| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Change-Id: I51fbdaf6991cb43a7cb1b2ce01099e0ed385df13
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
It must be done in two steps otherwise the mixer adapter may not
be initialized correctly.
Change-Id: Ie59e811fc287fbd52a007be45f0f9c74983149b3
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
Change-Id: I70b766fe26e750fef6a622344d69ad4f6e2b8962
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
- Incorporated feedback from doc reviews
- Fix some rendering issues
- Add redis inspect section
- Update SDC deploy instructions using Fraser release tag
Change-Id: I573dcd04066ad83b9c659fae645c65ab4aaa2007
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
|
|
- Document A-B sample validation script
- Remove redundant TOC in docs
- Provide reference links in SDC guide
- Additional edits to SDC guide
Change-Id: Id4135c99df688f7de1af18017c847a6546082bfc
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Provided some overall edits to user guide
- Fixed titles of index files for release notes and user guide
- Added links to SDC, A-B configuration guides and logging, tracing
and monitoring install/validation docs
Change-Id: I9a0e1e0a2c12b20400eec5a5642f7c5de2dbd7bf
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
the SDC application"
|
|
|
|
- Overview with micro-service diagram
- Source diagram file in GIMP with layers for editing by
others
- Deploying the sample
- Using the sample
- Exposing Jaeger Tracing and Prometheus monitoring browser
interfaces
- Modifying run-time micro-service configuration including
modifying load balancer server list and adding a custom snort rule
- Uninstalling the sample
- Updated overview with service description, table and traffic
flow description, general edits
- Link to A/B configuration guide and doc index file
- Additional edits
- Diagram for Jaeger UI with SDC
Change-Id: I5d851316c05a9e1bd48c8aab5511a98116e6893d
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
(Double commit from master:I89adbef74aa74071a055dcdf62aa0925e263ffe3,
gerrit 56167)
Change-Id: I86f12d5ba67f09177eca758c184c614ee9d6dd9d
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
|
|
|
|
[TBD]: link to configguide for sample VNF, link to A-B testing configguide
Change-Id: I89adbef74aa74071a055dcdf62aa0925e263ffe3
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
|
|
and on the SDC application
Change-Id: I6e1bd84a6d674a2c4c4484722b20415f5402a59c
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
|
|
- Fix bug with addition of content field in rule definition
that causes rules with a blank content fields to inhibit
snort from starting successfully.
- Write more of the packet data for snort alert into Redis
- Above includes X-Real-IP, X-Forwarded-For header fields
for http traffic from proxy that shows source IP
Some packet data is missing in alerts from snort.
Change-Id: I2c5c29e514d1ca9e8e5b9b3f7990afa87c6311b9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
|
|
|
|
Change-Id: I093fb995f108194367334c4215780b5884d0207a
Signed-off-by: rpaik <rpaik@linuxfoundation.org>
|
|
- cluster health is not red
- indics found
- log entry created by istio found
- requests in and out http load balance matches
pytest is used as the test runner and wrapped in `validate.py`
Change-Id: Iad540b69d05118fadc97df679cf3424513c15e38
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
|
|
|
|
|
|
Change-Id: Iebfb747450cc08e930eabd36a87670236b23ffff
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
- Exposed the 'content' field in the GRPC server AddRules method
- Allows the 'MALWARE-CNC User-Agent ASafaWeb Scan' signature
in the community rules to be copied to local rules
- Above ensures more deterministic alerts by snort each time
the signature is hit
- Added here to support the SDC configuration guide, which details
how to add this scan rule via GRPC client script
Change-Id: I6945c1e500075444134543bb9eb6003a03f1d5cc
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Added pip grpcio and argparse packages to docker build
- Allows service (nginx/snort) client sample scripts to be
executed using the Clover container without having to clone
the repo
Change-Id: Ifeda6d58a9a381cb80372255f41ad703a089ea4b
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
`BRANCH` is no longer required since we copy source code from working directory
instead of remote git repository.
Change-Id: I44776538a9efbca72e8d165e7790603cdafbe395
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
|
|
|
|
- Added deploy/clean scripts for use in Clover container
- Deployment of entire SDC scenario
- Deployment includes istio install for manual sidecar injection
without TLS authentication (deploy.sh)
- Added Jaeger tracing and Prometheus monitoring install (view.sh)
- Exposes NodePort for monitoring/tracing to access UIs outside
of cluster
- Clean.sh attempts to remove all of the above
Change-Id: Id9548a77d71465a814a6e0cb1cbdf02d37235590
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
Change-Id: Ibfe0002daff58d30e7fffbb8828d8853a7e963a6
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
Change-Id: Ieeaf87ab920f1862e3a1b9ac3316d387ff64954f
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
|
|
|
|
|
|
Pipfile.lock ensures a consistent environment
Change-Id: Id2e544c77a67ce8fa010fba9c357735496f62a26
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
Change-Id: Icbfe547697a8d879f4af8d9f9fbde2211b63129c
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
- Changed default Jaeger ports to 16686 for use with basic
kubernetes port-forward and CI scripts
- Added CLI to validate script to disable istio service check
by default. This requires at least a single http request
to istio-ingress after Jaeger deployment. It can be enabled
with 'python validate.py -s'. Port and IP address for Jaeger
can optionally be specified with '-ip' and '-port' options
- Modified tracing doc to add k8s port-forward example in addition
to k8s expose
Change-Id: I10fb4d3cccfa50370d44ed7446f67a49c538bba9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
Change-Id: I9e6c925744ed928f7a5c6fbe54942e8b3895b1b9
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
- Use a community yaml for redis in k8s as simple data store
- Redis can be used for tracing and also by the snort-ids
to store alerts that can be processed by other services
- If flannel is used, the redis CLI can be accessed on the
host OS with redis-cli -h <flannel ip>
- Within the k8s cluster, the redis service can be accessed with
DNS using name 'redis'
- The same yaml for redis is also included in toplevel manifest for SDC
scenario. Included here if intention is to use separately (tracing
only)
Change-Id: Ibad283a4cc8938fe01f5de6b7743bdb5511be3af
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
|
|
|
|
|
|
|
|
- install dependent deb/pip packages
- install basic tools istioctl, kubectl
- install clover source code
- build/upload docker image script
- update requirements.txt
- update module import path
- To use this image use need setup kube-config file.
e.g. `docker run -v /root/config:/root/.kube/config -it clover bash`
Change-Id: I91044bb99ce8e2b785ef03212d961a97b3d42233
Signed-off-by: QiLiang <liangqi1@huawei.com>
|
|
Change-Id: I20c85b7116cd2b29d0efcaae5ee0b0381a685bbb
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
- Modified snort-ids alert process to use k8s DNS name
'proxy-access-control' to align with SDC scenario naming
- Added default port 50054 to the manifest yaml template and
rendering script for communication with proxy-access-control
Change-Id: Ib04ee75e5d8ea9921b16b3b4469bed87b1cd2018
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Provide workaround to make nginx lb work properly
- nginx_client sample can modify default load balancing
from three to two servers at runtime
- Ensure port 9180 is used for default deploy for lb and
servers
- Modify render_yaml to specify deploy_name so that
clover-server1, 2, 3 can be used for default lb config
- Ensure proxy template is aligned to lb to allow the
source IP from originating host to be propagated to final
destination
- Fix default nginx proxy server_name to 'proxy-access-control'
and change default proxy destination to 'http-lb'
- Split lb service_type to 'lbv1' and 'lbv2' to provide an example
of how to modify the run-time configuration of the load balancer
after deployment - modify http-lb-v2 to use clover-server4/5 instead
of the defualt clover-server1/2/3 - modify http-lb-v1 to use
clover-server1/2 instead of 1/2/3
- Aligned pod IP retrival method with nginx_client.py
Change-Id: I73fa60a69c93ae1e82a477ef6283c00f67a21360
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Added missing k8s manifest yaml files for overall service delivery
controller scenario - cannot be deployed coherently without this manifest
- One file for private docker registry and one for opnfv
public registry
- Outlined in JIRA ticket CLOVER-16 and validated per
description
- Includes ingress rule, community redis pod/service and deployments
for http-lb (v1/v2), snort-ids, proxy-access-controller,
and clover-server1-5
- All above pod/deployment naming matches default container
configuration
- Tested with istio manual injection
Change-Id: Ia03782b38020d744ab00c99adbf4832d15bbd9f3
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
Stephen Wong
Aric Gardner
Yujun Zhang
Eddie Arrage
rpaik
Cédric Ollivier
QiLiang