Introduction
Environment
This OpenNSA development is done on an Ubuntu desktop machine. While it is possible to run most components from a MacOS or a Windows machine, this is not supported, and not described in this document. At the time this document was written, the version is the Ubuntu desktop is 17.10 (artful).
This Ubuntu environment should be able to forward IP packets. You can enable this in your Ubuntu Desktop as follows:
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sudo sysctl -p /etc/sysctl.conf
You will be using two GIT repositories, the JRA2 OpenNSA repository and the JRA2 OpenNSA Test repository. Our scripts and Docker containers need to be able to find these repositories, so two environment variables need to always exist in any runtime environment. Put them in /etc/environment thusly:
sudo vi /etc/environment
...
OPENNSA=/data/dev/opennsa
TESTOPENNSA=/data/dev/testopennsa
Next, we need to provide PostgreSQL some credentials (passwords). You do not want to have to enter the password every time you start the database! So create a file ~/.pgpass, and give it the following content:
# ~/.pgpass
# hostname:port:database:username:password
10.50.0.100:5432:*:opennsa:secretpassword
localhost:5432:*:opennsa:secretpassword
This means we will be using user 'opennsa', who has a very secret password.
Running the OpenNSA cli (Command-Line-Interface) onsa can be touch since it requires so many input parameters. Fortunately you can set reasonable defaults in the file ~/.opennsa-cli:
# ~/.opennsa-cli
bandwidth=5000
host=10.50.0.1
port=7080
starttime=+6000
endtime=+16000
timeout=6000
httptimeout=6000
nsa=main,gts.nsi.geant.net:nsa,http://10.50.0.7:9443/NSI/services/CS2
nsa=domain1,nsi1.domain1:nsa,http://10.50.0.2:9445/NSI/services/CS2
Lastly, to avoid having to store credentials for the supported (test-) routers and switches in the OpenNSA JRA2 repository a patch was made so OpenNSA support a credentials file ~/.opennsa-credentials.conf:
[service]
dbuser=opennsa
dbpassword=secretpassword
[junosspace]
space_user=super
space_password=secretpassword
So now we are done configuring our environment, it's time to install Docker.
Installing Docker
We install docker from the source, not from the ubuntu repositories which can be outdated. Although the documentation at docker.com are more complete, the following commands will get your going
sudo apt-get update
sudo apt-get install \
linux-image-extra-$(uname -r) \
linux-image-extra-virtual
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install docker-ce
sudo docker run hello-world
The last command will verify if your docker installation is up-and-running. It will download the 'hello-world' image from the central Docker image repository, create a container using that image and start that container.
Creating an OpenNSA image from a Dockerfile
The openNSA requirements are pretty low (python 2.7 twisted app), so creating the following dockerfile was easy:
FROM ubuntu
MAINTAINER Jan van Oorschot
RUN apt-get update
RUN apt-get install -y python python-pip libssl-dev
# some packages usefull for development (not for production
RUN apt-get install -y tar git curl nano wget dialog net-tools build-essential
ADD . /opennsa
WORKDIR /opennsa
RUN pip install -r /opennsa/build/config/requirements.txt
ENV PYTHONPATH=/opennsa
CMD twistd -ny /opennsa/build/config/opennsa1.tac
From this dockerfile, a docker image is created
docker build -t opennsa_img -f build/config/docker/Dockerfile .
Run openNSA Docker images using docker-compose
You can create a single docker container (virtual machine)
with a command like:
docker run -p 9080:9080 opennsa_img
wget http://localhost:9080/NSI/discovery.xml
However, normally you want do start multiple containers
with a more advanced configuration per container. For
this, we use docker-compose (a python module):
pip install docker-compose
A simple docker-compose.yml (it runs only one container) looks like this:
version: '2'
services:
opennsa1:
image: opennsa_img
environment:
- PYTHONPATH=/opennsa
volumes:
- .:/opennsa
extra_hosts:`
- "dockerhost:172.17.0.1"
command: twistd -ny /opennsa/build/config/opennsa1.tac
ports:
- "9080:9080"
And this docker-compose.yml can be run using:
cd /data/opennsa
docker-compose up
When you want to connect to a running container, you can use
the following:
docker ps <look up the name of the running container>
docker exec -i -t opennsa1 /bin/bash
A more realistic openNSA Docker setup
When simulating the GTS network of openNSA nodes, the nodes have to be able to contact each other. So we are going to assign them their own network (only two hosts are shown):
version: '2'
services:
opennsa-ams:
container_name: opennsa-ams
hostname: opennsa-ams
image: opennsa_img:latest
environment:
- PYTHONPATH=/opennsa
volumes:
- .:/opennsa
extra_hosts:
- "dockerhost:10.50.0.1"
ports:x
- "9445:9445"
networks:
vpcbr:
ipv4_address: 10.50.0.2
command: twistd -ny build/config/gts/opennsa-ams-dud.tac
opennsa-bra:
container_name: opennsa-bra
hostname: opennsa-bra
image: opennsa_img:latest
environment:
- PYTHONPATH=/opennsa
volumes:
- .:/opennsa
extra_hosts:
- "dockerhost:10.50.0.1"
ports:x
- "9447:9447"
networks:
vpcbr:
ipv4_address: 10.50.0.3
command: twistd -ny build/config/gts/opennsa-ams-dud.tac
networks:
vpcbr:
driver: bridge
ipam:
config:
- subnet: 10.50.0.0/16
gateway: 10.50.0.1
Some configuration is needed for the nodes defined above (using opennsa-ams as an example).
Each of the OpenNSA nodes need their own database:
cd /data/opennsa
sudo -u postgres createdb -O opennsa opennsa-ams
sudo -u postgres psql -U opennsa -W opennsa-ams < datafiles/schema.sql
Each of the nodes need their own configuration files:
- opennsa-ams-dud.tac: The twisted startup file, points to .conf
- opennsa-ams-dud.conf: Node configuration, points to .nrm
- opennsa-ams-top.nrm: Node topology