Commercial VNFs on Openstack

azure_case/README.md

@@ -1,55 +1,46 @@
-# Network Service - Commercial VNFs
+# Commercial VNF Use Case
 
-In this examples we demonstrate how to construct a simple network service consisting of a load balancer and a firewall. To make it a tad more interesting we will be deploying a simple web service to allow for complete user experience:
+Upon completion of this example we will have a complete running network service.
 
 ![ns](https://user-images.githubusercontent.com/30900001/52050834-12889e00-2552-11e9-9a68-452e92cc7014.png)
 
-If we break it down to how we would typically build such a service the basic steps would probably be:
-
-1. Provision a firewall and configure it’s network interfaces and the network settings
-
-2. Provision a load balancer and setup basic settings
-
-3. Provision a web server instance, configure it, and setup basic web content
-
-4. Compose the service flow by setting the load balancer to accept traffic on a certain port, direct it to the firewall, configure the firewall to allow web traffic to the web server, etc.
-
-This example contains blueprints implementing each of these steps. These can be easily modified for other VNFs or different infrastructure.
-
-Upon completion of this example we will have a complete running network service.
+This series of blueprints demonstrates how to install a simple network service consisting of a load balancer and a firewall. To make it a tad more interesting we will be deploying a simple web service to allow for complete user experience.
 
-Note!    The infrastructure used in this example is Microsoft Azure, and the demonstrated VNFs are:
-* F5 BIG-IP VE (Load balancer)
-* Fortigate (Firewall)
-* Httpd (Web Server)
+**Note!**
+The infrastructure used in this example is OpenStack, and the demonstrated VNFs are:
+  * F5 BIG-IP VE (Load balancer)
+  * Fortigate (Firewall)
+  * Httpd (Web Server)
 
-## Cloudify Manager
+## Common Prerequisites:
 
-Before we get started, please make sure you have a Cloudify manager deployed.
+* Cloudify Manager 4.5.5, for more info: [Cloudify-Getting-Started](https://cloudify.co/download/).
 
-The cloudify manager is available in multiple formats ranging from Docker to RPM. In this tutorial we will be using the docker option and assume that it is deployed on your local computer. It can be of course deployed using any other method and on any given platform.
+* These plugins should exist on your manager. (E.g. You can just run `cfy plugins bundle-upload`, which will satisfy all plugin requirements.):
+  * [cloudify-azure-plugin](https://github.com/cloudify-cosmo/cloudify-openstack-plugin/releases), version 2.1.1 or higher.
+  * [cloudify-utilities-plugin](https://github.com/cloudify-incubator/cloudify-utilities-plugin/releases), version 1.12.5 or higher.
 
-To learn more about Cloudify manager deployment go to: [Cloudify-Getting-Started](https://cloudify.co/download/)
+* These secrets should exist on your manager:
+  * `azure_client_id`: Service Principal appId. You can set this up via the CLI: `cfy secrets create azure_client_id -s [secret value]`.
+  * `azure_client_secret`: Service Principal password. You can set this up via the CLI: `cfy secrets create azure_client_secret -s [secret value]`.
+  * `azure_subscription_id`: Service Principal ID. You can set this up via the CLI: `cfy secrets create azure_subscription_id -s [secret value]`.
+  * `azure_tenant_id`: Service Principal tenant. You can set this up via the CLI: `cfy secrets create azure_tenant_id -s [secret value]`.
+  * `azure_location`: Specifies the supported Azure location for the resource. You can set this up via the CLI: `cfy secrets create azure_location -s [secret value]`.
+  * `agent_key_private`: The content of an RSA private key. (E.g. You can upload this key from a file: `cfy secrets create agent_key_private -f ~/.ssh/id_rsa`).
+  * `agent_key_public`: The content of an RSA public key. (E.g. You can upload this key from a file: `cfy secrets create agent_key_private -f ~/.ssh/id_rsa.pub`).
 
-## Example overview
 
-Creation of the whole service consists of the following steps. Each step is available as a blueprint (yaml file) in this example folder.
+## Installation
 
-1. *Environment preparation*
-Create networks, a resource group, and a security group. For more details check [common/README](common/README.md)
-2. *Provisioning of the VNFs*
-Create the virtual machines in Azure and connect those to the proper networks.
-Each VNF is created using a blueprint named ``VNFM-<VNF_NAME>-Prov-Azure-vm.yaml``:
-* **bigip/VNFM-F5-Prov-Azure-vm.yaml** - [BIG IP Provisioning instruction](bigip/README.md##Provisioning)
-* **fortigate/VNFM-Fortigate-Prov-Azure-vm.yaml** - [Fortigate Provisioning instruction](fortigate/README.md##Provisioning)
-* **httpd/VNFM-HTTPD-Prov-Azure-vm.yaml** - [HTTPD Provisioning instruction](httpd/README.md##Provisioning)
-3. *Configure the VNFs*
-Apply basic configuration of the VNFs. This is done using blueprints named ``VNFM-<VNF_NAME>-Conf.yaml``:
-* **bigip/VNFM-F5-Conf.yaml** (licensing and VLAN configuration) - [BIG IP Configuration instruction](bigip/README.md##Configuration)
-* **fortigate/VNFM-Fortigate-Conf.yaml** (Setting firewall rules and port forwarding) - [Fortigate Configuration instruction](fortigate/README.md##Configuration)
-* **httpd/VNFM-HTTPD-Conf.yaml** (Creation of Web Server) - [HTTPD Configuration instruction](httpd/README.md##Configuration)
-4. *Service chaining*
-The last step creates a service chain of connected network services (Load Balancer, Firewall and Web Server). In this case service chaining consists of port forwarding rule on Fortigate and load balancing rule on BIG IP in order to pass traffic through.
-Use the ``service/NS-LB-Firewall-F5-Fortigate-HTTPD.yaml`` - [Service creation instruction](service/README.md)
+The installation is broken into a few basic steps. Go to the relevant README and progress through these steps in the correct order.
 
-Once all steps had been performed, you should be able to access the web page displayed by the web service by accessing the ip of the load balancer (This IP will be the output of the service deployment flow, and will be titled web_server).
+1. [Prepare the environment](network-topology/README.md##Installation): Create networks, a resource group, and a security group.
+1. Provisioning of the VNFs:
+  1. [Provision the load balancer](bigip/README.md##Provisioning) and setup basic settings.
+  1. [Provision the firewall](fortigate/README.md##Provisioning) and configure its network interfaces and the network settings.
+  1. [Provision the web server](httpd/README.md##Provisioning) instance, configure it, and setup basic web content.
+1. Compose the service flow by:
+  1. [Configuration the load balancer](bigip/README.md##Configuration) and setup basic settings.
+  1. [Configuration the firewall](fortigate/README.md##Configuration) and configure its network interfaces and the network settings.
+  1. [Configuration the web server](httpd/README.md##Configuration) instance, configure it, and setup basic web content.
+1. [Create service](service/README.md) The last step creates a service chain of connected network services (Load Balancer, Firewall and Web Server). In this case service chaining consists of port forwarding rule on Fortigate and load balancing rule on BIG IP in order to pass traffic through.

azure_case/bigip/README.md

@@ -1,82 +1,68 @@
-# F5 Big-IP on Azure
+# BIG-IP Load Balancer
 
-## Prerequisites:
+This blueprint installs the BIG-IP load balancer on Azure.
 
-### Common resource creation
-Prior to any deployment You have to upload plugins, create secrets and create common environment - [instructions](../common/README.md)
+### Prerequisites
 
-### Secrets
+First make sure that you have satisfied the global requirements in the [main README](../README.md).
 
-Create the below secrets in the secret store management:
-* **bigip_username** - Username for BIG IP VE, it is set during provisioning and used during configuration, "admin" is not allowed
-* **bigip_password** - Password for BIG IP VE, it is set during provisioning and used during configuration. The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following: Contains an uppercase character, Contains a lowercase character, Contains a numeric digit, Contains a special character. Control characters are not allowed
-* **bigip_license_key** - License key for BIG IP VE, it is being applied during configuration.
-
-You can create those with the following cfy commands:\
-``cfy secrets create bigip_username -s <bigip_username>``\
-``cfy secrets create bigip_password -s <bigip_password>``\
-``cfy secrets create bigip_license_key -s <bigip_license_key>``
+* These additional secrets should exist on your manager:
+  * `bigip_username`: Username for BIG IP VE. It is set during provisioning and used during configuration, "admin" is not allowed. You can set this up via the CLI: `cfy secrets create bigip_username -s [secret value]`.
+  * `bigip_password`: Password for BIG IP VE. It is set during provisioning and used during configuration. The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following: Contains an uppercase character, Contains a lowercase character, Contains a numeric digit, Contains a special character. Control characters are not allowed. . You can set this up via the CLI: `cfy secrets create bigip_password -s [secret value]`.
+  * `bigip_license`: License key for BIG IP VE. It is being applied during configuration. . You can set this up via the CLI: `cfy secrets create bigip_license -s [secret value]`.
 
 ## Provisioning
 
-VNFM-F5-Prov-Azure-vm.yaml is responsible for creation BIG-IP Virtual Machine connected to 3 networks:
-* Management,
-* WAN,
-* Public.
+* Blueprint: The `infrastructure.yaml` blueprint is responsible for creation BIG-IP Virtual Machine. This VM is connected to 3 networks:
+  * Management
+  * WAN
+  * Public
 
 Network's NICs are connected to security group created in network deployment.
 Networks and security group names are fetched from network deployment using `get_capability` intrinsic function.
 
-### Inputs
-* *virtual_machine_size* - Name of Virtual Machine Size in Azure - default: Standard_A7
-* *vm_name* - Name of Virtual Machine - default: BIGIP
-* *virtual_machine_image_sku* - An instance of an offer, such as a major release of a distribution - default: 'f5-big-all-1slot-byol'
-* *virtual_machine_image_publisher* - Name of the organization that created the image - default: 'f5-networks'
-* *virtual_machine_image_offer* - The name of a group of related images created by a publisher - default: 'f5-big-ip-byol'
-* *retry_after* - The number of seconds for each task retry interval (in the
-          case of iteratively checking the status of an asynchronous operation) - default: 5
-* *resource_prefix* - Prefix of every resource created at this deployment on Azure - default: cfy
-* *resource_suffix* - Suffix of every resource created at this deployment on Azure - default: 0
-* *network_api_version* - API Version for Network - default: "2015-06-15"
-* *azure_network_deployment_name* - Name of deployment responsible for creation resource group, security group and networks -
-    default: VNFM-Networking-Prov-Azure-networks
+* Inputs:
+  * `virtual_machine_size`: Name of Virtual Machine Size in Azure. Default: `Standard_A7`.
+  * `virtual_machine_image_sku`:  An instance of an offer, such as a major release of a distribution. Default: `f5-big-all-1slot-byol`.
+  * `virtual_machine_image_publisher`:  Name of the organization that created the image. Default: `f5-networks`.
+  * `virtual_machine_image_offer`:  The name of a group of related images created by a publisher. Default: `f5-big-ip-byol`.
+  * `azure_network_deployment_name`: Name of deployment responsible for creation resource group, security group and networks. Default: `VNFM-Networking-Prov-Azure-networks`.
 
 ### Installation
 
-Resources created in Prerequisites subsection are fetched in existing_networks.yaml blueprint file using capabilities and VNFM-F5-Prov-Azure-vm.yaml is using it.
-
-To provision BIG-IP execute:
+Upload the blueprint, create the deployment and execute install workflow in one command using the CLI:
 
-``cfy install VNFM-F5-Prov-Azure-vm.yaml -b VNFM-F5-Prov-Azure-vm``
+```bash
+cfy install  infrastructure.yaml -b  \
+    VNFM-F5-Prov-Azure-vm
+```
 
-### Uninstalling
+###Uninstalling
 
-To delete BIG IP execute:
+Uninstall the **VNFM-F5-Prov-Azure-vm** deployment:
 
-``cfy uninstall VNFM-F5-Prov-Azure-vm``
+```
+cfy uninstall VNFM-F5-Prov-Azure-vm
+```
 
 ## Configuration
 
-The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name
-is required as an input. Exposed IP addresses are fetched using *get_capability* function, ie:\
-``{ get_capability: [ {get_input: prov_deployment_name}, wan_ip ] }``
+The configuration requires the IP addresses of the VM created during provisioning, therefore the provisioning deployment name is required as an input. Exposed IP addresses are fetched using `get_capability` function: `{ get_capability: [ {get_input: prov_deployment_name}, wan_ip ] }`.
 
-VNFM-F5-Conf.yaml is responsible for licensing BIG IP with the provided registration key and applying VLAN configuration necessary for further LTM configuration.
-It consists of 2 nodes:
-1. *license* - Applies license using [install_license.txt](Resources/templates/install_license.txt) file and revokes it using [revoke_license.txt](Resources/templates/revoke_license.txt).
-2. *vlan_configuration* - Creates VLAN configuration on WAN and Public interfaces - using [vlan_config.txt](Resources/templates/vlan_config.txt) to apply it during install and [vlan_config_delete.txt](Resources/templates/vlan_config_delete.txt) to tear it down during uninstall.
+* Blueprint: The `application.yaml` blueprint is responsible for licensing BIG IP with the provided registration key and applying VLAN configuration necessary for further LTM configuration. It consists of two nodes:
+  * `license`: Applies license using [install_license.txt](Resources/templates/install_license.txt) file and revokes it using [revoke_license.txt](Resources/templates/revoke_license.txt).
+  * `vlan_configuration`: Creates VLAN configuration on WAN and Public interfaces - using [vlan_config.txt](Resources/templates/vlan_config.txt) to apply it during install and [vlan_config_delete.txt](Resources/templates/vlan_config_delete.txt) to tear it down during uninstall.
 
+* Inputs:
+  * `prov_deployment_name`: Name of BIG IP Provisioning deployment created in previous section. Default: `VNFM-F5-Prov-Azure-vm`.
 
-### Inputs
-
-* *prov_deployment_name* - Name of BIG IP Provisioning deployment created in previous section
 
 ### Install
 
-``cfy install VNFM-F5-Conf.yaml -b VNFM-F5-Conf``
+`cfy install application.yaml -b VNFM-F5-Conf`
 
 ### Uninstall
-During uninstall the license is revoked so it can be used on different BIG IP VE or on the same one again.
-Also VLAN configuration is deleted.
 
-``cfy uninstall VNFM-F5-Conf``
+During uninstall the license is revoked so it can be used on different BIG IP VE or on the same one again. Also VLAN configuration is deleted.
+
+`cfy uninstall VNFM-F5-Conf`

azure_case/bigip/Resources/blueprints/existing_networks.yaml

@@ -4,7 +4,7 @@ description: >
   Fetch existing: Resource group, security group, network and 4 subnets.
 
 imports:
-  - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml
+  - http://cloudify.co/spec/cloudify/4.5.5/types.yaml
   - plugin:cloudify-azure-plugin
 
 inputs:

azure_case/bigip/VNFM-F5-Conf.yaml → azure_case/bigip/application.yaml

@@ -4,7 +4,7 @@ description: >
   Licensing BIG IP with provided registration key and applying VLAN configuration.
 
 imports:
-  - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml
+  - http://cloudify.co/spec/cloudify/4.5.5/types.yaml
   - plugin:cloudify-utilities-plugin
 
 inputs:
@@ -37,7 +37,7 @@ node_templates:
             calls:
               - template: Resources/templates/install_license.txt
                 params:
-                  REG_KEY: { get_secret: bigip_license_key }
+                  REG_KEY: { get_secret: bigip_license }
         delete:
           inputs:
             terminal_auth: *terminal_auth

azure_case/bigip/VNFM-F5-Prov-Azure-vm.yaml → azure_case/bigip/infrastructure.yaml

@@ -3,6 +3,14 @@ tosca_definitions_version: cloudify_dsl_1_3
 description: >
   Create an instance of BIG-IP on Azure.
 
+dsl_definitions:
+
+  client_config: &client_config
+    subscription_id: { get_secret: azure_subscription_id }
+    tenant_id: { get_secret: azure_tenant_id }
+    client_id: { get_secret: azure_client_id }
+    client_secret: { get_secret: azure_client_secret }
+
 imports:
   - Resources/blueprints/nics.yaml
 
@@ -28,15 +36,6 @@ inputs:
     description: The name of a group of related images created by a publisher.
     default: 'f5-big-ip-byol'
 
-
-dsl_definitions:
-
-  client_config: &client_config
-    subscription_id: { get_secret: azure_subscription_id }
-    tenant_id: { get_secret: azure_tenant_id }
-    client_id: { get_secret: azure_client_id }
-    client_secret: { get_secret: azure_client_secret }
-
 node_templates:
 
   virtual_machine: