FRINX VPP distribution

FRINX provides an FD.io distribution.
FD.io is an opensource project that among other things provides the Vector Packet Processor. More information at FD.io.
This page contains the details about FRINX fd.io distribution.

Features

Project imported from open source:

  •     VPP
    • No changes

Internal projects:

  •     VPP-monitoring-agent (magent)

Operations

CI/CD

There is a custom CI/CD pipeline for FRINX fd.io distribution. It is based on SBE .
The following diagram shows the relationships between FD.io and FD.FRINX.io:

SBE installation

Refer to SBE for FDio installation page for install instructions.

Deployment

The CI/CD lives in a dedicated VM inside Siecit.

The credentials and access is listed at the credentials page

The static IPs can be found at IP allocation page

Public access

Admin credentials for the services: admin (password: sbe4fdio, )

Installing binary packages

Instructions for consuming publicly available binary packages of FD.FRINX.io distribution

Centos7

In file:

/etc/yum.repos.d/frinx-fdio-release.repo

Set content:

[frinx-fdio-release] name=FRINX fd.io release branch latest merge baseurl=https://:@nexus.fd.frinx.io/nexus/content/repositories/fd.io.centos7/ enabled=1 gpgcheck=0 sslverify=0

Make sure to change the CustoemrID and password in the repository settings !!!

And the installation with YUM should be:

sudo yum install vpp vpp-plugins vpp-monitoring-agent

Jenkins jobs

The following diagrams list the jenkins jobs imported from opensource FD.io (green marks imported):

How-Tos

Releasing

The basic setup does not take care of release process. Releases have to be managed manually.

Basically, once we are happy with packages in the stable repository, we need to manually copy the over into a release repository.

FDio sync

There is no automated sync between FDio codebases and FRINX’s FDio forks.

In order to perform a sync, use the import_fdio.sh script from ci-management/frinx. It will update all specified projects, all branches.

Then triggering required merge jobs would build and deploy all the packages.

Adding customer account

Create the account by creating a an ldif file in the sbe container:

docker exec -it sbe-FDio-sbe vi /data/instances/FDio/ldap/customer.ldif

and pasting following content:

dn: uid=customer,ou=accounts,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person uid: customer cn: Generic Customer displayName: Generic Customer sn: customer givenName: Customer mail: nobody@exists.like.this userpassword: customer

Make sure to update the password

Save the file and invoke following command:

./sbe -i FDio run ldap-import customer.ldif

This will create the customer account. Delete the customer.ldif file from container.

Adding to customers group

Similarly to before, create ldif file:

docker exec -it sbe-FDio-sbe vi /data/instances/FDio/ldap/customerToGroup.ldif

and set the content to:

dn: cn=customers,ou=accounts,dc=example,dc=com objectClass: groupOfNames objectClass: top cn: customers member: uid=customer,ou=accounts,dc=example,dc=com

and ivoke the update:

./sbe -i FDio run ldap-import customerToGroup.ldif

In case the group already exists, set the content of customerToGroup to:

dn: cn=customers,ou=accounts,dc=example,dc=com changetype: Modify add: member member: uid=customer2,ou=accounts,dc=example,dc=com

and make sure to remove switch ‘-a’ from ldap-import script in sbe container

Configuring customers group rights

Nexus

In nexus open LDAP configuration and set the group mapping to:

Next go to Roles configuration and add an external mapping for LDAP:customers group and set its privileges to:

  • All Repositories (view)
  • All Repositories (read)
  • UI: Base UI
  • UI: Repository browser
  • UI: Search
  • Nexus YUM reader

and save.

Now its important to disable Anonymous access in the Server configuration in order to have customer private nexus repositories.

Jenkins

Jenkins default LDAP configuration is ready for the account groups. Enabling read only access to customers group can be configured in Global Security Settings under Authorization section:

Resources 1: http://fd.io

Diagrams on draw.io

ci-management fork for FD.FRINX.io