastructure.yaml + deployment: + id: { get_input: f5_prov_name } + relationships: + - type: cloudify.relationships.depends_on + target: network_prov + + # FortiGate Provisioning: + # This blueprint is responsible for provisioning the FortiGate VM in Azure + # infrastructure, including the necessary storage account and network + # interfaces. + # DeploymentProxy is used for the blueprint uploading and the + # deployment creation. + # A "depends_on" relationship which targets the "network_prov" node is defined. + # It means, that during the install workflow, "fg_prov" node will be instantiated + # after "network_prov" node will. That will alllow the "fg_prov" node to create network + # interfaces in the networks created by "network_prov" blueprint. + fg_prov: + type: cloudify.nodes.DeploymentProxy + properties: + resource_config: + blueprint: + id: { get_input: fg_prov_name } + blueprint_archive: Resources/fortigate.zip + main_file_name: infrastructure.yaml + deployment: + id: { get_input: fg_prov_name } + relationships: + - type: cloudify.relationships.depends_on + target: network_prov + + # HTTPD Provisioning: + # This blueprint is responsible for provisioning the HTTPD VM in Azure + # infrastructure, including the necessary storage account and network + # interfaces. + # DeploymentProxy is used for the blueprint uploading and the + # deployment creation. + # A "depends_on" relationship which targets the "network_prov" node is defined. + # It means, that during the install workflow, "httpd_prov" node will be instantiated + # after "network_prov" node will. That will alllow the "httpd_prov" node to create network + # interfaces in the networks created by "network_prov" blueprint. + httpd_prov: + type: cloudify.nodes.DeploymentProxy + properties: + resource_config: + blueprint: + id: { get_input: httpd_prov_name } + blueprint_archive: Resources/httpd.zip + main_file_name: infrastructure.yaml + deployment: + id: { get_input: httpd_prov_name } + relationships: + - type: cloudify.relationships.depends_on + target: network_prov + + ### CONFIGURATION ### + + # F5 Configuration: + # This blueprint is responsible for configuration of the F5 BIG-IP VM + # created by the "f5_prov" node. + # DeploymentProxy is being used for the blueprint uploading and the + # deployment creation. + # In relationships section, there's a "depends_on" relationship defined, + # which targets the "f5_prov" node. It means, that during install + # workflow, "f5_conf" node will be instantiated after "f5_prov". + # It prevents the situation, when Cloudify Manager starts to configure + # F5 BIG-IP VM before it gets instantiated by "f5_prov" node. + f5_conf: + type: cloudify.nodes.DeploymentProxy + properties: + resource_config: + blueprint: + id: { get_input: f5_conf_name } + blueprint_archive: Resources/bigip.zip + main_file_name: application.yaml + deployment: + id: { get_input: f5_conf_name } + relationships: + - type: cloudify.relationships.depends_on + target: f5_prov + + # FortiGate Configuration: + # This blueprint is responsible for configuration of the FortiGate VM + # created by the "fg_prov" node. + # DeploymentProxy is being used for the blueprint uploading and the + # deployment creation. + # In relationships section, there's a "depends_on" relationship defined, + # which targets the "fg_prov" node. It means, that during install + # workflow, "fg_conf" node will be instantiated after "fg_prov". + # It prevents the situation, when Cloudify Manager starts to configure + # FortiGate VM before it gets instantiated by "fg_prov" node. + fg_conf: + type: cloudify.nodes.DeploymentProxy + properties: + resource_config: + blueprint: + id: { get_input: fg_conf_name } + blueprint_archive: Resources/fortigate.zip + main_file_name: application.yaml + deployment: + id: { get_input: fg_conf_name } + relationships: + - type: cloudify.relationships.depends_on + target: fg_prov + + # HTTPD Configuration: + # This blueprint is responsible for configuration of the HTTPD VM + # created by the "httpd_prov" node. + # DeploymentProxy is being used for the blueprint uploading and the + # deployment creation. + # In relationships section, there's a "depends_on" relationship defined, + # which targets the "httpd_prov" node. It means, that during install + # workflow, "httpd_conf" node will be instantiated after "httpd_prov". + # It prevents the situation, when Cloudify Manager starts to configure + # HTTPD VM before it gets instantiated by "httpd_prov" node. + httpd_conf: + type: cloudify.nodes.DeploymentProxy + properties: + resource_config: + blueprint: + id: { get_input: httpd_conf_name } + blueprint_archive: Resources/httpd.zip + main_file_name: application.yaml + deployment: + id: { get_input: httpd_conf_name } + relationships: + - type: cloudify.relationships.depends_on + target: httpd_prov + + # Service Chain: + # This blueprint is responsible for creating a service chain between the + # nodes created in previous steps. It applies the load balancing rules to + # the F5 BIG-IP VM and sets a port-forwarding policy on FortiGate VM to + # expose a website served by HTTPD VM on the public interface of the F5 + # BIG-IP VM. + # DeploymentProxy is being used for the blueprint uploading and the + # deployment creation. + # In the relationships section, there are several "depends_on" + # relationships defined. As a result, Cloudify Manager will be waiting + # with the service chain creation until all of the particular VNFs, which are + # going to be a part of this chain, are properly provisioned & configured + service_prov: + type: cloudify.nodes.DeploymentProxy + properties: + resource_config: + blueprint: + id: { get_input: service_prov_name } + blueprint_archive: Resources/service.zip + main_file_name: service.yaml + deployment: + id: { get_input: service_prov_name } + outputs: + web_server: web_server_value + relationships: + - type: cloudify.relationships.depends_on + target: f5_conf + - type: cloudify.relationships.depends_on + target: fg_conf + - type: cloudify.relationships.depends_on + target: httpd_conf + +# In the outputs section we can expose values, which will appear in GUI after +# the successful deployment installation. Here, a webserver endpoint is being +# printed. "get_attribute" function gets this value from the "service_prov" +# deployment outputs. Once the "install" workflow is finished, user can use this +# endpoint to check if the service is working fine. +outputs: + web_server: + description: Web server endpoint exposed on BIG IP Public interface + value: { get_attribute: [service_prov, deployment, outputs, web_server_value] } diff --git a/openstack_commercial_case/README.md b/openstack_commercial_case/README.md index d1a2bf3..48a7951 100755 --- a/openstack_commercial_case/README.md +++ b/openstack_commercial_case/README.md @@ -1,55 +1,51 @@ -# Network Service - Commercial VNFs - -In this examples we demonstrate how to construct a simple network service consisting of a load balancer and a firewall. To make it a tad more interesting we will be deploying a simple web service to allow for complete user experience: - -![ns](https://user-images.githubusercontent.com/30900001/52050834-12889e00-2552-11e9-9a68-452e92cc7014.png) - -If we break it down to how we would typically build such a service the basic steps would probably be: - -1. Provision a firewall and configure it’s network interfaces and the network settings - -2. Provision a load balancer and setup basic settings - -3. Provision a web server instance, configure it, and setup basic web content - -4. Compose the service flow by setting the load balancer to accept traffic on a certain port, direct it to the firewall, configure the firewall to allow web traffic to the web server, etc. - -This example contains blueprints implementing each of these steps. These can be easily modified for other VNFs or different infrastructure. +# Commercial VNF Use Case Upon completion of this example we will have a complete running network service. -Note! The infrastructure used in this example is OpenStack, and the demonstrated VNFs are: -* F5 BIG-IP VE (Load balancer) -* Fortigate (Firewall) -* Httpd (Web Server) - -## Cloudify Manager - -Before we get started, please make sure you have a Cloudify manager deployed. - -The cloudify manager is available in multiple formats ranging from Docker to RPM. In this tutorial we will be using the docker option and assume that it is deployed on your local computer. It can be of course deployed using any other method and on any given platform. - -To learn more about Cloudify manager deployment go to: [Cloudify-Getting-Started](https://cloudify.co/download/) - -## Example overview - -Creation of the whole service consists of the following steps. Each step is available as a blueprint (yaml file) in this example folder. - -1. *Environment preparation* -Create networks, subnets, a router and a security group. For more details check [common/README](common/README.md) -2. *Provisioning of the VNFs* -Create the virtual machines in Openstack and connect those to the proper networks. -Each VNF is created using a blueprint named ``VNFM--Prov-Openstack-vm.yaml``: -* **bigip/VNFM-F5-Prov-Openstack-vm.yaml** - [BIG IP Provisioning instruction](bigip/README.md##Provisioning) -* **fortigate/VNFM-Fortigate-Prov-Openstack-vm.yaml** - [Fortigate Provisioning instruction](fortigate/README.md##Provisioning) -* **httpd/VNFM-HTTPD-Prov-Openstack-vm.yaml** - [HTTPD Provisioning instruction](httpd/README.md##Provisioning) -3. *Configure the VNFs* -Apply basic configuration of the VNFs. This is done using blueprints named ``VNFM--Conf.yaml``: -* **bigip/VNFM-F5-Conf.yaml** (licensing and VLAN configuration) - [BIG IP Configuration instruction](bigip/README.md##Configuration) -* **fortigate/VNFM-Fortigate-Conf.yaml** (Setting firewall rules and port forwarding) - [Fortigate Configuration instruction](fortigate/README.md##Configuration) -* **httpd/VNFM-HTTPD-Conf.yaml** (Creation of Web Server) - [HTTPD Configuration instruction](httpd/README.md##Configuration) -4. *Service chaining* -The last step creates a service chain of connected network services (Load Balancer, Firewall and Web Server). In this case service chaining consists of port forwarding rule on Fortigate and load balancing rule on BIG IP in order to pass traffic through. -Use the ``service/NS-LB-Firewall-F5-Fortigate-HTTPD.yaml`` - [Service creation instruction](service/README.md) +![ns](https://user-images.githubusercontent.com/30900001/52050834-12889e00-2552-11e9-9a68-452e92cc7014.png) -Once all steps had been performed, you should be able to access the web page displayed by the web service by accessing the ip of the load balancer (This IP will be the output of the service deployment flow, and will be titled web_server). +This series of blueprints demonstrates how to install a simple network service consisting of a load balancer and a firewall. To make it a tad more interesting we will be deploying a simple web service to allow for complete user experience. All of the examples are currently implemented only for Azure. + +**Note!** +The infrastructure used in this example is Microsoft Azure, and the demonstrated VNFs are: + * F5 BIG-IP VE (Load balancer) + * Fortigate (Firewall) + * Httpd (Web Server) + +## Common Prerequisites: + +* Cloudify Manager 4.5.5, for more info: [Cloudify-Getting-Started](https://cloudify.co/download/). + +* These plugins should exist on your manager. (E.g. You can just run `cfy plugins bundle-upload`, which will satisfy all plugin requirements.): + * [cloudify-openstack-plugin](https://github.com/cloudify-cosmo/cloudify-openstack-plugin/releases), version 2.14.7 or higher. + * [cloudify-utilities-plugin](https://github.com/cloudify-incubator/cloudify-utilities-plugin/releases), version 1.12.5 or higher. + +* These secrets should exist on your manager: +* **Openstack secrets:** + * *keystone_username* - Username used for authentication in Keystone service + * *keystone_password* - Password used for authentication in Keystone service + * *keystone_tenant_name* - Name of the tenant in OpenStack + * *keystone_url* - URL used for authentication in Keystone service + * *keystone_region* - Name of the region in OpenStack + +You can create those with the following cfy commands:\ +``cfy secrets create keystone_username -s ``\ +``cfy secrets create keystone_password -s ``\ +``cfy secrets create keystone_tenant_name -s ``\ +``cfy secrets create keystone_url -s ``\ +``cfy secrets create keystone_region -s `` + +## Installation + +The installation is broken into a few basic steps. Go to the relevant README and progress through these steps in the correct order. + +1. [Prepare the environment](network-topology/README.md##Installation): Create networks, subnets, router and a security group. +1. Provisioning of the VNFs: + 1. [Provision the load balancer](bigip/README.md##Provisioning) and setup basic settings. + 1. [Provision the firewall](fortigate/README.md##Provisioning) and configure its network interfaces and the network settings. + 1. [Provision the web server](httpd/README.md##Provisioning) instance, configure it, and setup basic web content. +1. Compose the service flow by: + 1. [Configuration the load balancer](bigip/README.md##Configuration) and setup basic settings. + 1. [Configuration the firewall](fortigate/README.md##Configuration) and configure its network interfaces and the network settings. + 1. [Configuration the web server](httpd/README.md##Configuration) instance, configure it, and setup basic web content. +1. [Create service](service/README.md) The last step creates a service chain of connected network services (Load Balancer, Firewall and Web Server). In this case service chaining consists of port forwarding rule on Fortigate and load balancing rule on BIG IP in order to pass traffic through. diff --git a/openstack_commercial_case/bigip/README.md b/openstack_commercial_case/bigip/README.md index dc098f1..c27fcd0 100755 --- a/openstack_commercial_case/bigip/README.md +++ b/openstack_commercial_case/bigip/README.md @@ -1,71 +1,68 @@ -# F5 Big-IP on OpenStack +# BIG-IP Load Balancer -## Prerequisites: +This blueprint installs the BIG-IP load balancer on Openstack. -### Common resource creation -Prior to any deployment You have to upload plugins, create secrets and create common environment - [instructions](../common/README.md) +### Prerequisites -### Secrets +First make sure that you have satisfied the global requirements in the [main README](../README.md). -Create the below secrets in the secret store management: -* **bigip_license_key** - License key for BIG IP VE, it is being applied during configuration. - -You can create those with the following cfy commands:\ -``cfy secrets create bigip_license_key -s `` +* These additional secrets should exist on your manager: + * `bigip_license`: License key for BIG IP VE. It is being applied during configuration. . You can set this up via the CLI: `cfy secrets create bigip_license -s [secret value]`. ## Provisioning -VNFM-F5-Prov-Openstack-vm.yaml is responsible for creation BIG-IP Virtual Machine connected to 3 networks: -* Management, -* WAN, -* Public. +* Blueprint: The `infrastructure.yaml` blueprint is responsible for creation BIG-IP Virtual Machine. This VM is connected to 3 networks: + * Management + * WAN + * Public Network's NICs are connected to security group created in network deployment. Networks and security group names are fetched from network deployment using `get_capability` intrinsic function. -### Inputs -* *flavor_id* - ID of the flavor in OpenStack - default: f7cfaaa8-e2db-4f9b-a65b-6a407f340960 -* *vnf_vm_name* - Name of Virtual Machine - default: bigip -* *image_id* - ID of the image in OpenStack - default: 6d8ff903-f35b-43df-b7c2-e219929924b9 -* *resource_prefix* - Prefix of every resource created at this deployment on Openstack - default: cfy -* *resource_suffix* - Suffix of every resource created at this deployment on Openstack - default: 0 -* *openstack_network_deployment_name* - Name of the deployment responsible for router, security group and networks creation - - default: VNFM-Networking-Prov-Openstack-networks +* Inputs: + * *flavor_id* - ID of the flavor in OpenStack - default: f7cfaaa8-e2db-4f9b-a65b-6a407f340960 + * *vnf_vm_name* - Name of Virtual Machine - default: bigip + * *image_id* - ID of the image in OpenStack - default: 6d8ff903-f35b-43df-b7c2-e219929924b9 + * *openstack_network_deployment_name* - Name of the deployment responsible for router, security group and networks creation - + default: VNFM-Networking-Prov-Openstack-networks ### Installation -To provision BIG-IP execute: +Upload the blueprint, create the deployment and execute install workflow in one command using the CLI: -``cfy install VNFM-F5-Prov-Openstack-vm.yaml -b VNFM-F5-Prov-Openstack-vm`` +```bash +cfy install infrastructure.yaml -b \ + VNFM-F5-Prov-Openstack-vm +``` -### Uninstalling +###Uninstalling -To delete BIG IP execute: +Uninstall the **VNFM-F5-Prov-Openstack-vm** deployment: -``cfy uninstall VNFM-F5-Prov-Openstack-vm`` +``` +cfy uninstall VNFM-F5-Prov-Openstack-vm +``` ## Configuration -The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name -is required as an input. Exposed IP addresses are fetched using *get_capability* function, ie:\ -``{ get_capability: [ {get_input: prov_deployment_name}, wan_ip ] }`` - -VNFM-F5-Conf.yaml is responsible for licensing BIG IP with the provided registration key and applying VLAN configuration necessary for further LTM configuration. -It consists of 2 nodes: -1. *license* - Applies license using [install_license.txt](Resources/templates/install_license.txt) file and revokes it using [revoke_license.txt](Resources/templates/revoke_license.txt). -2. *vlan_configuration* - Creates VLAN configuration on WAN and Public interfaces - using [vlan_config.txt](Resources/templates/vlan_config.txt) to apply it during install and [vlan_config_delete.txt](Resources/templates/vlan_config_delete.txt) to tear it down during uninstall. +The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name is required as an input. Exposed IP addresses are fetched using `get_capability` function: `{ get_capability: [ {get_input: prov_deployment_name}, wan_ip ] }`. +* Blueprint: The `application.yaml` blueprint is responsible for licensing BIG IP with the provided registration key and applying VLAN configuration necessary for further LTM configuration. It consists of three nodes: + * `check_mcpd_status`: Checks if the MCPD services is already started, because it's necessary for applying the license succesfully. + Uses [check_mcpd_status.txt](Resources/templates/check_mcpd_status.txt) file. + * `license`: Applies license using [install_license.txt](Resources/templates/install_license.txt) file and revokes it using [revoke_license.txt](Resources/templates/revoke_license.txt). + * `vlan_configuration`: Creates VLAN configuration on WAN and Public interfaces - using [vlan_config.txt](Resources/templates/vlan_config.txt) to apply it during install and [vlan_config_delete.txt](Resources/templates/vlan_config_delete.txt) to tear it down during uninstall. -### Inputs +* Inputs: + * `prov_deployment_name`: Name of BIG IP Provisioning deployment created in previous section. Default: `VNFM-F5-Prov-Openstack-vm`. -* *prov_deployment_name* - Name of BIG IP Provisioning deployment created in previous section ### Install -``cfy install VNFM-F5-Conf.yaml -b VNFM-F5-Conf`` +`cfy install application.yaml -b VNFM-F5-Conf` ### Uninstall -During uninstall the license is revoked so it can be used on different BIG IP VE or on the same one again. -Also VLAN configuration is deleted. -``cfy uninstall VNFM-F5-Conf`` +During uninstall the license is revoked so it can be used on different BIG IP VE or on the same one again. Also VLAN configuration is deleted. + +`cfy uninstall VNFM-F5-Conf` diff --git a/openstack_commercial_case/bigip/Resources/templates/check_mcpd_status.txt b/openstack_commercial_case/bigip/Resources/templates/check_mcpd_status.txt new file mode 100755 index 0000000..5424cce --- /dev/null +++ b/openstack_commercial_case/bigip/Resources/templates/check_mcpd_status.txt @@ -0,0 +1 @@ +sh -c '/config/check_mcpd_status.sh' diff --git a/openstack_commercial_case/bigip/Resources/templates/install_license.txt b/openstack_commercial_case/bigip/Resources/templates/install_license.txt index 91d24dd..6b4e62e 100755 --- a/openstack_commercial_case/bigip/Resources/templates/install_license.txt +++ b/openstack_commercial_case/bigip/Resources/templates/install_license.txt @@ -1,2 +1,2 @@ -install /sys license registration-key {{REG_KEY}} -quit +tmsh install /sys license registration-key {{REG_KEY}} +tmsh quit diff --git a/openstack_commercial_case/bigip/Resources/templates/revoke_license.txt b/openstack_commercial_case/bigip/Resources/templates/revoke_license.txt index 337886b..64b9de7 100755 --- a/openstack_commercial_case/bigip/Resources/templates/revoke_license.txt +++ b/openstack_commercial_case/bigip/Resources/templates/revoke_license.txt @@ -1,2 +1,2 @@ -revoke /sys license -quit +tmsh revoke /sys license +tmsh quit diff --git a/openstack_commercial_case/bigip/Resources/templates/vlan_config.txt b/openstack_commercial_case/bigip/Resources/templates/vlan_config.txt index 6994c6b..50778af 100755 --- a/openstack_commercial_case/bigip/Resources/templates/vlan_config.txt +++ b/openstack_commercial_case/bigip/Resources/templates/vlan_config.txt @@ -1,6 +1,6 @@ -create net vlan inside interfaces add { 1.1 { untagged } } -create net vlan outside interfaces add { 1.2 { untagged } } -create net self {{IP_INSIDE}} address {{IP_INSIDE}}/24 vlan inside allow-service default -create net self {{IP_OUTSIDE}} address {{IP_OUTSIDE}}/24 vlan outside allow-service default -save sys config -quit +tmsh create net vlan inside interfaces add { 1.1 { untagged } } +tmsh create net vlan outside interfaces add { 1.2 { untagged } } +tmsh create net self {{IP_INSIDE}} address {{IP_INSIDE}}/24 vlan inside allow-service default +tmsh create net self {{IP_OUTSIDE}} address {{IP_OUTSIDE}}/24 vlan outside allow-service default +tmsh save sys config +tmsh quit diff --git a/openstack_commercial_case/bigip/Resources/templates/vlan_config_delete.txt b/openstack_commercial_case/bigip/Resources/templates/vlan_config_delete.txt index 69e4755..e94b59a 100755 --- a/openstack_commercial_case/bigip/Resources/templates/vlan_config_delete.txt +++ b/openstack_commercial_case/bigip/Resources/templates/vlan_config_delete.txt @@ -1,5 +1,5 @@ -delete net self {{IP_OUTSIDE}} -delete net self {{IP_INSIDE}} -delete net vlan outside -delete net vlan outside -quit +tmsh delete net self {{IP_OUTSIDE}} +tmsh delete net self {{IP_INSIDE}} +tmsh delete net vlan outside +tmsh delete net vlan outside +tmsh quit diff --git a/openstack_commercial_case/bigip/VNFM-F5-Conf.yaml b/openstack_commercial_case/bigip/application.yaml similarity index 86% rename from openstack_commercial_case/bigip/VNFM-F5-Conf.yaml rename to openstack_commercial_case/bigip/application.yaml index a1c2c97..4ee8bb9 100755 --- a/openstack_commercial_case/bigip/VNFM-F5-Conf.yaml +++ b/openstack_commercial_case/bigip/application.yaml @@ -27,6 +27,16 @@ dsl_definitions: node_templates: + check_mcpd_status: + type: cloudify.terminal.raw + interfaces: + cloudify.interfaces.lifecycle: + start: + inputs: + terminal_auth: *terminal_auth + calls: + - template: Resources/templates/check_mcpd_status.txt + license: type: cloudify.terminal.raw interfaces: @@ -37,7 +47,7 @@ node_templates: calls: - template: Resources/templates/install_license.txt params: - REG_KEY: { get_secret: bigip_license_key } + REG_KEY: { get_secret: bigip_license } delete: inputs: terminal_auth: *terminal_auth @@ -46,6 +56,9 @@ node_templates: responses: - question: 'Revoking the license will return this BIG-IP to an unlicensed state. It will stop processing traffic. Are you sure? Y/N:' answer: 'Y' + relationships: + - type: cloudify.relationships.depends_on + target: check_mcpd_status vlan_configuration: type: cloudify.terminal.raw diff --git a/openstack_commercial_case/bigip/VNFM-F5-Prov-Openstack-vm.yaml b/openstack_commercial_case/bigip/infrastructure.yaml similarity index 84% rename from openstack_commercial_case/bigip/VNFM-F5-Prov-Openstack-vm.yaml rename to openstack_commercial_case/bigip/infrastructure.yaml index 422faab..f9dbacc 100755 --- a/openstack_commercial_case/bigip/VNFM-F5-Prov-Openstack-vm.yaml +++ b/openstack_commercial_case/bigip/infrastructure.yaml @@ -6,6 +6,7 @@ description: > imports: - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml - plugin:cloudify-openstack-plugin + - plugin:cloudify-utilities-plugin inputs: @@ -23,11 +24,11 @@ inputs: flavor_id: type: string - default: f7cfaaa8-e2db-4f9b-a65b-6a407f340960 + default: 8f68d4e5-4281-48c0-ad43-a8ac58d635f0 image_id: type: string - default: 6d8ff903-f35b-43df-b7c2-e219929924b9 + default: 7f5477bd-c2a8-4608-82ae-0ca2a9bf5254 vnf_vm_name: type: string @@ -152,6 +153,30 @@ node_templates: create_if_missing: False resource_id: { get_input: image_id } + cloud_config: + type: cloudify.nodes.CloudInit.CloudConfig + properties: + resource_config: + write_files: + - path: /config/check_mcpd_status.sh + permissions: 0755 + owner: root:root + content: | + #!/bin/sh + echo preOnboard: Starting MCP status check + checks=0 + while [ $checks -lt 120 ]; do + echo preOnboard: checking mcpd + if tmsh -a show sys mcp-state field-fmt | grep -q running; then + echo preOnboard: mcpd ready + sleep 10 + break + fi + echo preOnboard: mcpd not ready yet + let checks=checks+1 + sleep 10 + done + vm: type: cloudify.openstack.nodes.Server properties: @@ -171,15 +196,19 @@ node_templates: - { get_input: resource_suffix } image: { get_property: [ image, resource_id ] } flavor: { get_input: flavor_id } + userdata: { get_attribute: [ cloud_config, cloud_config ] } + config_drive: True relationships: - type: cloudify.openstack.server_connected_to_port target: mgmt_port - - type: cloudify.openstack.server_connected_to_port - target: public_port - type: cloudify.openstack.server_connected_to_port target: wan_port + - type: cloudify.openstack.server_connected_to_port + target: public_port - type: cloudify.relationships.depends_on target: image + - type: cloudify.relationships.depends_on + target: cloud_config capabilities: diff --git a/openstack_commercial_case/common/README.md b/openstack_commercial_case/common/README.md deleted file mode 100755 index 0a42b38..0000000 --- a/openstack_commercial_case/common/README.md +++ /dev/null @@ -1,106 +0,0 @@ -# Common resources - -Before installation of any service, suitable networks, subnets, router and security group must be created. - -The following resources are created in OpenStack using the ``VNFM-Networking-Prov-Openstack-networks.yaml`` blueprint: -* **Management Network** - This network connects the Cloudify manager to all managed components. -* **LAN network** - This network connects the firewall to the web server. -* **WAN network** - This network connects the load balancer to the web server. -* **Public network** - This is the public network accessible to the user. BIG IP exposes the web server on the Public network interface. -* **Security group** - Security group for VNF NICs, defined by *network_security_group_rules* input, -* **Router** - Router, which allows to reach the management and public networks from the external network. - -Those resources are fetched by all other provisioning deployments. - -## Prerequisites: - -Prior to installation you have to upload plugins and create secrets. - -### Plugins - -Upload: -* **cloudify-openstack-plugin** - Tested for version 2.14.7 -* **cloudify-utilities-plugin** - Tested for version 1.12.5 - -This can be applied through the Cloudify manager user interface or using the CLI. -* To upload plugins using the Cloudify manager: - * Browse to the *Cloudify Catalog* page and scroll to the *Plugins Catalog* widget. Select the relevant plugins and click *Upload*. -* To upload plugins using the CLI, run the following commands: -``cfy plugins upload https://github.com/cloudify-incubator/cloudify-utilities-plugin/releases/download/1.12.5/cloudify_utilities_plugin-1.12.5-py27-none-linux_x86_64-centos-Core.wgn -y https://github.com/cloudify-incubator/cloudify-utilities-plugin/releases/download/1.12.5/plugin.yaml`` - -``cfy plugins upload https://github.com/cloudify-cosmo/cloudify-openstack-plugin/releases/download/2.14.7/cloudify_openstack_plugin-2.14.7-py27-none-linux_x86_64-centos-Core.wgn -y https://github.com/cloudify-cosmo/cloudify-openstack-plugin/releases/download/2.14.7/plugin.yaml`` - -### Secrets - -Create the below secrets in the secret store management: -* **Openstack secrets:** - * *keystone_username* - Keystone username - * *keystone_password* - Keystone password - * *keystone_tenant_name* - Keystone tenant name - * *keystone_url* - Keystone URL - * *keystone_region* - Keystone region - -You can create those with the following cfy commands:\ -``cfy secrets create keystone_username -s ``\ -``cfy secrets create keystone_password -s ``\ -``cfy secrets create keystone_tenant_name -s ``\ -``cfy secrets create keystone_url -s ``\ -``cfy secrets create keystone_region -s `` - -## Environment creation - -### Inputs -* *resource_prefix* - Prefix of every resource created at this deployment on Openstack - default: cfy -* *resource_suffix* - Suffix of every resource created at this deployment on Openstack - default: 0 -* *external_network_name* - Name of the external network - default: ext-net -* *nameservers* - List of DNS nameservers - default: [8.8.4.4, 8.8.8.8] -* *mgmt_subnet_cidr* - Management subnet CIDR - default: 10.10.1.0/24 -* *mgmt_subnet_allocation_pools* - Management subnet allocation pools - - default: - ```` - - start: 10.10.1.2 - end: 10.10.1.254 - ```` -* *public_subnet_cidr* -Public subnet CIDR - default: 10.10.2.0/24 -* *public_subnet_allocation_pools* - Public subnet allocation pools - - default: - ```` - - start: 10.10.2.2 - end: 10.10.2.254 - ```` -* *wan_subnet_cidr* - WAN subnet CIDR - default: 10.10.3.0/24 -* *wan_subnet_allocation_pools* - WAN subnet allocation pools - - default: - ```` - - start: 10.10.3.2 - end: 10.10.3.254 - ```` -* *lan_subnet_cidr* - LAN subnet CIDR - default: 10.10.4.0/24 -* *lan_subnet_allocation_pools* - LAN subnet allocation pools - - default: - ```` - - start: 10.10.4.2 - end: 10.10.4.254 - ```` -* *network_security_group_rules* - Security group rules for VNF's NICs - - default: - ```` - - port_range_min: 1 - port_range_max: 65535 - protocol: tcp - - port_range_min: 1 - port_range_max: 65535 - protocol: udp - ```` -### Installation - -Install using VNFM-Networking-Prov-Openstack-networks.yaml blueprint: - -``cfy install VNFM-Networking-Prov-Openstack-networks.yaml -b VNFM-Networking-Prov-Openstack-networks`` - -**It should be installed only one time before start of provisioning services.** -It will be reused automatically by blueprints using the capabilities mechanism. - -### Uninstalling - -``cfy uninstall VNFM-Networking-Prov-Openstack-networks`` diff --git a/openstack_commercial_case/fortigate/README.md b/openstack_commercial_case/fortigate/README.md index 8192495..9a4be7b 100755 --- a/openstack_commercial_case/fortigate/README.md +++ b/openstack_commercial_case/fortigate/README.md @@ -1,70 +1,62 @@ -# FortiGate NGFW Single VM on Openstack +# FortiGate Firewall -## Prerequisites: +This blueprint installs the NGFW Single VM on Openstack. -### Common resource creation -Prior to any deployment You have to upload plugins, create secrets and create common environment - [instructions](../common/README.md) +### Prerequisites -### Secrets +First make sure that you have satisfied the global requirements in the [main README](../README.md). -Create the below secrets in the secret store management: -* **fortigate_license** - Content of license file, its used during provisioning to license Fortigate - -You can create those with the following cfy commands:\ -``cfy secrets create fortigate_license -f `` +* These additional secrets should exist on your manager: + * `fortigate_license`: Content of license file, its used during provisioning to license Fortigate. You can set this up via the CLI: `cfy secrets create fortigate_license -s [secret value]`. ## Provisioning -``VNFM-Fortigate-Prov-Openstack-vm.yaml`` is responsible for FortiGate NGFW Single VM provisioning. VM is connected to 3 networks: -* Management, -* WAN, -* LAN. - -Network's NICs are connected to the security group created in the network deployment. -Networks and security group names are fetched from network deployment using `get_capability` intrinsic function. +* Blueprint: The `infrastructure.yaml` blueprint is responsible for FortiGate NGFW Single VM provisioning. This VM is connected to 3 networks: + * Management + * WAN + * LAN -### Inputs +The networks' NICs are connected to the security group created in the network deployment. The networks and security group names are fetched from network deployment using `get_capability` intrinsic function. -* *resource_prefix* - Prefix of every resource created at this deployment on Openstack - default: cfy -* *resource_suffix* - Suffix of every resource created at this deployment on Openstack - default: 0 -* *openstack_network_deployment_name* - Name of deployment responsible for router, security group and networks creation - - default: VNFM-Networking-Prov-Openstack-networks -* *flavor_id* - ID of the flavor in OpenStack - default: 5aaa5054-f7a4-4bbe-8b47-69da2308ecb2 -* *image_id* - ID of the image in OpenStack - default: 20acb407-2a20-405e-9e19-360c0a705368 -* *vnf_vm_name* - Name of VM - default: fortigate -* *fortigate_license_filename* - Name of the Fortigate license file (It will be uploaded to Fortigate VM with this name). It should have .lic file extension. - default: FGVM02TM19000054.lic +* Inputs: + * *openstack_network_deployment_name* - Name of deployment responsible for router, security group and networks creation - + default: VNFM-Networking-Prov-Openstack-networks + * *flavor_id* - ID of the flavor in OpenStack - default: 5aaa5054-f7a4-4bbe-8b47-69da2308ecb2 + * *image_id* - ID of the image in OpenStack - default: 20acb407-2a20-405e-9e19-360c0a705368 + * *vnf_vm_name* - Name of VM - default: fortigate + * *fortigate_license_filename* - Name of the Fortigate license file (It will be uploaded to Fortigate VM with this name). It should have .lic file extension. - default: FGVM02TM19000054.lic ### Installation -Resources created in Prerequesites subsection are fetched using capabilities exposed by *common* deployment and ``VNFM-Fortigate-Prov-Openstack-vm.yaml`` is using it. -To provision FortiGate NGFW Single VM: +Upload the blueprint, create the deployment and execute install workflow in one command using the CLI: -``cfy install VNFM-Fortigate-Prov-Openstack-vm.yaml -b VNFM-Fortigate-Prov-Openstack-vm`` +```bash +cfy install infrastructure.yaml -b \ + VNFM-Fortigate-Prov-Openstack-vm +``` -### Uninstalling -To delete Fortigate execute: +###Uninstalling -``cfy uninstall VNFM-Fortigate-Prov-Openstack-vm`` +Uninstall the **VNFM-Fortigate-Prov-Openstack-vm** deployment: -## Configuration +``` +cfy uninstall VNFM-Fortigate-Prov-Openstack-vm +``` -The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name -is required as an input. Exposed IP addresses are fetched using *get_capability* function, ie:\ -``{ get_capability: [ { get_input: fortigate_vm_deployment_name }, vm_public_ip_address] }`` - -``VNFM-Fortigate-Conf.yaml`` is responsible for applying base configuration for the newly created FortiGate VM. It configures all of the interfaces. -It consists of one node: -1. *fortigate_vnf_config* - Applies base configuration for Fortigate (VNF name change and basic configuration to interfaces) using [fortigate-baseline.txt](Resources/templates/fortigate-baseline.txt) file. +## Configuration +The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name is required as an input. Exposed IP addresses are fetched using `get_capability` function: `{ get_capability: [ {get_input: prov_deployment_name}, wan_ip ] }`. -### Inputs +* Blueprint: The `application.yaml` blueprint is responsible for applying base configuration for the newly created FortiGate VM. It configures all of the interfaces. It consists of one node: + * `fortigate_vnf_config`: Applies base configuration for Fortigate (VNF name change and basic configuration to interfaces) using [fortigate-baseline.txt](Resources/templates/fortigate-baseline.txt) file. -* *fortigate_vm_deployment_name* - Name of Fortigate Provisioning deployment - default: VNFM-Fortigate-Prov-Openstack-vm +* Inputs: + * `fortigate_vm_deployment_name`: Name of Fortigate Provisioning deployment. Default: `VNFM-Fortigate-Prov-Openstack-vm`. ### Install -``cfy install VNFM-Fortigate-Conf.yaml -b VNFM-Fortigate-Conf`` +`cfy install application.yaml -b VNFM-Fortigate-Conf` ### Uninstall -``cfy uninstall VNFM-Fortigate-Conf`` +`cfy uninstall VNFM-Fortigate-Conf` diff --git a/openstack_commercial_case/fortigate/VNFM-Fortigate-Conf.yaml b/openstack_commercial_case/fortigate/application.yaml similarity index 100% rename from openstack_commercial_case/fortigate/VNFM-Fortigate-Conf.yaml rename to openstack_commercial_case/fortigate/application.yaml diff --git a/openstack_commercial_case/fortigate/VNFM-Fortigate-Prov-Openstack-vm.yaml b/openstack_commercial_case/fortigate/infrastructure.yaml similarity index 98% rename from openstack_commercial_case/fortigate/VNFM-Fortigate-Prov-Openstack-vm.yaml rename to openstack_commercial_case/fortigate/infrastructure.yaml index 2929e8e..a4990e9 100755 --- a/openstack_commercial_case/fortigate/VNFM-Fortigate-Prov-Openstack-vm.yaml +++ b/openstack_commercial_case/fortigate/infrastructure.yaml @@ -21,11 +21,11 @@ inputs: flavor_id: type: string - default: 5aaa5054-f7a4-4bbe-8b47-69da2308ecb2 + default: 3 image_id: type: string - default: 20acb407-2a20-405e-9e19-360c0a705368 + default: 84c8bc76-af89-4005-b068-b6f5b4550e23 vnf_vm_name: type: string diff --git a/openstack_commercial_case/httpd/README.md b/openstack_commercial_case/httpd/README.md index 1a091af..308b98d 100755 --- a/openstack_commercial_case/httpd/README.md +++ b/openstack_commercial_case/httpd/README.md @@ -1,63 +1,57 @@ -# HTTPD on Openstack +# HTTPD Webserver -## Prerequisites: +This blueprint installs HTTPD webserver on an Openstack VM. -### Common resource creation -Prior to any deployment You have to upload plugins, create secrets and create common environment - [instructions](../common/README.md) +### Prerequisites -### Secrets +First make sure that you have satisfied the global requirements in the [main README](../README.md). -Create the below secrets in the secret store management: -* **httpd_website** - Content of website file for HTTPD VM, it is set during provisioning and served after configuration. Exemplary website can be found under ``Resources/website/index.html``. - -You can create those with the following cfy commands:\ -``cfy secrets create httpd_website -f `` +* These additional secrets should exist on your manager: + * `httpd_website`: Content of website file for HTTPD VM, it is set during provisioning and served after configuration. Exemplary website can be found under `Resources/website/index.html`. ## Provisioning -VNFM-HTTPD-Prov-Openstack-vm.yaml is responsible for the creation of an Ubuntu VM connected to 2 networks: -* Management, -* LAN. +* Blueprint: The `infrastructure.yaml` blueprint is responsible for the creation of an Ubuntu VM. It is connected to 2 networks: + * Management + * LAN -Network names are fetched from network deployment using `get_capability` intrinsic function. +The networks' NICs are connected to the security group created in the network deployment. The networks and security group names are fetched from network deployment using `get_capability` intrinsic function. -### Inputs -* *vnf_vm_name* - Name of VM - default: httpd -* *flavor_id* - ID of the flavor in OpenStack - default: 6e2d4276-0390-4a24-b6ab-40f388edcc87 -* *image_id* - ID of the image in OpenStack - default: ee6a6582-1351-4f8b-b132-a90b7db88171 -* *resource_prefix* - Prefix of every resource created at this deployment on Openstack - default: cfy -* *resource_suffix* - Suffix of every resource created at this deployment on Openstack - default: 0 -* *openstack_network_deployment_name* - Name of deployment responsible for router, security group and networks creation - - default: VNFM-Networking-Prov-Openstack-networks +* Inputs: + * *vnf_vm_name* - Name of the VM - default: httpd + * *flavor_id* - ID of the flavor in OpenStack - default: 6e2d4276-0390-4a24-b6ab-40f388edcc87 + * *image_id* - ID of the image in OpenStack - default: ee6a6582-1351-4f8b-b132-a90b7db88171 + * *openstack_network_deployment_name* - Name of deployment responsible for router, security group and networks creation - + default: VNFM-Networking-Prov-Openstack-networks ### Installation -Resources created in Prerequesites subsection are fetched using the capabilities mechanism. -To provision HTTPD: +Upload the blueprint, create the deployment and execute install workflow in one command using the CLI: -``cfy install VNFM-HTTPD-Prov-Openstack-vm.yaml -b VNFM-HTTPD-Prov-Openstack-vm`` +```bash +cfy install infrastructure.yaml -b \ + VNFM-HTTPD-Prov-Openstack-vm +``` -### Uninstalling +###Uninstalling -To delete VM execute: +Uninstall the **VNFM-HTTPD-Prov-Openstack-vm** deployment: -``cfy uninstall VNFM-HTTPD-Prov-Openstack-vm`` +``` +cfy uninstall VNFM-HTTPD-Prov-Openstack-vm +``` ## Configuration -VNFM-HTTPD-Conf.yaml is responsible for starting HTTPD process on the target VM, -*web_server* node is responsible for creating such server using the following command:\ -``screen -dmS -X python3 -m http.server 8080``\ -The IP address of the target VM is fetched from VNFM-HTTPD-Prov-Openstack-vm deployment using capabilities. - -### Inputs +* Blueprint: The `application.yaml` blueprint is responsible for starting HTTPD process on the target VM, `web_server` node is responsible for creating such server using the following command: `screen -dmS -X python3 -m http.server 8080`. The IP address of the target VM is fetched from VNFM-HTTPD-Prov-Openstack-vm deployment using capabilities. -* *httpd_vm_deployment_name* - Name of HTTPD Provisioning deployment +* Inputs: + * `httpd_vm_deployment_name`: Name of HTTPD Provisioning deployment. Default: `VNFM-HTTPD-Prov-Openstack-vm`. ### Install -``cfy install VNFM-HTTPD-Conf.yaml -b VNFM-HTTPD-Conf`` +`cfy install application.yaml -b VNFM-HTTPD-Conf` ### Uninstall -``cfy uninstall VNFM-HTTPD-Conf`` +`cfy uninstall VNFM-HTTPD-Conf` diff --git a/openstack_commercial_case/httpd/VNFM-HTTPD-Conf.yaml b/openstack_commercial_case/httpd/application.yaml similarity index 100% rename from openstack_commercial_case/httpd/VNFM-HTTPD-Conf.yaml rename to openstack_commercial_case/httpd/application.yaml diff --git a/openstack_commercial_case/httpd/VNFM-HTTPD-Prov-Openstack-vm.yaml b/openstack_commercial_case/httpd/infrastructure.yaml similarity index 92% rename from openstack_commercial_case/httpd/VNFM-HTTPD-Prov-Openstack-vm.yaml rename to openstack_commercial_case/httpd/infrastructure.yaml index b42fc7a..0b2f04d 100755 --- a/openstack_commercial_case/httpd/VNFM-HTTPD-Prov-Openstack-vm.yaml +++ b/openstack_commercial_case/httpd/infrastructure.yaml @@ -20,11 +20,11 @@ inputs: flavor_id: type: string - default: 6e2d4276-0390-4a24-b6ab-40f388edcc87 + default: 3 image_id: type: string - default: ee6a6582-1351-4f8b-b132-a90b7db88171 + default: 1d6340df-2f14-41e6-ab27-bbd35e818fdf vnf_vm_name: type: string @@ -153,22 +153,19 @@ node_templates: properties: resource_config: users: - - name: { get_secret: httpd_username } + - name: ubuntu + shell: /bin/bash + sudo: ['ALL=(ALL) NOPASSWD:ALL'] ssh-authorized-keys: - { get_attribute: [ keypair, public_key_export ] } write_files: - - path: - concat: - - "/home/" - - { get_secret: httpd_username } - - "/index.html" + - path: "/home/ubuntu/index.html" permissions: 0644 - owner: - concat: - - { get_secret: httpd_username } - - ":" - - { get_secret: httpd_username } + owner: ubuntu:ubuntu content: { get_secret: httpd_website } + runcmd: + - ifconfig ens4 up + - dhclient ens4 relationships: - type: cloudify.relationships.depends_on target: keypair @@ -190,8 +187,9 @@ node_templates: - { get_input: resource_prefix } - "_httpd_vm" - { get_input: resource_suffix } - image: { get_property: [ image, resource_id ] } + image: { get_input: image_id } flavor: { get_input: flavor_id } + key_name: '' userdata: { get_attribute: [ cloud_config, cloud_config ] } relationships: - type: cloudify.openstack.server_connected_to_port diff --git a/openstack_commercial_case/network-topology/README.md b/openstack_commercial_case/network-topology/README.md new file mode 100755 index 0000000..92724c1 --- /dev/null +++ b/openstack_commercial_case/network-topology/README.md @@ -0,0 +1,31 @@ +# Network Topology + +This blueprint installs the common infrastructure for the commercial VNF use case. + +The following resources will be created: + +* **Management Network** - This network connects the Cloudify manager to all managed components. +* **LAN network** - This network connects the firewall to the web server. +* **WAN network** - This network connects the load balancer to the web server. +* **Public network** - This is the public network accessible to the user. BIG IP exposes the web server on the Public network interface. +* **Security group** - Security group for VNF NICs, defined by *network_security_group_rules* input, +* **Router** - Router, which allows to reach the management and public networks from the external network. + +### Installation + +**Note: Only install this deployment once.** Other blueprints will reuse the existing deployment. + +Upload the blueprint, create the deployment and execute install workflow in one command using the CLI: + +```bash +cfy install infrastructure.yaml -b \ + VNFM-Networking-Prov-Openstack-networks +``` + +###Uninstalling + +Uninstall the **VNFM-Networking-Prov-Openstack-networks** deployment: + +``` +cfy uninstall VNFM-Networking-Prov-Openstack-networks +``` diff --git a/openstack_commercial_case/common/VNFM-Networking-Prov-Openstack-networks.yaml b/openstack_commercial_case/network-topology/infrastructure.yaml similarity index 97% rename from openstack_commercial_case/common/VNFM-Networking-Prov-Openstack-networks.yaml rename to openstack_commercial_case/network-topology/infrastructure.yaml index a97df3e..9346590 100755 --- a/openstack_commercial_case/common/VNFM-Networking-Prov-Openstack-networks.yaml +++ b/openstack_commercial_case/network-topology/infrastructure.yaml @@ -11,7 +11,7 @@ inputs: external_network_name: description: Openstack tenant external network name. - default: ext-net + default: GATEWAY_NET resource_prefix: description: > @@ -66,6 +66,9 @@ inputs: - port_range_min: 1 port_range_max: 65535 protocol: udp + - port_range_min: null + port_range_max: null + protocol: icmp dsl_definitions: @@ -193,6 +196,7 @@ node_templates: cidr: { get_input: wan_subnet_cidr } dns_nameservers: { get_input: nameservers } allocation_pools: { get_input: wan_subnet_allocation_pools } + gateway_ip: null relationships: - type: cloudify.relationships.contained_in target: wan_network @@ -211,6 +215,7 @@ node_templates: cidr: { get_input: lan_subnet_cidr } dns_nameservers: { get_input: nameservers } allocation_pools: { get_input: lan_subnet_allocation_pools } + gateway_ip: null relationships: - type: cloudify.relationships.contained_in target: lan_network diff --git a/openstack_commercial_case/service/README.md b/openstack_commercial_case/service/README.md index 60494ba..74a1c92 100755 --- a/openstack_commercial_case/service/README.md +++ b/openstack_commercial_case/service/README.md @@ -1,40 +1,39 @@ # Network Service -Creates a service chain by creating forwarding rules on the VNFs (Fortigate and BIG IP). +This blueprint installs a service chain by creating forwarding rules on the VNFs (Fortigate and BIG IP). ## Prerequisites: -* **BIG IP Provisioning & Configuration** - [Instructions](../bigip/README.md) -* **Fortigate Provisioning & Configuration** - [Instructions](../fortigate/README.md) -* **HTTPD Provisioning & Configuration** - [Instructions](../httpd/README.md) +First make sure that you have satisfied the global requirements in the [main README](../README.md) as well as installed the following deployments: -## Service creation + * *BIG IP Provisioning & Configuration*: See [instructions](../bigip/README.md). + * *Fortigate Provisioning & Configuration*: See [instructions](../fortigate/README.md). + * *HTTPD Provisioning & Configuration*: See [instructions](../httpd/README.md). -NS-LB-Firewall-F5-Fortigate-HTTPD.yaml consists of 2 nodes: -1. *fg_port_forwarding* - prepares NAT rules and policies, which are required to perform the service chain. [fortigate-portforward-start.txt](Resources/templates/fortigate-portforward-start.txt) file is used to apply configuration during installation and [fortigate-portforward-stop.txt](Resources/templates/fortigate-portforward-stop.txt) to delete it during uninstall. -2. *ltm_config* - creates load balancing rule responsible for passing traffic from app (exposed on WAN fortigate interface) -to BIG-IP Public interface using [ltm_config.txt](Resources/templates/ltm_config.txt) file to apply configuration and [ltm_config_stop.txt](Resources/templates/ltm_config_stop.txt) to delete it during uninstall +## Service creation -IP addresses are fetched using *get_capability* function. +IP addresses are fetched using `get_capability` function. -### Inputs +* Blueprint: The `service.yaml` blueprint is responsible for orchestrating the service chaining. It consists of two nodes: + * `fg_port_forwarding`: Prepares NAT rules and policies, which are required to perform the service chain. [fortigate-portforward-start.txt](Resources/templates/fortigate-portforward-start.txt) file is used to apply configuration during installation and [fortigate-portforward-stop.txt](Resources/templates/fortigate-portforward-stop.txt) to delete it during uninstall. + * `ltm_config`: Creates load balancing rule responsible for passing traffic from app (exposed on WAN fortigate interface) to BIG-IP Public interface using [ltm_config.txt](Resources/templates/ltm_config.txt) file to apply configuration and [ltm_config_stop.txt](Resources/templates/ltm_config_stop.txt) to delete it during uninstall. -* *f5_prov_deployment_name* - The name of the BIG IP Provisioning deployment, used to get management and Public IPs from BIG IP VE - default: VNFM-F5-Prov-Openstack-vm -* *fg_prov_deployment_name* - The name of the Fortigate Provisioning deployment, used to get management and WAN IPs from Fortigate VM - default: VNFM-Fortigate-Conf -* *httpd_prov_deployment_name* - The name of the HTTPD Provisioning deployment, used to fetch HTTPD LAN interface IP - default: VNFM-HTTPD-Prov-Openstack-vm -* *lb_public_port* - Load balancer public network port on which the service is exposed - default: 8080 -* *wan_port* - Fortigate WAN port on which the service is going to be exposed - default: '8080' +* Inputs: + * `f5_prov_deployment_name`: The name of the BIG IP Provisioning deployment, used to get management and Public IPs from BIG IP VE. Default: `VNFM-F5-Prov-Openstack-vm`. + * `fg_prov_deployment_name`: The name of the Fortigate Provisioning deployment, used to get management and WAN IPs from Fortigate VM. Default: `VNFM-Fortigate-Prov-Openstack-vm`. + * `httpd_prov_deployment_name`: The name of the HTTPD Provisioning deployment, used to fetch HTTPD LAN interface IP. Default: `VNFM-HTTPD-Prov-Openstack-vm`. + * `lb_public_port`: Load balancer public network port on which the service is exposed. Default: `8080`. + * `wan_port`: Fortigate WAN port on which the service is going to be exposed. Default: `8080'`. ### Installation To apply service configuration execute: -``cfy install NS-LB-Firewall-F5-Fortigate-HTTPD.yaml -b NS-LB-Firewall-F5-Fortigate-HTTPD`` +``cfy install service.yaml -b NS-LB-Firewall-F5-Fortigate-HTTPD`` ### Service validation -After service creation You should be able to display web server exposed on Public interface of BIG-IP. -The URL is available on *web_server* deployment output. +After service creation You should be able to display web server exposed on Public interface of BIG-IP. The URL is available on *web_server* deployment output. ### Uninstalling diff --git a/openstack_commercial_case/service/Resources/templates/ltm_config.txt b/openstack_commercial_case/service/Resources/templates/ltm_config.txt index 3361f44..79f484b 100755 --- a/openstack_commercial_case/service/Resources/templates/ltm_config.txt +++ b/openstack_commercial_case/service/Resources/templates/ltm_config.txt @@ -1,6 +1,6 @@ -create ltm node app-node-1 address {{APP_NODE_1_IP}} -create ltm pool sg-pool -modify ltm pool sg-pool members add { app-node-1:{{APP_NODE_1_PORT}} } -modify ltm pool sg-pool monitor http -create ltm virtual sg-virtual pool sg-pool destination {{DESTINATION_IP}}:{{DESTINATION_PORT}} mask 255.255.255.255 source-address-translation { type automap } -quit \ No newline at end of file +tmsh create ltm node app-node-1 address {{APP_NODE_1_IP}} +tmsh create ltm pool sg-pool +tmsh modify ltm pool sg-pool members add { app-node-1:{{APP_NODE_1_PORT}} } +tmsh modify ltm pool sg-pool monitor http +tmsh create ltm virtual sg-virtual pool sg-pool destination {{DESTINATION_IP}}:{{DESTINATION_PORT}} mask 255.255.255.255 source-address-translation { type automap } +tmsh quit diff --git a/openstack_commercial_case/service/Resources/templates/ltm_config_stop.txt b/openstack_commercial_case/service/Resources/templates/ltm_config_stop.txt index 1118749..c8cafa7 100755 --- a/openstack_commercial_case/service/Resources/templates/ltm_config_stop.txt +++ b/openstack_commercial_case/service/Resources/templates/ltm_config_stop.txt @@ -1,4 +1,4 @@ -delete ltm virtual sg-virtual -delete ltm pool sg-pool -delete ltm node app-node-1 -quit +tmsh delete ltm virtual sg-virtual +tmsh delete ltm pool sg-pool +tmsh delete ltm node app-node-1 +tmsh quit diff --git a/openstack_commercial_case/service/NS-LB-Firewall-F5-Fortigate-HTTPD.yaml b/openstack_commercial_case/service/service.yaml similarity index 100% rename from openstack_commercial_case/service/NS-LB-Firewall-F5-Fortigate-HTTPD.yaml rename to openstack_commercial_case/service/service.yaml diff --git a/openstack_commercial_case_e2e/README.md b/openstack_commercial_case_e2e/README.md index e6e9b17..e60c9b6 100755 --- a/openstack_commercial_case_e2e/README.md +++ b/openstack_commercial_case_e2e/README.md @@ -31,7 +31,7 @@ Create the below secrets in the secret store management: * *keystone_tenant_name* - Keystone tenant name * *keystone_url* - Keystone URL * *keystone_region* - Keystone region - * *bigip_license_key* - License key for BIG IP VE, it is being applied during configuration + * *bigip_license* - License key for BIG IP VE, it is being applied during configuration * *fortigate_license* - Content of license file, its used during provisioning to license Fortigate * *httpd_website* - Content of website file for HTTPD VM, it is set during provisioning and served after configuration @@ -41,13 +41,13 @@ You can create those with the following cfy commands:\ ``cfy secrets create keystone_tenant_name -s ``\ ``cfy secrets create keystone_url -s ``\ ``cfy secrets create keystone_region -s ``\ -``cfy secrets create bigip_license_key -s ``\ +``cfy secrets create bigip_license -s ``\ ``cfy secrets create fortigate_license -f ``\ ``cfy secrets create httpd_website -f `` ### Inputs -* *common_prov_name* - The name of the Common resources provisioning deployment - default: VNFM-Networking-Prov-Openstack-networks +* *network_prov_name* - The name of the Common resources provisioning deployment - default: VNFM-Networking-Prov-Openstack-networks * *f5_prov_name* - The name of the BIG IP Provisioning deployment - default: VNFM-F5-Prov-Openstack-vm * *f5_conf_name* - The name of the BIG IP Configuration deployment - default: VNFM-F5-Conf * *fg_prov_name* - The name of the Fortigate Provisioning deployment - default: VNFM-Fortigate-Prov-Openstack-vm @@ -61,7 +61,7 @@ You can create those with the following cfy commands:\ To apply the service configuration execute: -``cfy install VNFM-E2E-F5-Fortigate-HTTPD.yaml -b VNFM-E2E-F5-Fortigate-HTTPD`` +``cfy install e2e.yaml -b VNFM-E2E-F5-Fortigate-HTTPD`` ### Service validation diff --git a/openstack_commercial_case_e2e/Resources/bigip.zip b/openstack_commercial_case_e2e/Resources/bigip.zip index 703c5f2..2f7059c 100755 Binary files a/openstack_commercial_case_e2e/Resources/bigip.zip and b/openstack_commercial_case_e2e/Resources/bigip.zip differ diff --git a/openstack_commercial_case_e2e/Resources/common.zip b/openstack_commercial_case_e2e/Resources/common.zip deleted file mode 100755 index b56da06..0000000 Binary files a/openstack_commercial_case_e2e/Resources/common.zip and /dev/null differ diff --git a/openstack_commercial_case_e2e/Resources/fortigate.zip b/openstack_commercial_case_e2e/Resources/fortigate.zip index b0d9d87..7f70ec1 100755 Binary files a/openstack_commercial_case_e2e/Resources/fortigate.zip and b/openstack_commercial_case_e2e/Resources/fortigate.zip differ diff --git a/openstack_commercial_case_e2e/Resources/httpd.zip b/openstack_commercial_case_e2e/Resources/httpd.zip index f6882f3..7378d66 100755 Binary files a/openstack_commercial_case_e2e/Resources/httpd.zip and b/openstack_commercial_case_e2e/Resources/httpd.zip differ diff --git a/openstack_commercial_case_e2e/Resources/network-topology.zip b/openstack_commercial_case_e2e/Resources/network-topology.zip new file mode 100755 index 0000000..40f6ec3 Binary files /dev/null and b/openstack_commercial_case_e2e/Resources/network-topology.zip differ diff --git a/openstack_commercial_case_e2e/Resources/service.zip b/openstack_commercial_case_e2e/Resources/service.zip index 29d36a4..13d2ba0 100755 Binary files a/openstack_commercial_case_e2e/Resources/service.zip and b/openstack_commercial_case_e2e/Resources/service.zip differ diff --git a/openstack_commercial_case_e2e/VNFM-E2E-F5-Fortigate-HTTPD.yaml b/openstack_commercial_case_e2e/e2e.yaml similarity index 68% rename from openstack_commercial_case_e2e/VNFM-E2E-F5-Fortigate-HTTPD.yaml rename to openstack_commercial_case_e2e/e2e.yaml index 9117bb6..9869d28 100755 --- a/openstack_commercial_case_e2e/VNFM-E2E-F5-Fortigate-HTTPD.yaml +++ b/openstack_commercial_case_e2e/e2e.yaml @@ -1,8 +1,8 @@ tosca_definitions_version: cloudify_dsl_1_3 description: > - Master blueprint, which provisions all atomic components, configures them and - chains together. In partilucar: + This is the master blueprint for the Cloudify VNF example. It provisions all the atomic components, + configures, and then chains them together. In partilucar: * prepares the environment, including networks, subnets, security groups etc. * provisions F5 BIG-IP VM * provisions Fortigate VM @@ -12,22 +12,19 @@ description: > * configures HTTPD * creates a service chain to allow traffic forwarding -# In this section, we import the basic node types, which will be later used in -# node_templates section to define particular elements of the chain and -# relationships between them. We import cloudify-utilities-plugin as well, -# because DeploymentProxy mechanism is going to be used and it is a part of this -# plugin. +# In this section, we import the basic node types, which will be later used in the +# node_templates section to define particular elements of the chain and the +# relationships between them. This section also imports the cloudify-utilities-plugin +# to allow using the Deployment Proxy mechanism. + imports: - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml - plugin:cloudify-utilities-plugin -# In inputs section, there are names of the particular blueprints and -# deployments, which later will be used in DeploymentProxy nodes, -# which are responsible for uploading these blueprints to Cloudify Manager, -# creating deployments out of them and finally installing them in desired order -# defined by relationships. +# The inputs section includes the names of the particular blueprints and +# deployments which this blueprint will leverage. inputs: - common_prov_name: + network_prov_name: description: Name of common resources provisioning blueprint/deployment default: VNFM-Networking-Prov-Openstack-networks @@ -59,45 +56,42 @@ inputs: description: Name of service chain Provisioning blueprint/deployment default: NS-LB-Firewall-F5-Fortigate-HTTPD -# In node_templates section, there are nodes defined, which during the install -# workflow upload the blueprints defined under resource_config["blueprint"] -# property, create the deployments out of them and installs them in the order -# defined by relationships. +# In the node_templates section, we define the nodes that will be instanciated. +# We use DeploymentProxy nodes to deploy other blueprints representing the example +# building blocks. node_templates: - # Common: + # Network-topology: # This blueprint is responsible for creating all of the common resources, - # which later are being used in other blueprints. Especially: resource_group, + # which are later used in other blueprints. Especially: router, # networks, subnets and security groups. # DeploymentProxy is being used for the blueprint uploading and the # deployment creation. # There's no relationships defined under this node, which means that during # install it will be instantiated at first. - common_prov: + network_prov: type: cloudify.nodes.DeploymentProxy properties: resource_config: blueprint: - id: { get_input: common_prov_name } - blueprint_archive: Resources/common.zip - main_file_name: VNFM-Networking-Prov-Openstack-networks.yaml + id: { get_input: network_prov_name } + blueprint_archive: Resources/network-topology.zip + main_file_name: infrastructure.yaml deployment: - id: { get_input: common_prov_name } + id: { get_input: network_prov_name } ### PROVISIONING ### # F5 Provisioning: - # This blueprint is responsible for provisioning the F5 BIG-IP VM in Azure - # infrastructure, including necessary storage account and network - # interfaces. - # DeploymentProxy is being used for the blueprint uploading and the + # This blueprint is responsible for provisioning the F5 BIG-IP VM in OpenStack + # infrastructure, including the necessary network interfaces. + # DeploymentProxy is used for the blueprint uploading and the # deployment creation. - # In relationships section, there's a "depends_on" relationship defined, - # which targets the "common_prov" node. It means, that during install - # workflow, "f5_prov" node will be instantiated right after "common_prov" - # node. Thanks to that fact, "f5_prov" node will be able to create network - # interfaces in networks created by "common_prov" blueprint. + # A "depends_on" relationship which targets the "network_prov" node is defined. + # It means, that during the install workflow, "f5_prov" node will be instantiated + # after "network_prov" node will. That will alllow the "f5_prov" node to create network + # interfaces in the networks created by "network_prov" blueprint. f5_prov: type: cloudify.nodes.DeploymentProxy properties: @@ -105,22 +99,22 @@ node_templates: blueprint: id: { get_input: f5_prov_name } blueprint_archive: Resources/bigip.zip - main_file_name: VNFM-F5-Prov-Openstack-vm.yaml + main_file_name: infrastructure.yaml deployment: id: { get_input: f5_prov_name } relationships: - type: cloudify.relationships.depends_on - target: common_prov + target: network_prov # FortiGate Provisioning: - # This blueprint is responsible for provisioning the FortiGate VM in Azure - # infrastructure, including necessary storage account, network interfaces - # and cloud_init (used for license delivery). - # DeploymentProxy is being used for the blueprint uploading and the + # This blueprint is responsible for provisioning the FortiGate VM in OpenStack + # infrastructure, including the necessary network interfaces. + # DeploymentProxy is used for the blueprint uploading and the # deployment creation. - # In relationships section, there's a "depends_on" relationship defined, - # which targets the "common_prov" node. It results in the same behaviour - # like in "f5_prov" node. + # A "depends_on" relationship which targets the "network_prov" node is defined. + # It means, that during the install workflow, "fg_prov" node will be instantiated + # after "network_prov" node will. That will alllow the "fg_prov" node to create network + # interfaces in the networks created by "network_prov" blueprint. fg_prov: type: cloudify.nodes.DeploymentProxy properties: @@ -128,22 +122,22 @@ node_templates: blueprint: id: { get_input: fg_prov_name } blueprint_archive: Resources/fortigate.zip - main_file_name: VNFM-Fortigate-Prov-Openstack-vm.yaml + main_file_name: infrastructure.yaml deployment: id: { get_input: fg_prov_name } relationships: - type: cloudify.relationships.depends_on - target: common_prov + target: network_prov # HTTPD Provisioning: - # This blueprint is responsible for provisioning the HTTPD VM in Azure - # infrastructure, including necessary storage account, network interfaces - # and cloud_init (used for website uploading). - # DeploymentProxy is being used for the blueprint uploading and the + # This blueprint is responsible for provisioning the HTTPD VM in OpenStack + # infrastructure, including the necessary network interfaces. + # DeploymentProxy is used for the blueprint uploading and the # deployment creation. - # In relationships section, there's a "depends_on" relationship defined, - # which targets the "common_prov" node. It results in the same behaviour - # like in "f5_prov" and "fg_prov" nodes. + # A "depends_on" relationship which targets the "network_prov" node is defined. + # It means, that during the install workflow, "httpd_prov" node will be instantiated + # after "network_prov" node will. That will alllow the "httpd_prov" node to create network + # interfaces in the networks created by "network_prov" blueprint. httpd_prov: type: cloudify.nodes.DeploymentProxy properties: @@ -151,12 +145,12 @@ node_templates: blueprint: id: { get_input: httpd_prov_name } blueprint_archive: Resources/httpd.zip - main_file_name: VNFM-HTTPD-Prov-Openstack-vm.yaml + main_file_name: infrastructure.yaml deployment: id: { get_input: httpd_prov_name } relationships: - type: cloudify.relationships.depends_on - target: common_prov + target: network_prov ### CONFIGURATION ### @@ -167,7 +161,7 @@ node_templates: # deployment creation. # In relationships section, there's a "depends_on" relationship defined, # which targets the "f5_prov" node. It means, that during install - # workflow, "f5_conf" node will be instantiated right after "f5_prov". + # workflow, "f5_conf" node will be instantiated after "f5_prov". # It prevents the situation, when Cloudify Manager starts to configure # F5 BIG-IP VM before it gets instantiated by "f5_prov" node. f5_conf: @@ -177,7 +171,7 @@ node_templates: blueprint: id: { get_input: f5_conf_name } blueprint_archive: Resources/bigip.zip - main_file_name: VNFM-F5-Conf.yaml + main_file_name: application.yaml deployment: id: { get_input: f5_conf_name } relationships: @@ -191,7 +185,7 @@ node_templates: # deployment creation. # In relationships section, there's a "depends_on" relationship defined, # which targets the "fg_prov" node. It means, that during install - # workflow, "fg_conf" node will be instantiated right after "fg_prov". + # workflow, "fg_conf" node will be instantiated after "fg_prov". # It prevents the situation, when Cloudify Manager starts to configure # FortiGate VM before it gets instantiated by "fg_prov" node. fg_conf: @@ -201,7 +195,7 @@ node_templates: blueprint: id: { get_input: fg_conf_name } blueprint_archive: Resources/fortigate.zip - main_file_name: VNFM-Fortigate-Conf.yaml + main_file_name: application.yaml deployment: id: { get_input: fg_conf_name } relationships: @@ -215,7 +209,7 @@ node_templates: # deployment creation. # In relationships section, there's a "depends_on" relationship defined, # which targets the "httpd_prov" node. It means, that during install - # workflow, "httpd_conf" node will be instantiated right after "httpd_prov". + # workflow, "httpd_conf" node will be instantiated after "httpd_prov". # It prevents the situation, when Cloudify Manager starts to configure # HTTPD VM before it gets instantiated by "httpd_prov" node. httpd_conf: @@ -225,7 +219,7 @@ node_templates: blueprint: id: { get_input: httpd_conf_name } blueprint_archive: Resources/httpd.zip - main_file_name: VNFM-HTTPD-Conf.yaml + main_file_name: application.yaml deployment: id: { get_input: httpd_conf_name } relationships: @@ -240,11 +234,10 @@ node_templates: # BIG-IP VM. # DeploymentProxy is being used for the blueprint uploading and the # deployment creation. - # In relationships section, there's a couple of the "depends_on" + # In the relationships section, there are several "depends_on" # relationships defined. As a result, Cloudify Manager will be waiting - # with service chain creation until all of the particular VNFs, which are - # going to be a part of this chain, become provisioned & configured - # properly. + # with the service chain creation until all of the particular VNFs, which are + # going to be a part of this chain, are properly provisioned & configured service_prov: type: cloudify.nodes.DeploymentProxy properties: @@ -252,7 +245,7 @@ node_templates: blueprint: id: { get_input: service_prov_name } blueprint_archive: Resources/service.zip - main_file_name: NS-LB-Firewall-F5-Fortigate-HTTPD.yaml + main_file_name: service.yaml deployment: {} # deployment: # id: { get_input: service_prov_name } @@ -272,9 +265,9 @@ node_templates: # - type: cloudify.relationships.depends_on # target: httpd_conf -# In outputs section we can expose some values, which will appear in GUI after +# In the outputs section we can expose values, which will appear in GUI after # the successful deployment installation. Here, a webserver endpoint is being -# printed. "get_attribute" function gets this value from "service_prov" +# printed. "get_attribute" function gets this value from the "service_prov" # deployment outputs. Once the "install" workflow is finished, user can use this # endpoint to check if the service is working fine. # outputs: