summaryrefslogtreecommitdiffstats
path: root/samples
AgeCommit message (Collapse)AuthorFilesLines
2018-08-29Bug fix in SDC after istio to 1.0.0Ace Lee1-12/+33
JIRA: CLOVER-84 There will be some Bug in SDC after we upgrade the Istio to 1.0.0 Istio 1.0 have some concept, for example : virtualservice gateway. So we change the yaml file using the 1.0.0 concepts. Add mirror function Change-Id: Id138cfec2c7d94b44eb508a056c91e193ac1b08b Signed-off-by: Ace Lee <liyin11@huawei.com>
2018-08-10upgrade istio to 1.0.0Ace Lee1-1/+1
JIRA: CLOVER-84 we change the env in clover and change some deploy script. will upgrade the doc later Change-Id: I73a78afb91676efc3278b623c5d263a4a215ccd9 Signed-off-by: Ace Lee <liyin11@huawei.com>
2018-08-01Merge "Adding cassandra service with a separate yaml file."Stephen Wong1-1/+0
2018-08-01Merge "Adding clearwater IMS yaml and clearwater live test dockerfile to ↵Stephen Wong14-0/+363
test istio service-mesh"
2018-07-23Adding cassandra service with a separate yaml file.iharijono1-1/+0
- Left the file samples/scenarios/service_delivery_controller_opnfv.yaml unchanged. - Added a yaml definition of Cassandra StatefulSet and its service into a separate file under tools directory - Cassandra Service run with 1 replica - Deleted 'data-plane-ns' and use 'default' instead for cassandra containers. - Revoked changes for samples/scenarios/service_delivery_controller_opnfv.yaml. - Added new line (Wutien suggested it) JIRA: CLOVER-000 Change-Id: I2bb4249cf2523f5011d6fefc69dc469a90e20eaf Signed-off-by: iharijono <indra.harijono@huawei.com>
2018-05-30Adding clearwater IMS yaml and clearwater live test dockerfile to test istio ↵Muhammad Shaikh (Salman)14-0/+363
service-mesh Checking into CLEARWATER_ISTIO branch This part of the project is intended to validate the clearwater IMS with istio service-mesh. Change-Id: Ia5ba86301a363fcf9cfe0bac525606b0d897713e Signed-off-by: Muhammad Shaikh (Salman) <muhammad.shaikh@huawei.com>
2018-05-28fix the sdc sample deploy issuewutianwei4-4/+4
there is a issue "No module named google.protobuf", when trying to run the services docker. Add the protobuf in services Dockerfile. Change-Id: I280dc1d5908bcec784e9e1e7c4d07e145f092cdb Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-04-24Fix snort rule with blank content & WR packet in alertEddie Arrage2-12/+20
- Fix bug with addition of content field in rule definition that causes rules with a blank content fields to inhibit snort from starting successfully. - Write more of the packet data for snort alert into Redis - Above includes X-Real-IP, X-Forwarded-For header fields for http traffic from proxy that shows source IP Some packet data is missing in alerts from snort. Change-Id: I2c5c29e514d1ca9e8e5b9b3f7990afa87c6311b9 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-17Merge "Extended snort rule add to allow content field"Stephen Wong4-11/+36
2018-04-16Extended snort rule add to allow content fieldEddie Arrage4-11/+36
- Exposed the 'content' field in the GRPC server AddRules method - Allows the 'MALWARE-CNC User-Agent ASafaWeb Scan' signature in the community rules to be copied to local rules - Above ensures more deterministic alerts by snort each time the signature is hit - Added here to support the SDC configuration guide, which details how to add this scan rule via GRPC client script Change-Id: I6945c1e500075444134543bb9eb6003a03f1d5cc Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-13Add SDC deploy/clean scriptsEddie Arrage3-0/+80
- Added deploy/clean scripts for use in Clover container - Deployment of entire SDC scenario - Deployment includes istio install for manual sidecar injection without TLS authentication (deploy.sh) - Added Jaeger tracing and Prometheus monitoring install (view.sh) - Exposes NodePort for monitoring/tracing to access UIs outside of cluster - Clean.sh attempts to remove all of the above Change-Id: Id9548a77d71465a814a6e0cb1cbdf02d37235590 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Merge "Fix Nginx lb in k8s/istio"Stephen Wong5-24/+56
2018-04-05Merge "Added toplevel manifests for SDC sample scenario"Stephen Wong2-1/+722
2018-04-04Aligned snort-ids default config for SDC scenarioEddie Arrage3-4/+12
- Modified snort-ids alert process to use k8s DNS name 'proxy-access-control' to align with SDC scenario naming - Added default port 50054 to the manifest yaml template and rendering script for communication with proxy-access-control Change-Id: Ib04ee75e5d8ea9921b16b3b4469bed87b1cd2018 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-03Fix Nginx lb in k8s/istioEddie Arrage5-24/+56
- Provide workaround to make nginx lb work properly - nginx_client sample can modify default load balancing from three to two servers at runtime - Ensure port 9180 is used for default deploy for lb and servers - Modify render_yaml to specify deploy_name so that clover-server1, 2, 3 can be used for default lb config - Ensure proxy template is aligned to lb to allow the source IP from originating host to be propagated to final destination - Fix default nginx proxy server_name to 'proxy-access-control' and change default proxy destination to 'http-lb' - Split lb service_type to 'lbv1' and 'lbv2' to provide an example of how to modify the run-time configuration of the load balancer after deployment - modify http-lb-v2 to use clover-server4/5 instead of the defualt clover-server1/2/3 - modify http-lb-v1 to use clover-server1/2 instead of 1/2/3 - Aligned pod IP retrival method with nginx_client.py Change-Id: I73fa60a69c93ae1e82a477ef6283c00f67a21360 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-03Added toplevel manifests for SDC sample scenarioEddie Arrage2-1/+722
- Added missing k8s manifest yaml files for overall service delivery controller scenario - cannot be deployed coherently without this manifest - One file for private docker registry and one for opnfv public registry - Outlined in JIRA ticket CLOVER-16 and validated per description - Includes ingress rule, community redis pod/service and deployments for http-lb (v1/v2), snort-ids, proxy-access-controller, and clover-server1-5 - All above pod/deployment naming matches default container configuration - Tested with istio manual injection Change-Id: Ia03782b38020d744ab00c99adbf4832d15bbd9f3 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-03-31Merge "Added initial nginx services"Stephen Wong20-0/+1255
2018-03-31Develop snort IDS and content inspect serviceEddie Arrage17-0/+1319
- Initial commit to show potential structure of a sample service - This wil be part of a larger sample application currently dubbed Service Delivery Controller - Docker container needs to be built and employs open-source Linux packages - Service is deployable in Istio service mesh using provided yaml - Control snort daemon and add custom rules with GRPC messaging - Process snort alerts actively and send to redis and upstream service mesh components - Integrates a web server for better HTTP signature detection - Improved build script for CI with variables - Render k8s yaml snort manifest dynamically with command line options - Improve snort_client sample script for runtime modifications including passing args on CLI, error checking - Update nginx proxy interface - Added logging to snort server and alert process Change-Id: Ic56f9fcd9ed21f64b84b85ac8ee280d69af7b7c9 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-03-30Added initial nginx servicesEddie Arrage20-0/+1255
- Proxy allows ingress traffic to be sent to another element in service mesh - Mirroring is also in the default configuration - Default configuration is to proxy to a clover-server and mirror to snort-ids - A location_path (URI in HTTP requests) can be reconfigured to restrict proxing; default to '/' - A proxy_path can be reconfigured to specify an alternate destination - A mirror path can be reconfigured to specify where traffic will be spanned - The default server_port (listen port) for the proxy is 9180 but can be reconfigured - The default server_name is http-proxy but can be reconfigured - Reconfiguration is done over GRPC with jinja2 template for nginx - Currently snort ids sends alerts to proxy with stub code in GRPC - Refactored the code to have a nginx base with subservices - Proxy, Load Balancer (lb), and Server can share code - mainly GRPC server - Nginx subservices have separate docker builds - Improved build scripts for CI - Render yaml manifests dynamically - Improve nginx_client for runtime modifications (but not really useful yet) Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>