Using disk image builder to create rapid VM

All files are now availavle to build a qcow2 image using disk image builder.
This image is based on centos 7. DPDK and PROX are installed together
with some optimizations.

Change-Id: I61aa91206ea7f8b3b6a3ff7d490d1804e7e784c8
Signed-off-by: Luc Provoost <[email protected]>

rapidvm/README.rst

@@ -0,0 +1,38 @@
+RAPID VM IMAGE
+++++++++++++++
+
+This repo will build a centos 7 image with dpdk and prox installed.
+Optimizations for dpdk will also be done.
+
+BUILD INSTRUCTIONS
+==================
+
+Build the image
+---------------
+- cd dib
+- update the version number for the image (if needed) by modifying __version__ in build-image.sh
+- setup your http_proxy if needed
+- bash build-image.sh
+
+IMAGE INSTANCE AND CONFIG
+=========================
+
+VM Requirements
+---------------
+The instance must be launched with:
+- 1 network interface for the management network
+- at least 1 interface for the dataplane networks
+- at least 4 vCPUs
+- 4 GB RAM
+- cpu pinning set to exclusive
+
+Auto-configuration
+------------------
+The rapid scripts will configure the prox instances and drive the testing.
+
+
+Hardcoded Username and Password
+--------------------------------
+In case of problems, you can ssh into the VM:
+- Username: rapid
+- Password: rapid

rapidvm/dib/build-image.sh

@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# A shell script to build the PROX VM image using diskimage-builder
+#
+usage() {
+    echo "Usage: $0 [-v]"
+    echo "   -v    verify only (build but do not push to google storage)"
+    exit 1
+}
+
+# Takes only 1 optional argument
+if [ $# -gt 1 ]; then
+   usage
+fi
+verify_only=0
+
+if [ $# -eq 1 ]; then
+   if [ $1 = "-v" ]; then
+        verify_only=1
+    else
+        usage
+    fi
+fi
+set -e
+
+# Artifact URL
+gs_url=artifacts.opnfv.org/samplevnf/images
+
+# image version number
+__version__=0.01
+image_name=rapid-$__version__
+
+# if image exists skip building
+echo "Checking if image exists in google storage..."
+if  command -v gsutil >/dev/null; then
+    if gsutil -q stat gs://$gs_url/$image_name.qcow2; then
+        echo "Image already exists at http://$gs_url/$image_name.qcow2"
+        echo "Build is skipped"
+        exit 0
+    fi
+    echo "Image does not exist in google storage, starting build..."
+    echo
+else
+    echo "Cannot check image availability in OPNFV artifact repository (gsutil not available)"
+fi
+
+# check if image is already built locally
+if [ -f $image_name.qcow2 ]; then
+    echo "Image $image_name.qcow2 already exists locally"
+else
+
+    # install diskimage-builder
+    if [ -d dib-venv ]; then
+        . dib-venv/bin/activate
+    else
+        virtualenv dib-venv
+        . dib-venv/bin/activate
+        pip install diskimage-builder
+    fi
+    # Add rapid elements directory to the DIB elements path
+    export ELEMENTS_PATH=`pwd`/elements
+    # canned user/password for direct login
+    export DIB_DEV_USER_USERNAME=prox
+    export DIB_DEV_USER_PASSWORD=prox
+    export DIB_DEV_USER_PWDLESS_SUDO=Y
+    # Set the data sources to have ConfigDrive only
+    export DIB_CLOUD_INIT_DATASOURCES="Ec2, ConfigDrive, OpenStack"
+    # Use ELRepo to have latest kernel
+    export DIB_USE_ELREPO_KERNEL=True
+    echo "Building $image_name.qcow2..."
+    time disk-image-create -o $image_name centos7 cloud-init rapid vm
+fi
+
+ls -l $image_name.qcow2
+
+
+if [ $verify_only -eq 1 ]; then
+    echo "Image verification SUCCESS"
+    echo "NO upload to google storage (-v)"
+else
+    if command -v gsutil >/dev/null; then
+        echo "Uploading $image_name.qcow2..."
+        gsutil cp $image_name.qcow2 gs://$gs_url/$image_name.qcow2
+        echo "You can access to image at http://$gs_url/$image_name.qcow2"
+    else
+        echo "Cannot upload new image to the OPNFV artifact repository (gsutil not available)"
+        exit 1
+    fi
+fi

rapidvm/dib/elements/rapid/element-deps

@@ -0,0 +1,5 @@
+vm
+cloud-init-datasources
+install-static
+package-installs
+devuser

rapidvm/dib/elements/rapid/package-installs.yaml

@@ -0,0 +1,20 @@
+deltarpm:
+yum-utils:
+git:
+wget:
+gcc:
+unzip:
+libpcap-devel:
+ncurses-devel:
+libedit-devel:
+lua-devel:
+kernel-devel:
+iperf3:
+pciutils:
+numactl-devel:
+vim:
+tuna:
+openssl-devel:
+wireshark:
+make:
+driverctl:

rapidvm/dib/elements/rapid/post-install.d/40-mlib

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2021 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+MULTI_BUFFER_LIB_VER="0.52"
+BUILD_DIR="/opt/rapid"
+export AESNI_MULTI_BUFFER_LIB_PATH="${BUILD_DIR}/intel-ipsec-mb-${MULTI_BUFFER_LIB_VER}"
+# Downloading the Multi-buffer library. Note that the version to download is linked to the DPDK version being used
+pushd ${BUILD_DIR} > /dev/null 2>&1
+wget https://www.nasm.us/pub/nasm/releasebuilds/2.14.02/linux/nasm-2.14.02-0.fc27.x86_64.rpm
+rpm -ivh nasm-2.14.02-0.fc27.x86_64.rpm
+wget https://github.com/01org/intel-ipsec-mb/archive/v${MULTI_BUFFER_LIB_VER}.zip
+unzip v${MULTI_BUFFER_LIB_VER}.zip
+pushd ${AESNI_MULTI_BUFFER_LIB_PATH}
+make -j`getconf _NPROCESSORS_ONLN`
+make install
+popd > /dev/null 2>&1
+popd > /dev/null 2>&1

rapidvm/dib/elements/rapid/post-install.d/50-compile-dpdk

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2021 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# pick up the kernel version for the target image
+BUILD_DIR="/opt/rapid"
+export RTE_SDK="${BUILD_DIR}/dpdk"
+export RTE_TARGET="x86_64-native-linuxapp-gcc"
+
+LATEST_KERNEL_INSTALLED=`ls -v1 /lib/modules/ | tail -1`
+export RTE_KERNELDIR="/lib/modules/${LATEST_KERNEL_INSTALLED}/build"
+
+pushd ${RTE_SDK} > /dev/null 2>&1
+make config T=${RTE_TARGET}
+#sed -i 's/CONFIG_RTE_EAL_IGB_UIO=n/CONFIG_RTE_EAL_IGB_UIO=y/g' ${RTE_SDK}/build/.config
+#sed -i 's/CONFIG_RTE_LIBRTE_PMD_AESNI_MB=n/CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y/g' ${RTE_SDK}/build/.config
+sed -i 's/CONFIG_RTE_APP_TEST=y/CONFIG_RTE_APP_TEST=n/g' ${RTE_SDK}/build/.config
+sed -i 's/CONFIG_RTE_TEST_PMD=y/CONFIG_RTE_TEST_PMD=n/g' ${RTE_SDK}/build/.config
+sed -i 's/CONFIG_RTE_TEST_BBDEV=y/CONFIG_RTE_TEST_BBDEV=n/g' ${RTE_SDK}/build/.config
+sed -i 's/CONFIG_RTE_APP_COMPRESS_PERF=y/CONFIG_RTE_APP_COMPRESS_PERF=n/g' ${RTE_SDK}/build/.config
+sed -i 's/CONFIG_RTE_APP_CRYPTO_PERF=y/CONFIG_RTE_APP_CRYPTO_PERF=n/g' ${RTE_SDK}/build/.config
+#sed -i 's/CONFIG_RTE_APP_EVENTDEV=y/CONFIG_RTE_APP_EVENTDEV=n/g' ${RTE_SDK}/build/.config
+make -j`getconf _NPROCESSORS_ONLN`
+popd > /dev/null 2>&1

rapidvm/dib/elements/rapid/post-install.d/60-compile-prox

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2021 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+BUILD_DIR="/opt/rapid"
+export RTE_SDK="${BUILD_DIR}/dpdk"
+export RTE_TARGET="build"
+pushd ${BUILD_DIR}/samplevnf/VNFs/DPPD-PROX > /dev/null 2>&1
+make -j`getconf _NPROCESSORS_ONLN`
+cp ${BUILD_DIR}/samplevnf/VNFs/DPPD-PROX/build/app/prox ${BUILD_DIR}/prox
+cp helper-scripts/rapid/check_prox_system_setup.sh ${BUILD_DIR}
+cp helper-scripts/rapid/check-prox-system-setup.service ${BUILD_DIR}
+cp helper-scripts/rapid/sharkproxlog.sh ${BUILD_DIR}
+cp helper-scripts/rapid/deploycentostools.sh ${BUILD_DIR}
+popd > /dev/null 2>&1

rapidvm/dib/elements/rapid/post-install.d/70-os-cfg

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2021 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+BUILD_DIR="/opt/rapid"
+# huge pages to be used by DPDK
+sh -c '(echo "vm.nr_hugepages = 1024") > /etc/sysctl.conf'
+
+sh -c '(echo "options vfio enable_unsafe_noiommu_mode=1") > /etc/modprobe.d/vfio.conf'
+sh -c '(echo "vfio") > /etc/modules-load.d/vfio.conf'
+sh -c '(echo "vfio-pci") > /etc/modules-load.d/vfio.conf'
+# Enabling tuned with the realtime-virtual-guest profile
+pushd ${BUILD_DIR} > /dev/null 2>&1
+#wget http://linuxsoft.cern.ch/cern/centos/7/rt/x86_64/Packages/tuned-profiles-realtime-2.8.0-5.el7_4.2.noarch.rpm
+wget http://linuxsoft.cern.ch/cern/centos/7/rt/x86_64/Packages/tuned-profiles-realtime-2.9.0-1.el7_5.2.noarch.rpm
+#wget http://linuxsoft.cern.ch/cern/centos/7/rt/x86_64/Packages/tuned-profiles-nfv-guest-2.8.0-5.el7_4.2.noarch.rpm
+wget http://linuxsoft.cern.ch/cern/centos/7/rt/x86_64/Packages/tuned-profiles-nfv-guest-2.9.0-1.el7_5.2.noarch.rpm
+# Install with --nodeps. The latest CentOS cloud images come with a tuned version higher than 2.8. These 2 packages however
+# do not depend on v2.8 and also work with tuned 2.9. Need to be careful in the future
+#rpm -ivh ${BUILD_DIR}/tuned-profiles-realtime-2.8.0-5.el7_4.2.noarch.rpm --nodeps
+#rpm -ivh ${BUILD_DIR}/tuned-profiles-nfv-guest-2.8.0-5.el7_4.2.noarch.rpm --nodeps
+rpm -ivh ${BUILD_DIR}/tuned-profiles-realtime-2.9.0-1.el7_5.2.noarch.rpm --nodeps
+rpm -ivh ${BUILD_DIR}/tuned-profiles-nfv-guest-2.9.0-1.el7_5.2.noarch.rpm --nodeps
+# Although we do no know how many cores the VM will have when begin deployed for real testing, we already put a number for the
+# isolated CPUs so we can start the realtime-virtual-guest profile. If we don't, that command will fail.
+# When the VM will be instantiated, the check_kernel_params service will check for the real number of cores available to this VM
+# and update the realtime-virtual-guest-variables.conf accordingly.
+echo "isolated_cores=1-3" | tee -a /etc/tuned/realtime-virtual-guest-variables.conf
+tuned-adm profile realtime-virtual-guest
+
+# Install the check_tuned_params service to make sure that the grub cmd line has the right cpus in isolcpu. The actual number of cpu's
+# assigned to this VM depends on the flavor used. We don't know at this time what that will be.
+chmod +x ${BUILD_DIR}/check_prox_system_setup.sh
+mv ${BUILD_DIR}/check_prox_system_setup.sh /usr/local/libexec/
+mv ${BUILD_DIR}/check-prox-system-setup.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl enable check-prox-system-setup.service
+popd > /dev/null 2>&1

rapidvm/dib/elements/rapid/post-install.d/80-change-permissions

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2021 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+BUILD_DIR="/opt/rapid"
+chmod ugo+rwx ${BUILD_DIR}

rapidvm/dib/elements/rapid/post-install.d/81-clean-rpms

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2021 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+BUILD_DIR="/opt/rapid"
+rm ${BUILD_DIR}/tuned-profiles-realtime-2.9.0-1.el7_5.2.noarch.rpm
+rm ${BUILD_DIR}/tuned-profiles-nfv-guest-2.9.0-1.el7_5.2.noarch.rpm
+rm ${BUILD_DIR}/nasm-2.14.02-0.fc27.x86_64.rpm

rapidvm/dib/elements/rapid/source-repository-dpdk

@@ -0,0 +1 @@
+dpdk tar /opt/rapid/dpdk http://fast.dpdk.org/rel/dpdk-20.05.tar.gz *

rapidvm/dib/elements/rapid/source-repository-samplevnf

@@ -0,0 +1 @@
+samplevnf git /opt/rapid/samplevnf https://git.opnfv.org/samplevnf

rapidvm/dib/verify-image.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# A shell script to verify that a VM image is present in google storage
+# If not present in google storage, verify it is present locally
+# If not present locally, build it but do not uplaod to google storage
+
+bash build-image.sh -v

tox.ini

@@ -6,12 +6,14 @@ envlist =
 skipsdist = true
 
 [testenv:docs]
+basepython = python3
 deps = -rdocs/requirements.txt
 commands =
     sphinx-build -b html -n -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/html
     echo "Generated docs available in {toxinidir}/docs/_build/html"
 whitelist_externals = echo
 
 [testenv:docs-linkcheck]
+basepython = python3
 deps = -rdocs/requirements.txt
 commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/linkcheck