diff options
-rw-r--r-- | clover/tracing/tracing.py | 2 | ||||
-rw-r--r-- | clover/tracing/validate.py | 38 | ||||
-rw-r--r-- | docs/release/release-notes/index.rst | 2 | ||||
-rw-r--r-- | docs/release/release-notes/release-notes.rst (renamed from docs/release/release-notes/Fraser-release-notes.rst) | 201 | ||||
-rw-r--r-- | docs/release/userguide/Fraser-userguide.rst | 81 | ||||
-rw-r--r-- | docs/release/userguide/index.rst | 2 | ||||
-rw-r--r-- | docs/release/userguide/userguide.rst | 64 | ||||
-rw-r--r-- | docs/tracing.rst | 19 | ||||
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_alerts.py | 18 | ||||
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_server.py | 14 |
10 files changed, 229 insertions, 212 deletions
diff --git a/clover/tracing/tracing.py b/clover/tracing/tracing.py index 16b952c..f646268 100644 --- a/clover/tracing/tracing.py +++ b/clover/tracing/tracing.py @@ -10,7 +10,7 @@ import time import redis TRACING_IP = "localhost" -TRACING_PORT = "30888" +TRACING_PORT = "16686" class Tracing: diff --git a/clover/tracing/validate.py b/clover/tracing/validate.py index 9cbfdd0..e1f810f 100644 --- a/clover/tracing/validate.py +++ b/clover/tracing/validate.py @@ -6,12 +6,10 @@ # http://www.apache.org/licenses/LICENSE-2.0 from kubernetes import client, config +import argparse from clover.tracing.tracing import Tracing -JAEGER_IP = "localhost" -# JAEGER_IP = "1.1.1.1" -JAEGER_PORT = "30888" JAEGER_DEPLOYMENT = "jaeger-deployment" ISTIO_NAMESPACE = "istio-system" ISTIO_SERVICES = ["istio-ingress", "istio-mixer"] @@ -36,10 +34,12 @@ def validateDeploy(): validate = True return validate -# Services in Jaeger will only be present when traffic passes through Istio -# Requires a deployment in Istio service mesh with some traffic targeting nodes -def validateServices(): - t = Tracing(JAEGER_IP, JAEGER_PORT) + +# Services in Jaeger will only be present when traffic targets istio-ingress +# Even a failed HTTP GET request to istio-ingress will add istio-ingress and +# istio-mixer services +def validateServices(args): + t = Tracing(args['ip'], args['port']) services = t.getServices() validate = True if services: @@ -47,14 +47,20 @@ def validateServices(): if s in services: print("Service in tracing: {} present".format(s)) else: + print("Service in tracing: {} not present".format(s)) validate = False else: validate = False return validate -def main(): - if validateDeploy() and validateServices(): +def main(args): + vdeploy = validateDeploy() + if args['s']: + vservice = validateServices(args) + else: + vservice = True + if vdeploy and vservice: print"Jaeger tracing validation has passed" return True else: @@ -63,4 +69,16 @@ def main(): if __name__ == '__main__': - main() + parser = argparse.ArgumentParser() + parser.add_argument( + '-s', action='store_true', + help='Validate istio services, \ + which requires at least one http request to istio-ingress') + parser.add_argument( + '-ip', default='localhost', + help='IP address to access Jaeger') + parser.add_argument( + '-port', default='16686', + help='Port to acccess Jaeger') + args = parser.parse_args() + main(vars(args)) diff --git a/docs/release/release-notes/index.rst b/docs/release/release-notes/index.rst index 1c41113..c7f8f6c 100644 --- a/docs/release/release-notes/index.rst +++ b/docs/release/release-notes/index.rst @@ -12,4 +12,4 @@ OPNFV Clover Design Specification .. toctree:: :maxdepth: 1 - Fraser-release-notes + release-notes diff --git a/docs/release/release-notes/Fraser-release-notes.rst b/docs/release/release-notes/release-notes.rst index 3e864fb..f345f61 100644 --- a/docs/release/release-notes/Fraser-release-notes.rst +++ b/docs/release/release-notes/release-notes.rst @@ -1,100 +1,101 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. SPDX-License-Identifier CC-BY-4.0
-.. (c) optionally add copywriters name
-
-
-This document provides the release notes for Fraser of OPNFV Clover.
-
-.. contents::
- :depth: 3
- :local:
-
-
-Version history
----------------
-
-+--------------------+--------------------+--------------------+--------------------+
-| **Date** | **Ver.** | **Author** | **Comment** |
-| | | | |
-+--------------------+--------------------+--------------------+--------------------+
-| 2018-03-14 | Fraser 1.0 | Stephen Wong | First draft |
-| | | | |
-+--------------------+--------------------+--------------------+--------------------+
-
-Important notes
-===============
-
-The OPNFV Clover project for Fraser can ONLY be run on Kubernetes version 1.9.3 or
-above
-
-Summary
-=======
-
-Clover provides tools to help run cloud native virtual network functions. These
-tools include service-mesh and associated policy-based-routing config (via
-Istio), logging (via fluentd), monitoring (via Prometheus), and tracing (via
-OpenTracing and Jaeger).
-
-Release Data
-============
-
-+--------------------------------------+--------------------------------------+
-| **Project** | Clover |
-| | |
-+--------------------------------------+--------------------------------------+
-| **Repo/commit-ID** | |
-| | |
-+--------------------------------------+--------------------------------------+
-| **Release designation** | Fraser |
-| | |
-+--------------------------------------+--------------------------------------+
-| **Release date** | 2018-04-xx |
-| | |
-+--------------------------------------+--------------------------------------+
-| **Purpose of the delivery** | OPNFV Fraser release |
-| | |
-+--------------------------------------+--------------------------------------+
-
-Version change
-^^^^^^^^^^^^^^^^
-
-Module version changes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Fraser marks the first release of OPNFV Clover
-
-Document version changes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Fraser marks the first release of OPNFV Clover
-
-Reason for version
-^^^^^^^^^^^^^^^^^^^^
-
-Feature additions
-~~~~~~~~~~~~~~~~~~~~~~~
-<None> (no backlog)
-
-Bug corrections
-~~~~~~~~~~~~~~~~~~~~~
-<None>
-
-Known Limitations, Issues and Workarounds
-=========================================
-
-System Limitations
-^^^^^^^^^^^^^^^^^^^^
-TBD
-
-Known issues
-^^^^^^^^^^^^^^^
-TBD
-
-Workarounds
-^^^^^^^^^^^^^^^^^
-
-Test Result
-===========
-
-
-References
-==========
+.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. SPDX-License-Identifier CC-BY-4.0 +.. (c) Authors of Clover + + +This document provides Clover project's release notes for the OPNFV Fraser release. + +.. contents:: + :depth: 3 + :local: + + +Version history +--------------- + ++--------------------+--------------------+--------------------+--------------------+ +| **Date** | **Ver.** | **Author** | **Comment** | +| | | | | ++--------------------+--------------------+--------------------+--------------------+ +| 2018-03-14 | Fraser 1.0 | Stephen Wong | First draft | +| | | | | ++--------------------+--------------------+--------------------+--------------------+ + +Important notes +=============== + +The Clover project for OPNFV Fraser can ONLY be run on Kubernetes version 1.9 or +later + +Summary +======= + +Clover Fraser release provides tools for installation and validation of various +upstream cloud native projects including Istio, fluentd, Jaegar, and Prometheus. +In addition, the Fraser release also includes a sample VNF, its Kubernetes +manifest, simple tools to validate route rules from Istio, as well as an +example A-B testing framework. + +Release Data +============ + ++--------------------------------------+--------------------------------------+ +| **Project** | Clover | +| | | ++--------------------------------------+--------------------------------------+ +| **Repo/commit-ID** | | +| | | ++--------------------------------------+--------------------------------------+ +| **Release designation** | Fraser | +| | | ++--------------------------------------+--------------------------------------+ +| **Release date** | 2018-04-27 +| | | ++--------------------------------------+--------------------------------------+ +| **Purpose of the delivery** | OPNFV Fraser release | +| | | ++--------------------------------------+--------------------------------------+ + +Version change +^^^^^^^^^^^^^^^^ + +Module version changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +OPNFV Fraser marks the first release for Clover + +Document version changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +OPNFV Fraser marks the first release for Clover + +Reason for version +^^^^^^^^^^^^^^^^^^^^ + +Feature additions +~~~~~~~~~~~~~~~~~~~~~~~ +<None> (no backlog) + +Bug corrections +~~~~~~~~~~~~~~~~~~~~~ +<None> + +Known Limitations, Issues and Workarounds +========================================= + +System Limitations +^^^^^^^^^^^^^^^^^^^^ +TBD + +Known issues +^^^^^^^^^^^^^^^ +TBD + +Workarounds +^^^^^^^^^^^^^^^^^ + +Test Result +=========== + + +References +========== diff --git a/docs/release/userguide/Fraser-userguide.rst b/docs/release/userguide/Fraser-userguide.rst deleted file mode 100644 index 243c4e1..0000000 --- a/docs/release/userguide/Fraser-userguide.rst +++ /dev/null @@ -1,81 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. SPDX-License-Identifier CC-BY-4.0 -.. (c) optionally add copywriters name - - -================================================================ -Clover User Guide (Fraser Release) -================================================================ - -This document provides the user guide for Fraser release of Clover. - -.. contents:: - :depth: 3 - :local: - - -Description -=========== - -Project Clover was established to investigate best practice to implement, -build, deploy, and operate virtual network functions as cloud native -applications. "Cloud native" has a ever evolving and expanding definition, -and in Clover, the focus is effectively running and operating VNFs built -in a micro-service design pattern running on Docker containers and -orchestrated by Kubernetes. - -The strength of cloud native applications is their operablity and -scalability. Essential to achieve these qualities is the use of service -mesh. As such, in Fraser release, Clover's emphasis is on demonstrating -running a sample micro-service composed VNF on Istio, the service mesh -platform of Clover's choice in Fraser, and how to maximize visibility -of this sample running in a service mesh. - -What is in Fraser? -================== - - * a sample micro-service composed VNF - - * logging module: fluentd and elasticsearch Kubernetes manifests, - installation validation, log data correlation in datastore - - * tracing module: jaeger Kubernetes manifest, installation validation, - jaegar tracing query tools, trace data correlation in datastore - - * monitoring module: prometheus Kubernetes manifest, installation - validation, prometheous query tools for Istio related metrics, - metrics correlation in datastore - - * Istio route-rules and circuit breaking sample yaml and validation - tools - - * Test scripts - - * Reference for a demo shown during ONS - -Usage -===== - - * each modules (service mesh, logging, tracing, monitoring) are Python - modules with their own set of library calls / API exposed. The descriptions - of these library calls are under doc/developer (TBD) - - * tools directory contains Python tools for generic use - python clover_validate_route_rules.py -s <service name> -n <number of tests> - [more TBD] - - * an example scenario: - - version 2 (v2) of a micro-service component is deployed - - Istio route rule is applied to send 50% traffic to v2 - - Clover tool validates traffic conformance with route rules - - user specify via yaml the "success" expectation of v2 (latency, - performance, session loss...etc) - - Clover tool validates sessions conformance with user defined expectations - - The "commit" action is invoked to move 100% traffic to v2 - - Clover tool validates traffic conformance with route rules - - A fault is injected for the path to the extra service of v2 which adds - a one second delay onto the path - - The same A-B testing script is invoked, this time, performance - test now fails - - The "rollback" action is invoked to move 100% traffic back to v1 diff --git a/docs/release/userguide/index.rst b/docs/release/userguide/index.rst index 41fcb1f..672c62c 100644 --- a/docs/release/userguide/index.rst +++ b/docs/release/userguide/index.rst @@ -10,4 +10,4 @@ OPNFV Clover Design Specification .. toctree:: :maxdepth: 1 - Fraser-userguide + userguide diff --git a/docs/release/userguide/userguide.rst b/docs/release/userguide/userguide.rst new file mode 100644 index 0000000..c01886e --- /dev/null +++ b/docs/release/userguide/userguide.rst @@ -0,0 +1,64 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. SPDX-License-Identifier CC-BY-4.0 +.. (c) Authors of Clover + + +================================================================ +Clover User Guide (Fraser Release) +================================================================ + +This document provides the Clover user guide for OPNFV Fraser release. + +.. contents:: + :depth: 3 + :local: + + +Description +=========== + +As project Clover's first release, Fraser release includes installation +and simple validation of foundational upstream projects including Istio, +fluentd, Jaeger, and Prometheus. Clover Fraser release also provides a +sample VNF which follows micro-service design pattern, its Kubernetes +manifest, and an automatic scipt to demonstrate a sample A-B testing use +case using the sample VNF running on Istio with trace data exposed to +Jaeger running in istio-system namespace. + +What is in Fraser? +================== + + * a sample micro-service composed VNF + + * logging module: fluentd and elasticsearch Kubernetes manifests, + and fluentd installation validation + + * tracing module: jaeger Kubernetes manifest, installation validation, + jaegar tracing query tools, module for trace data output to datastore + + * monitoring module: prometheus Kubernetes manifest, installation + validation, sample Prometheous query of Istio related metrics + + * Istio route-rules sample yaml and validation tools + + * Test scripts + + * Sample code for an A-B testing demo shown during ONS + +Usage +===== + + * Python modules to validate installation of fluentd, Jaeger, and + Prometheus + + * Installation and deployment of a sample VNF + - VNF designed and implemented with micro-service design pattern + - tested and validated via Istio service mesh tools + + * sample tool to validate Istio route rules: + tools/python clover_validate_route_rules.py -s <service name> -t <test id> + + * an example use case: A-B testing: + test/fraser_a_b_test.py -t yaml/fraser_a_b_test.yaml -p <tracing port num> + *** detail procedure to run sample A-B testing at docs/configguide/... diff --git a/docs/tracing.rst b/docs/tracing.rst index 79d686c..b83274c 100644 --- a/docs/tracing.rst +++ b/docs/tracing.rst @@ -13,20 +13,26 @@ following command:: kubectl apply -n istio-system -f https://raw.githubusercontent.com/jaegertracing/jaeger-kubernetes/master/all-in-one/jaeger-all-in-one-template.yml The standard Jaeger REST port is at 16686. To make this service available outside of the -Kubernetes cluster, use the following command:: +Kubernetes cluster via any node IP in the cluster, use the following command:: kubectl expose -n istio-system deployment jaeger-deployment --port=16686 --type=NodePort -Kubernetes will expose the Jaeger service on another port, which can be found with:: +Kubernetes will expose the Jaeger service on another port from 30000-32767 and the assignment can +be found with:: kubectl get svc -n istio-system An example listing from the command above is shown below where the Jaeger service is exposed -externally on port 30888:: +externally on port 30888 in this case:: istio-system jaeger-deployment NodePort 10.104.113.94 <none> 16686:30888/TCP -Jaeger will be accessible using the host IP of the Kubernetes cluster and port provided. +Jaeger will be accessible using the host IP of any node in Kubernetes cluster and port provided. +With this method, the Jaeger UI will also be available from a remote host. If external access is +required to Jaeger but restricted to cluster localhost(s), an alternate method is to use the +**port-forward** command in the foreground, as shown below:: + + kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=jaeger -o jsonpath='{.items[0].metadata.name}') 16686:16686 ******** Validate @@ -40,5 +46,6 @@ It validates the installation with the following criteria: #. Existence of Jaeger all-in-one deployment using Kubernetes #. Jaeger service is accessible using IP address and port configured in installation steps -#. Jaeger can retrieve default service listing for default Istio components -#. TBD - consider installation of production setup with cassandra or elastic search +#. Optionally, if Jaeger can retrieve service listing for default Istio components + (istio-ingress, istio-mixer). At least one HTTP request must be sent to istio-ingress + after initial Jaeger deployment for this validation to function. diff --git a/samples/services/snort_ids/docker/grpc/snort_alerts.py b/samples/services/snort_ids/docker/grpc/snort_alerts.py index 4cb87e2..25d1738 100644 --- a/samples/services/snort_ids/docker/grpc/snort_alerts.py +++ b/samples/services/snort_ids/docker/grpc/snort_alerts.py @@ -14,7 +14,7 @@ from idstools import unified2 HOST_IP = 'redis' -PROXY_GRPC = 'proxy-access-control:50054' +# PROXY_GRPC = 'proxy-access-control:50054' logging.basicConfig(filename='alert.log', level=logging.DEBUG) @@ -34,7 +34,7 @@ reader = unified2.SpoolRecordReader("/var/log/snort", def sendGrpcAlert(event_id, redis_key): try: - channel = grpc.insecure_channel(PROXY_GRPC) + channel = grpc.insecure_channel('proxy-access-control:50054') stub = nginx_pb2_grpc.ControllerStub(channel) stub.ProcessAlerts(nginx_pb2.AlertMessage( event_id=event_id, redis_key=redis_key)) @@ -45,13 +45,15 @@ def sendGrpcAlert(event_id, redis_key): for record in reader: try: if isinstance(record, unified2.Event): - snort_event = "snort_event:" + str(record['event-id']) - r.sadd('snort_events', str(record['event-id'])) - r.hmset(snort_event, record) - sendGrpcAlert(str(record['event-id']), 'snort_events') - # elif isinstance(record, unified2.Packet): - # print("Packet:") + event = record + elif isinstance(record, unified2.Packet): + packet = record # elif isinstance(record, unified2.ExtraData): # print("Extra-Data:") + snort_event = "snort_event:" + str(record['event-id']) + r.sadd('snort_events', str(record['event-id'])) + event.update(packet) + r.hmset(snort_event, event) + sendGrpcAlert(str(record['event-id']), 'snort_events') except Exception as e: logging.debug(e) diff --git a/samples/services/snort_ids/docker/grpc/snort_server.py b/samples/services/snort_ids/docker/grpc/snort_server.py index 9ece832..223461a 100644 --- a/samples/services/snort_ids/docker/grpc/snort_server.py +++ b/samples/services/snort_ids/docker/grpc/snort_server.py @@ -33,10 +33,16 @@ class Controller(snort_pb2_grpc.ControllerServicer): # file_local = 'testfile' file_local = '/etc/snort/rules/local.rules' f = open(file_local, 'a') - rule = 'alert {} {} {} -> {} {} '.format( - r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \ - + '(msg:"{}"; content:{}; sid:{}; rev:{};)\n'.format( - r.msg, r.content, r.sid, r.rev) + if r.content: + rule = 'alert {} {} {} -> {} {} '.format( + r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \ + + '(msg:"{}"; content:{}; sid:{}; rev:{};)\n'.format( + r.msg, r.content, r.sid, r.rev) + else: + rule = 'alert {} {} {} -> {} {} '.format( + r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \ + + '(msg:"{}"; sid:{}; rev:{};)\n'.format( + r.msg, r.sid, r.rev) f.write(rule) f.close msg = "Added to local rules" |