summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--clover/tracing/tracing.py2
-rw-r--r--clover/tracing/validate.py38
-rw-r--r--docs/release/release-notes/index.rst2
-rw-r--r--docs/release/release-notes/release-notes.rst (renamed from docs/release/release-notes/Fraser-release-notes.rst)201
-rw-r--r--docs/release/userguide/Fraser-userguide.rst81
-rw-r--r--docs/release/userguide/index.rst2
-rw-r--r--docs/release/userguide/userguide.rst64
-rw-r--r--docs/tracing.rst19
-rw-r--r--samples/services/snort_ids/docker/grpc/snort_alerts.py18
-rw-r--r--samples/services/snort_ids/docker/grpc/snort_server.py14
10 files changed, 229 insertions, 212 deletions
diff --git a/clover/tracing/tracing.py b/clover/tracing/tracing.py
index 16b952c..f646268 100644
--- a/clover/tracing/tracing.py
+++ b/clover/tracing/tracing.py
@@ -10,7 +10,7 @@ import time
import redis
TRACING_IP = "localhost"
-TRACING_PORT = "30888"
+TRACING_PORT = "16686"
class Tracing:
diff --git a/clover/tracing/validate.py b/clover/tracing/validate.py
index 9cbfdd0..e1f810f 100644
--- a/clover/tracing/validate.py
+++ b/clover/tracing/validate.py
@@ -6,12 +6,10 @@
# http://www.apache.org/licenses/LICENSE-2.0
from kubernetes import client, config
+import argparse
from clover.tracing.tracing import Tracing
-JAEGER_IP = "localhost"
-# JAEGER_IP = "1.1.1.1"
-JAEGER_PORT = "30888"
JAEGER_DEPLOYMENT = "jaeger-deployment"
ISTIO_NAMESPACE = "istio-system"
ISTIO_SERVICES = ["istio-ingress", "istio-mixer"]
@@ -36,10 +34,12 @@ def validateDeploy():
validate = True
return validate
-# Services in Jaeger will only be present when traffic passes through Istio
-# Requires a deployment in Istio service mesh with some traffic targeting nodes
-def validateServices():
- t = Tracing(JAEGER_IP, JAEGER_PORT)
+
+# Services in Jaeger will only be present when traffic targets istio-ingress
+# Even a failed HTTP GET request to istio-ingress will add istio-ingress and
+# istio-mixer services
+def validateServices(args):
+ t = Tracing(args['ip'], args['port'])
services = t.getServices()
validate = True
if services:
@@ -47,14 +47,20 @@ def validateServices():
if s in services:
print("Service in tracing: {} present".format(s))
else:
+ print("Service in tracing: {} not present".format(s))
validate = False
else:
validate = False
return validate
-def main():
- if validateDeploy() and validateServices():
+def main(args):
+ vdeploy = validateDeploy()
+ if args['s']:
+ vservice = validateServices(args)
+ else:
+ vservice = True
+ if vdeploy and vservice:
print"Jaeger tracing validation has passed"
return True
else:
@@ -63,4 +69,16 @@ def main():
if __name__ == '__main__':
- main()
+ parser = argparse.ArgumentParser()
+ parser.add_argument(
+ '-s', action='store_true',
+ help='Validate istio services, \
+ which requires at least one http request to istio-ingress')
+ parser.add_argument(
+ '-ip', default='localhost',
+ help='IP address to access Jaeger')
+ parser.add_argument(
+ '-port', default='16686',
+ help='Port to acccess Jaeger')
+ args = parser.parse_args()
+ main(vars(args))
diff --git a/docs/release/release-notes/index.rst b/docs/release/release-notes/index.rst
index 1c41113..c7f8f6c 100644
--- a/docs/release/release-notes/index.rst
+++ b/docs/release/release-notes/index.rst
@@ -12,4 +12,4 @@ OPNFV Clover Design Specification
.. toctree::
:maxdepth: 1
- Fraser-release-notes
+ release-notes
diff --git a/docs/release/release-notes/Fraser-release-notes.rst b/docs/release/release-notes/release-notes.rst
index 3e864fb..f345f61 100644
--- a/docs/release/release-notes/Fraser-release-notes.rst
+++ b/docs/release/release-notes/release-notes.rst
@@ -1,100 +1,101 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. SPDX-License-Identifier CC-BY-4.0
-.. (c) optionally add copywriters name
-
-
-This document provides the release notes for Fraser of OPNFV Clover.
-
-.. contents::
- :depth: 3
- :local:
-
-
-Version history
----------------
-
-+--------------------+--------------------+--------------------+--------------------+
-| **Date** | **Ver.** | **Author** | **Comment** |
-| | | | |
-+--------------------+--------------------+--------------------+--------------------+
-| 2018-03-14 | Fraser 1.0 | Stephen Wong | First draft |
-| | | | |
-+--------------------+--------------------+--------------------+--------------------+
-
-Important notes
-===============
-
-The OPNFV Clover project for Fraser can ONLY be run on Kubernetes version 1.9.3 or
-above
-
-Summary
-=======
-
-Clover provides tools to help run cloud native virtual network functions. These
-tools include service-mesh and associated policy-based-routing config (via
-Istio), logging (via fluentd), monitoring (via Prometheus), and tracing (via
-OpenTracing and Jaeger).
-
-Release Data
-============
-
-+--------------------------------------+--------------------------------------+
-| **Project** | Clover |
-| | |
-+--------------------------------------+--------------------------------------+
-| **Repo/commit-ID** | |
-| | |
-+--------------------------------------+--------------------------------------+
-| **Release designation** | Fraser |
-| | |
-+--------------------------------------+--------------------------------------+
-| **Release date** | 2018-04-xx |
-| | |
-+--------------------------------------+--------------------------------------+
-| **Purpose of the delivery** | OPNFV Fraser release |
-| | |
-+--------------------------------------+--------------------------------------+
-
-Version change
-^^^^^^^^^^^^^^^^
-
-Module version changes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Fraser marks the first release of OPNFV Clover
-
-Document version changes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Fraser marks the first release of OPNFV Clover
-
-Reason for version
-^^^^^^^^^^^^^^^^^^^^
-
-Feature additions
-~~~~~~~~~~~~~~~~~~~~~~~
-<None> (no backlog)
-
-Bug corrections
-~~~~~~~~~~~~~~~~~~~~~
-<None>
-
-Known Limitations, Issues and Workarounds
-=========================================
-
-System Limitations
-^^^^^^^^^^^^^^^^^^^^
-TBD
-
-Known issues
-^^^^^^^^^^^^^^^
-TBD
-
-Workarounds
-^^^^^^^^^^^^^^^^^
-
-Test Result
-===========
-
-
-References
-==========
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. SPDX-License-Identifier CC-BY-4.0
+.. (c) Authors of Clover
+
+
+This document provides Clover project's release notes for the OPNFV Fraser release.
+
+.. contents::
+ :depth: 3
+ :local:
+
+
+Version history
+---------------
+
++--------------------+--------------------+--------------------+--------------------+
+| **Date** | **Ver.** | **Author** | **Comment** |
+| | | | |
++--------------------+--------------------+--------------------+--------------------+
+| 2018-03-14 | Fraser 1.0 | Stephen Wong | First draft |
+| | | | |
++--------------------+--------------------+--------------------+--------------------+
+
+Important notes
+===============
+
+The Clover project for OPNFV Fraser can ONLY be run on Kubernetes version 1.9 or
+later
+
+Summary
+=======
+
+Clover Fraser release provides tools for installation and validation of various
+upstream cloud native projects including Istio, fluentd, Jaegar, and Prometheus.
+In addition, the Fraser release also includes a sample VNF, its Kubernetes
+manifest, simple tools to validate route rules from Istio, as well as an
+example A-B testing framework.
+
+Release Data
+============
+
++--------------------------------------+--------------------------------------+
+| **Project** | Clover |
+| | |
++--------------------------------------+--------------------------------------+
+| **Repo/commit-ID** | |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release designation** | Fraser |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release date** | 2018-04-27
+| | |
++--------------------------------------+--------------------------------------+
+| **Purpose of the delivery** | OPNFV Fraser release |
+| | |
++--------------------------------------+--------------------------------------+
+
+Version change
+^^^^^^^^^^^^^^^^
+
+Module version changes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+OPNFV Fraser marks the first release for Clover
+
+Document version changes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+OPNFV Fraser marks the first release for Clover
+
+Reason for version
+^^^^^^^^^^^^^^^^^^^^
+
+Feature additions
+~~~~~~~~~~~~~~~~~~~~~~~
+<None> (no backlog)
+
+Bug corrections
+~~~~~~~~~~~~~~~~~~~~~
+<None>
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+System Limitations
+^^^^^^^^^^^^^^^^^^^^
+TBD
+
+Known issues
+^^^^^^^^^^^^^^^
+TBD
+
+Workarounds
+^^^^^^^^^^^^^^^^^
+
+Test Result
+===========
+
+
+References
+==========
diff --git a/docs/release/userguide/Fraser-userguide.rst b/docs/release/userguide/Fraser-userguide.rst
deleted file mode 100644
index 243c4e1..0000000
--- a/docs/release/userguide/Fraser-userguide.rst
+++ /dev/null
@@ -1,81 +0,0 @@
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. SPDX-License-Identifier CC-BY-4.0
-.. (c) optionally add copywriters name
-
-
-================================================================
-Clover User Guide (Fraser Release)
-================================================================
-
-This document provides the user guide for Fraser release of Clover.
-
-.. contents::
- :depth: 3
- :local:
-
-
-Description
-===========
-
-Project Clover was established to investigate best practice to implement,
-build, deploy, and operate virtual network functions as cloud native
-applications. "Cloud native" has a ever evolving and expanding definition,
-and in Clover, the focus is effectively running and operating VNFs built
-in a micro-service design pattern running on Docker containers and
-orchestrated by Kubernetes.
-
-The strength of cloud native applications is their operablity and
-scalability. Essential to achieve these qualities is the use of service
-mesh. As such, in Fraser release, Clover's emphasis is on demonstrating
-running a sample micro-service composed VNF on Istio, the service mesh
-platform of Clover's choice in Fraser, and how to maximize visibility
-of this sample running in a service mesh.
-
-What is in Fraser?
-==================
-
- * a sample micro-service composed VNF
-
- * logging module: fluentd and elasticsearch Kubernetes manifests,
- installation validation, log data correlation in datastore
-
- * tracing module: jaeger Kubernetes manifest, installation validation,
- jaegar tracing query tools, trace data correlation in datastore
-
- * monitoring module: prometheus Kubernetes manifest, installation
- validation, prometheous query tools for Istio related metrics,
- metrics correlation in datastore
-
- * Istio route-rules and circuit breaking sample yaml and validation
- tools
-
- * Test scripts
-
- * Reference for a demo shown during ONS
-
-Usage
-=====
-
- * each modules (service mesh, logging, tracing, monitoring) are Python
- modules with their own set of library calls / API exposed. The descriptions
- of these library calls are under doc/developer (TBD)
-
- * tools directory contains Python tools for generic use
- python clover_validate_route_rules.py -s <service name> -n <number of tests>
- [more TBD]
-
- * an example scenario:
- - version 2 (v2) of a micro-service component is deployed
- - Istio route rule is applied to send 50% traffic to v2
- - Clover tool validates traffic conformance with route rules
- - user specify via yaml the "success" expectation of v2 (latency,
- performance, session loss...etc)
- - Clover tool validates sessions conformance with user defined expectations
- - The "commit" action is invoked to move 100% traffic to v2
- - Clover tool validates traffic conformance with route rules
- - A fault is injected for the path to the extra service of v2 which adds
- a one second delay onto the path
- - The same A-B testing script is invoked, this time, performance
- test now fails
- - The "rollback" action is invoked to move 100% traffic back to v1
diff --git a/docs/release/userguide/index.rst b/docs/release/userguide/index.rst
index 41fcb1f..672c62c 100644
--- a/docs/release/userguide/index.rst
+++ b/docs/release/userguide/index.rst
@@ -10,4 +10,4 @@ OPNFV Clover Design Specification
.. toctree::
:maxdepth: 1
- Fraser-userguide
+ userguide
diff --git a/docs/release/userguide/userguide.rst b/docs/release/userguide/userguide.rst
new file mode 100644
index 0000000..c01886e
--- /dev/null
+++ b/docs/release/userguide/userguide.rst
@@ -0,0 +1,64 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. SPDX-License-Identifier CC-BY-4.0
+.. (c) Authors of Clover
+
+
+================================================================
+Clover User Guide (Fraser Release)
+================================================================
+
+This document provides the Clover user guide for OPNFV Fraser release.
+
+.. contents::
+ :depth: 3
+ :local:
+
+
+Description
+===========
+
+As project Clover's first release, Fraser release includes installation
+and simple validation of foundational upstream projects including Istio,
+fluentd, Jaeger, and Prometheus. Clover Fraser release also provides a
+sample VNF which follows micro-service design pattern, its Kubernetes
+manifest, and an automatic scipt to demonstrate a sample A-B testing use
+case using the sample VNF running on Istio with trace data exposed to
+Jaeger running in istio-system namespace.
+
+What is in Fraser?
+==================
+
+ * a sample micro-service composed VNF
+
+ * logging module: fluentd and elasticsearch Kubernetes manifests,
+ and fluentd installation validation
+
+ * tracing module: jaeger Kubernetes manifest, installation validation,
+ jaegar tracing query tools, module for trace data output to datastore
+
+ * monitoring module: prometheus Kubernetes manifest, installation
+ validation, sample Prometheous query of Istio related metrics
+
+ * Istio route-rules sample yaml and validation tools
+
+ * Test scripts
+
+ * Sample code for an A-B testing demo shown during ONS
+
+Usage
+=====
+
+ * Python modules to validate installation of fluentd, Jaeger, and
+ Prometheus
+
+ * Installation and deployment of a sample VNF
+ - VNF designed and implemented with micro-service design pattern
+ - tested and validated via Istio service mesh tools
+
+ * sample tool to validate Istio route rules:
+ tools/python clover_validate_route_rules.py -s <service name> -t <test id>
+
+ * an example use case: A-B testing:
+ test/fraser_a_b_test.py -t yaml/fraser_a_b_test.yaml -p <tracing port num>
+ *** detail procedure to run sample A-B testing at docs/configguide/...
diff --git a/docs/tracing.rst b/docs/tracing.rst
index 79d686c..b83274c 100644
--- a/docs/tracing.rst
+++ b/docs/tracing.rst
@@ -13,20 +13,26 @@ following command::
kubectl apply -n istio-system -f https://raw.githubusercontent.com/jaegertracing/jaeger-kubernetes/master/all-in-one/jaeger-all-in-one-template.yml
The standard Jaeger REST port is at 16686. To make this service available outside of the
-Kubernetes cluster, use the following command::
+Kubernetes cluster via any node IP in the cluster, use the following command::
kubectl expose -n istio-system deployment jaeger-deployment --port=16686 --type=NodePort
-Kubernetes will expose the Jaeger service on another port, which can be found with::
+Kubernetes will expose the Jaeger service on another port from 30000-32767 and the assignment can
+be found with::
kubectl get svc -n istio-system
An example listing from the command above is shown below where the Jaeger service is exposed
-externally on port 30888::
+externally on port 30888 in this case::
istio-system jaeger-deployment NodePort 10.104.113.94 <none> 16686:30888/TCP
-Jaeger will be accessible using the host IP of the Kubernetes cluster and port provided.
+Jaeger will be accessible using the host IP of any node in Kubernetes cluster and port provided.
+With this method, the Jaeger UI will also be available from a remote host. If external access is
+required to Jaeger but restricted to cluster localhost(s), an alternate method is to use the
+**port-forward** command in the foreground, as shown below::
+
+ kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=jaeger -o jsonpath='{.items[0].metadata.name}') 16686:16686
********
Validate
@@ -40,5 +46,6 @@ It validates the installation with the following criteria:
#. Existence of Jaeger all-in-one deployment using Kubernetes
#. Jaeger service is accessible using IP address and port configured in installation steps
-#. Jaeger can retrieve default service listing for default Istio components
-#. TBD - consider installation of production setup with cassandra or elastic search
+#. Optionally, if Jaeger can retrieve service listing for default Istio components
+ (istio-ingress, istio-mixer). At least one HTTP request must be sent to istio-ingress
+ after initial Jaeger deployment for this validation to function.
diff --git a/samples/services/snort_ids/docker/grpc/snort_alerts.py b/samples/services/snort_ids/docker/grpc/snort_alerts.py
index 4cb87e2..25d1738 100644
--- a/samples/services/snort_ids/docker/grpc/snort_alerts.py
+++ b/samples/services/snort_ids/docker/grpc/snort_alerts.py
@@ -14,7 +14,7 @@ from idstools import unified2
HOST_IP = 'redis'
-PROXY_GRPC = 'proxy-access-control:50054'
+# PROXY_GRPC = 'proxy-access-control:50054'
logging.basicConfig(filename='alert.log', level=logging.DEBUG)
@@ -34,7 +34,7 @@ reader = unified2.SpoolRecordReader("/var/log/snort",
def sendGrpcAlert(event_id, redis_key):
try:
- channel = grpc.insecure_channel(PROXY_GRPC)
+ channel = grpc.insecure_channel('proxy-access-control:50054')
stub = nginx_pb2_grpc.ControllerStub(channel)
stub.ProcessAlerts(nginx_pb2.AlertMessage(
event_id=event_id, redis_key=redis_key))
@@ -45,13 +45,15 @@ def sendGrpcAlert(event_id, redis_key):
for record in reader:
try:
if isinstance(record, unified2.Event):
- snort_event = "snort_event:" + str(record['event-id'])
- r.sadd('snort_events', str(record['event-id']))
- r.hmset(snort_event, record)
- sendGrpcAlert(str(record['event-id']), 'snort_events')
- # elif isinstance(record, unified2.Packet):
- # print("Packet:")
+ event = record
+ elif isinstance(record, unified2.Packet):
+ packet = record
# elif isinstance(record, unified2.ExtraData):
# print("Extra-Data:")
+ snort_event = "snort_event:" + str(record['event-id'])
+ r.sadd('snort_events', str(record['event-id']))
+ event.update(packet)
+ r.hmset(snort_event, event)
+ sendGrpcAlert(str(record['event-id']), 'snort_events')
except Exception as e:
logging.debug(e)
diff --git a/samples/services/snort_ids/docker/grpc/snort_server.py b/samples/services/snort_ids/docker/grpc/snort_server.py
index 9ece832..223461a 100644
--- a/samples/services/snort_ids/docker/grpc/snort_server.py
+++ b/samples/services/snort_ids/docker/grpc/snort_server.py
@@ -33,10 +33,16 @@ class Controller(snort_pb2_grpc.ControllerServicer):
# file_local = 'testfile'
file_local = '/etc/snort/rules/local.rules'
f = open(file_local, 'a')
- rule = 'alert {} {} {} -> {} {} '.format(
- r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \
- + '(msg:"{}"; content:{}; sid:{}; rev:{};)\n'.format(
- r.msg, r.content, r.sid, r.rev)
+ if r.content:
+ rule = 'alert {} {} {} -> {} {} '.format(
+ r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \
+ + '(msg:"{}"; content:{}; sid:{}; rev:{};)\n'.format(
+ r.msg, r.content, r.sid, r.rev)
+ else:
+ rule = 'alert {} {} {} -> {} {} '.format(
+ r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \
+ + '(msg:"{}"; sid:{}; rev:{};)\n'.format(
+ r.msg, r.sid, r.rev)
f.write(rule)
f.close
msg = "Added to local rules"