ADDs: adding new information from wiki TFS

This page describes how to configure a VM for running ETSI TeraFlowSDN(TFS) controller using [OpenStack](https://www.openstack.org/). It has been tested with OpenStack Kolla up to Yoga version. 

# Create a Security Group in OpenStack

In OpenStack, go to Project - Network - Security Groups - Create Security Group with name TFS

Add the following rules:

|Direction  |Ether Type |IP Protocol |Port Range | Remote IP Prefix|

|-----------|-----------|------------|-----------|-----------------|

|Ingress	|IPv4	|TCP	|22 (SSH)	|0.0.0.0/0|

|Ingress	|IPv4	|TCP	|2200	|0.0.0.0/0|	

|Ingress	|IPv4	|TCP	|8080	|0.0.0.0/0|	

|Ingress	|IPv4	|TCP	|80	|0.0.0.0/0|

|Egress	|IPv4	|Any	|Any	|0.0.0.0/0|	

|Egress	|IPv6	|Any	|Any	|::/0|

__Note__: The IP address will be assigned depending on the network you have configured inside OpenStack. This IP will have to be modified in TeraFlow configuration files which by default use IP 10.0.2.10

# Create a flavour

## From dashboard (Horizon)

Go to Admin - Compute - Flavors and press Create Flavor

- Name: TFS

- VCPUs: 4

- RAM (MB): 8192

- Root Disk (GB): 60

## From CLI

```

 openstack flavor create TFS --id auto --ram 8192 --disk 60 --vcpus 8

```

# Create an instance in OpenStack:

- Instance name: TFS-VM

- Origin: [Ubuntu-22.04 cloud image] (https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img)

- Create new volume: No

- Flavor: TFS

- Networks: extnet 

- Security Groups: TFS

- Configuration: Include the following cloud-config

```

#cloud-config

# Modifies the password for the VM instance

username: ubuntu

password: <your-password>

chpasswd: { expire: False }

ssh_pwauth: True

```

## Upgrade the Ubuntu distribution

```bash

sudo apt-get update -y

sudo apt-get dist-upgrade -y

```

- If asked to restart services, restart the default ones proposed.

- Restart the VM when the installation is completed.

This page describes how to configure a VM for running ETSI TeraFlowSDN(TFS) controller using [Oracle VirtualBox](https://www.virtualbox.org/). It has been tested with VirtualBox up to version 6.1.40 r154048.

# Create a NAT Network in VirtualBox

In "Oracle VM VirtualBox Manager", Menu "File > Preferences... > Network", create a NAT 

network with the following specifications:

|Name       |CIDR       |DHCP    |IPv6    |

|-----------|-----------|--------|--------|

|TFS-NAT-Net|10.0.2.0/24|Disabled|Disabled|

Within the newly created "TFS-NAT-Net" NAT network, configure the following IPv4 

forwarding rules:

|Name|Protocol|Host IP  |Host Port|Guest IP |Guest Port|

|----|--------|---------|---------|---------|----------|

|SSH |TCP     |127.0.0.1|2200     |10.0.2.10|22        |

|HTTP|TCP     |127.0.0.1|8080     |10.0.2.10|80        |

__Note__: IP address 10.0.2.10 is the one that will be assigned to the VM.

# Create VM in VirtualBox:

- Name: TFS-VM

- Type/Version: Linux / Ubuntu (64-bit)

- CPU (*): 4 vCPUs @ 100% execution capacity

- RAM: 8 GB

- Disk: 60 GB, Virtual Disk Image (VDI), Dynamically allocated

- Optical Drive ISO Image: "ubuntu-22.04.X-live-server-amd64.iso"

  - Download the latest Long Term Support (LTS) version of the *Ubuntu Server* image from [Ubuntu 22.04 LTS](https://releases.ubuntu.com/22.04/), e.g., "ubuntu-22.04.X-live-server-amd64.iso".

  - __Note__: use Ubuntu Server image instead of Ubuntu Desktop to create a lightweight VM.

- Network Adapter 1 (*): enabled, attached to NAT Network "TFS-NAT-Net"

- Minor adjustments (*):

  - Audio: disabled

  - Boot order: disable "Floppy"

__Note__: (*) settings to be editing after the VM is created.

# Install Ubuntu 22.04 LTS Operating System

In "Oracle VM VirtualBox Manager", start the VM in normal mode, and follow the 

installation procedure.

Below we provide some installation guidelines:

- Installation Language: English

- Autodetect your keyboard

- If asked, select "Ubuntu Server" (do not select "Ubuntu Server (minimized)").

- Configure static network specifications:

|Interface|IPv4 Method|Subnet     |Address  |Gateway |Name servers   |Search domains|

|---------|-----------|-----------|---------|--------|---------------|--------------|

|enp0s3   |Manual     |10.0.2.0/24|10.0.2.10|10.0.2.1|8.8.8.8,8.8.4.4|<empty>       |

- Leave proxy and mirror addresses as they are

- Let the installer self-upgrade (if asked).

- Use an entire disk for the installation

  - Disable setup of the disk as LVM group

  - Double check that NO swap space is allocated in the partition table. Kubernetes does not work properly with SWAP.

- Configure your user and system names:

  - User name: TeraFlowSDN

  - Server's name: tfs-vm

  - Username: tfs

  - Password: tfs123

- Install Open SSH Server

  - Import SSH keys, if any.

- Featured Server Snaps

  - Do not install featured server snaps. It will be done manually later to illustrate how to uninstall and reinstall them in case of trouble with.

- Let the system install and upgrade the packages.

  - This operation might take some minutes depending on how old is the Optical Drive ISO image you use and your Internet connection speed.

- Restart the VM when the installation is completed.

## Upgrade the Ubuntu distribution

```bash

sudo apt-get update -y

sudo apt-get dist-upgrade -y

```

- If asked to restart services, restart the default ones proposed.

- Restart the VM when the installation is completed.

## Install VirtualBox Guest Additions

On VirtualBox Manager, open the VM main screen. If you are running the VM in headless 

mode, right click over the VM in the VirtualBox Manager window and click "Show".

If a dialog informing about how to leave the interface of the VM is shown, confirm 

pressing "Switch" button. The interface of the VM should appear.

Click menu "Device > Insert Guest Additions CD image..."

On the VM terminal, type:

```bash

sudo apt-get install -y linux-headers-$(uname -r) build-essential dkms

  # This command might take some minutes depending on your VM specs and your Internet access speed.

sudo mount /dev/cdrom /mnt/

cd /mnt/

sudo ./VBoxLinuxAdditions.run

  # This command might take some minutes depending on your VM specs.

sudo reboot

```

This page describes how to configure a physical server for running ETSI TeraFlowSDN(TFS) controller.

# Server Specifications

### Minimum Server Specifications for development and basic deployment

- CPU: 4 cores

- RAM: 8 GB

- Disk: 60 GB

- 1 GbE NIC

### Recommended Server Specifications for development and basic deployment

- CPU: 6 cores

- RAM: 12 GB

- Disk: 80 GB

- 1 GbE NIC

### Server Specifications for best development and deployment experience

- CPU: 8 cores

- RAM: 32 GB

- Disk: 120 GB

- 1 GbE NIC

**NOTE**: the specifications listed above are provided as a reference. They depend also on the CPU clock frequency, the RAM memory, the disk technology and speed, etc.

For development purposes, it is recommended to run the VSCode IDE (or the IDE of your choice) in a more powerful server, for instance, the recommended server specifications for development and basic deployment.

Given that TeraFlowSDN follows a micro-services architecture, for the deployment, it might be better to use many clusterized servers with many slower cores than a single server with few highly performant cores.

# Clusterized Deployment

You might consider creating a cluster of machines each featuring, at least, the minimum server specifications. That solution brings you scalability in the future.

# Networking

No explicit indications are given in terms of networking besides that servers need access to the Internet for downloading dependencies, binaries, and packages while building and deploying the TeraFlowSDN components.

Besides that, the network requirements are essentially the same than that required for running a classical Kubernetes environment. To facilitate the deployment, we extensively use [MicroK8s](https://microk8s.io/), thus the network requirements are, essentially, the same demanded by MicroK8s, especially, if you consider creating a Kubernetes cluster.

As a reference, the other deployment solutions based on VMs assume the VM is connected to a virtual network configured with the IP range `10.0.2.0/24` and have the gateway at IP `10.0.2.1`. The VMs have the IP address `10.0.2.10`.

The minimum required ports to be accessible are:

- 22/SSH     : for management purposes

- 80/HTTP    : for the TeraFlowSDN WebUI and Grafana dashboard

- 8081/HTTPS : for the CockroachDB WebUI

Other ports might be required if you consider to deploy addons such as Kubernetes observability, etc. The details on these ports are left appart given they might vary depending on the Kubernetes environment you use.

# Operating System

The recommended Operating System for deploying TeraFlowSDN is [Ubuntu Server 22.04 LTS](https://releases.ubuntu.com/jammy/) or [Ubuntu Server 20.04 LTS](https://releases.ubuntu.com/focal/). Other version might work, but we have not tested them. We strongly recommend using Long Term Support (LTS) versions as they provide better stability.

Below we provide some installation guidelines:

- Installation Language: English

- Autodetect your keyboard

- If asked, select "Ubuntu Server" (do not select "Ubuntu Server (minimized)").

- Configure static network specifications (adapt them based on your particular setup):

|Interface|IPv4 Method|Subnet     |Address  |Gateway |Name servers   |Search domains|

|---------|-----------|-----------|---------|--------|---------------|--------------|

|enp0s3   |Manual     |10.0.2.0/24|10.0.2.10|10.0.2.1|8.8.8.8,8.8.4.4|<empty>       |

- Leave proxy and mirror addresses as they are

- Let the installer self-upgrade (if asked).

- Use an entire disk for the installation

  - Disable setup of the disk as LVM group

  - Double check that NO swap space is allocated in the partition table. Kubernetes does not work properly with SWAP.

- Configure your user and system names:

  - User name: `TeraFlowSDN`

  - Server's name: `tfs-vm`

  - Username: `tfs`

  - Password: `tfs123`

- Install Open SSH Server

  - Import SSH keys, if any.

- Featured Server Snaps

  - Do not install featured server snaps. It will be done manually later to illustrate how to uninstall and reinstall them in case of trouble with.

- Let the system install and upgrade the packages.

  - This operation might take some minutes depending on how old is the Optical Drive ISO image you use and your Internet connection speed.

- Restart the VM when the installation is completed.

## Upgrade the Ubuntu distribution

```bash

sudo apt-get update -y

sudo apt-get dist-upgrade -y

```

- If asked to restart services, restart the default ones proposed.

- Restart the VM when the installation is completed.

This page describes how to create a Vagrant Box, using the base virtual machine configured in [Oracle Virtual Box](./1.1.2.-Oracle-Virtual-Box).

# Virtual Machine specifications

Most of the specifications can be as specified in the [Oracle Virtual Box](./1.1.2.-Oracle-Virtual-Box) page, however, there are a few particularities to Vagrant that must be accommodated, such as:

- Virtual Hard Disk

  - Size: 60GB (at least)

  - **Type**: VMDK

![spaces_huDzAu5hmjUdNzCGBBbL_uploads_jrerlmLyZWi5f2Tzb7xY_Screenshot_from_2023-07-10_18-13-43](uploads/23ff9a3d6884646f7859a29d8f5ab934/spaces_huDzAu5hmjUdNzCGBBbL_uploads_jrerlmLyZWi5f2Tzb7xY_Screenshot_from_2023-07-10_18-13-43.webp)

Also, before initiating the VM and installing the OS, we'll need to:

- Disable Floppy in the 'Boot Order'

- Disable audio

- Disable USB

- Ensure Network Adapter 1 is set to NAT

# Network configurations

At Network Adapt 1, the following port-forwarding rule must be set.

| Name | Protocol | Host IP | Host Port | Guest IP | Guest Port |

| - | - | - | - | - | - |

| SSH | TCP | | **2222** | | 22 |

![Screenshot_from_2023-07-10_18-25-18](uploads/ced8e7b1133d6831e0c203801b6ba448/Screenshot_from_2023-07-10_18-25-18.png)

# Installing the OS

For a Vagrant Box, it is generally suggested that the ISO's server version is used, as it is intended to be used via SSH, and any web GUI is expected to be forwarded to the host.

![Screenshot_from_2023-07-10_18-41-49](uploads/063d318dba47b72856ebb6d9a9b4390e/Screenshot_from_2023-07-10_18-41-49.png)

![Screenshot_from_2023-07-10_18-42-30](uploads/9e3879f84786c891af526cbea2de58e7/Screenshot_from_2023-07-10_18-42-30.png)

![Screenshot_from_2023-07-10_18-42-45](uploads/e615cc7a5e03623ffdf62a310ca86cd6/Screenshot_from_2023-07-10_18-42-45.png)

Make sure the disk is not configured as an LVM group!

![Screenshot_from_2023-07-10_18-43-16](uploads/7ab80c83d6c01c255969f4da1691eb85/Screenshot_from_2023-07-10_18-43-16.png)

## Vagrant ser

Vagrant expects by default, that in the box's OS exists the user `vagrant` with the password also being `vagrant`.

![Screenshot_from_2023-07-10_18-54-12](uploads/39e1b5868733d40c12d86bdde165ede0/Screenshot_from_2023-07-10_18-54-12.png)

## SSH

Vagrant uses SSH to connect to the boxes, so installing it now will save the hassle of doing it later.

![Screenshot_from_2023-07-10_18-54-48](uploads/5ecded27ab7966a4748ea5c25f98ab13/Screenshot_from_2023-07-10_18-54-48.png)

## Features server snaps

Do not install featured server snaps. It will be done manually [later](./1.-Deployment-Guide/1.2.-Install-Microk8s) to illustrate how to uninstall and reinstall them in case of trouble with.

## Updates

Let the system install and upgrade the packages. This operation might take some minutes depending on how old is the Optical Drive ISO image you use and your Internet connection speed.

## Upgrade the Ubuntu distribution

```bash

sudo apt-get update -y

sudo apt-get dist-upgrade -y

```

- If asked to restart services, restart the default ones proposed.

- Restart the VM when the installation is completed.

### Install VirtualBox Guest Additions

On VirtualBox Manager, open the VM main screen. If you are running the VM in headless 

mode, right-click over the VM in the VirtualBox Manager window, and click "Show".

If a dialog informing about how to leave the interface of the VM is shown, confirm 

by pressing the "Switch" button. The interface of the VM should appear.

Click the menu "Device > Insert Guest Additions CD image..."

On the VM terminal, type:

```bash

sudo apt-get install -y linux-headers-$(uname -r) build-essential dkms

  # This command might take some minutes depending on your VM specs and your Internet access speed.

sudo mount /dev/cdrom /mnt/

cd /mnt/

sudo ./VBoxLinuxAdditions.run

  # This command might take some minutes depending on your VM specs.

sudo reboot

```

# ETSI TFS Installation

After this, proceed to [1.2. Install Microk8s](./1.-Deployment-Guide/1.2.-Install-Microk8s), after which, return to this wiki to finish the Vagrant Box creation.

# Box configuration and creation

Make sure the ETSI TFS controller is correctly configured. **You will not be able to change it after!**

It is advisable to do the next configurations from a host's terminal, via a SSH connection.

```bash

ssh -p 2222 vagrant@127.0.0.1

```

## Set root password

Set the root password to `vagrant`.

```bash

sudo passwd root

```

## Set the superuser

Set up the Vagrant user so that it’s able to use sudo without being prompted for a password.

Anything in the `/etc/sudoers.d/*` directory is included in the sudoers privileges when created by the root user.

Create a new sudo file.

```bash

sudo visudo -f /etc/sudoers.d/vagrant

```

and add the following lines

```text

# add vagrant user

vagrant ALL=(ALL) NOPASSWD:ALL

```

You can now test that it works by running a simple command.

```bash

sudo pwd

```

Issuing this command should result in an immediate response without a request for a password.

## Install the Vagrant key

Vagrant uses a default set of SSH keys for you to directly connect to boxes via the CLI command `vagrant ssh`, after which it creates a new set of SSH keys for your new box. Because of this, we need to load the default key to be able to access the box after created.

```bash

chmod 0700 /home/vagrant/.ssh

wget --no-check-certificate https://raw.github.com/mitchellh/vagrant/master/keys/vagrant.pub -O /home/vagrant/.ssh/authorized_keys

chmod 0600 /home/vagrant/.ssh/authorized_keys

chown -R vagrant /home/vagrant/.ssh

```

## Configure the OpenSSH Server

Edit the `/etc/ssh/sshd_config` file:

```bash

sudo vim /etc/ssh/sshd_config

```

And uncomment the following line:

```bash

AuthorizedKeysFile %h/.ssh/authorized_keys

```

Then restart SSH.

```bash

sudo service ssh restart

```

## Package the box

Before you package the box, if you intend to make your box public, it is best to clean your bash history with:

```bash

history -c

```

Exit the SSH connection, and **at you're host machine**, package the VM:

```bash

vagrant package --base teraflowsdncontroller --output teraflowsdncontroller.box

```

## Test run the box

Add the base box to you local Vagrant box list:

```bash

vagrant box add --name teraflowsdncontroller ./teraflowsdncontroller.box

```

Now you should try to run it, for that you'll need to create a **Vagrantfile**. For a simple run, this is the minimal required code for this box:

```ruby

# -*- mode: ruby -*-

# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  config.vm.box = "teraflowsdncontroller"

  config.vm.box_version = "1.1.0"

  config.vm.network :forwarded_port, host: 8080 ,guest: 80

end

```

Now you'll be able to spin up the virtual machine by issuing the command:

```bash

vagrant up

```

And connect to the machine using:

```bash

vagrant ssh

```

# Pre-configured boxes

If you do not wish to create your own Vagrant Box, you can use one of the existing ones created by TFS contributors.

- [davidjosearaujo/teraflowsdncontroller](https://app.vagrantup.com/davidjosearaujo/boxes/teraflowsdncontroller)

- ... <!-- Should create and host one at ETSI!! -->

To use them, you simply have to create a Vagrantfile and run `vagrant up controller` in the same directory. The following example Vagrantfile already allows you to do just that, with the bonus of exposing the multiple management GUIs to your `localhost`.

```ruby

Vagrant.configure("2") do |config|

  config.vm.define "controller" do |controller|

    controller.vm.box = "davidjosearaujo/teraflowsdncontroller"

    controller.vm.network "forwarded_port", guest: 80, host: 8080     # WebUI

    controller.vm.network "forwarded_port", guest: 8084, host: 50750  # Linkerd Viz Dashboard

    controller.vm.network "forwarded_port", guest: 8081, host: 8081   # CockroachDB Dashboard

    controller.vm.network "forwarded_port", guest: 8222, host: 8222   # NATS Dashboard

    controller.vm.network "forwarded_port", guest: 9000, host: 9000   # QuestDB Dashboard

    controller.vm.network "forwarded_port", guest: 9090, host: 9090   # Prometheus Dashboard

    # Setup Linkerd Viz reverse proxy

    ## Copy config file

    controller.vm.provision "file" do |f|

      f.source = "./reverse-proxy-linkerdviz.sh"

      f.destination = "./reverse-proxy-linkerdviz.sh"

    end

    ## Execute configuration file

    controller.vm.provision "shell" do |s|

      s.inline = "chmod +x ./reverse-proxy-linkerdviz.sh && ./reverse-proxy-linkerdviz.sh"

    end

    # Update controller source code to the desired branch

    if ENV['BRANCH'] != nil

      controller.vm.provision "shell" do |s|

        s.inline = "cd ./tfs-ctrl && git pull && git switch " + ENV['BRANCH']

      end

    end

  end

end

```

This Vagrantfile also allows for **optional repository updates** on startup by running the command with a specified environment variable `BRANCH`

```bash

BRANCH=develop vagrant up controller

```

## Linkerd DNS rebinding bypass

Because of Linkerd's security measures against DNS rebinding, a reverse proxy, that modifies the request's header `Host` field, is needed to expose the GUI to the host. The previous Vagrantfile already deploys such configurations, for that, all you need to do is create the `reverse-proxy-linkerdviz.sh` file in the same directory. The content of this file is displayed below.

```bash

# Install NGINX

sudo apt update && sudo apt install nginx -y

# NGINX reverse proxy configuration

echo 'server {

    listen 8084;

    location / {

        proxy_pass http://127.0.0.1:50750;

        proxy_set_header Host localhost;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

    }

}' > /home/vagrant/expose-linkerd

# Create symlink of the NGINX configuration file

sudo ln -s /home/vagrant/expose-linkerd /etc/nginx/sites-enabled/

# Commit the reverse proxy configurations

sudo systemctl restart nginx

# Enable start on login

echo "linkerd viz dashboard &" >> .profile

# Start dashboard

linkerd viz dashboard &

echo "Linkerd Viz dashboard running!"

```

This page describes how to configure a VM for running ETSI TeraFlowSDN(TFS) controller using [VMWare Fusion](https://www.vmware.com/products/fusion.html). It has been tested with VMWare Fusion version 12 and 13.

# Create VM in VMWare Fusion:

In "VMWare Fusion" manager, create a new network from the "Settings/Network" menu.

- Unlock to make changes

- Press the + icon and create a new network

- Change the name to TFS-NAT-Net

- Check "Allow virtual machines on this network to connect to external network (NAT)"

- Do not check "Enable IPv6"

- Add port forwarding for HTTP and SSH

- Uncheck "Provide address on this network via DHCP"

Create a new VM an Ubuntu 22.04.1 ISO:

- Display Name: TeraFlowSDN

- Username: tfs

- Password: tfs123

On the next screen press "Customize Settings", save the VM and in "Settings" change:

- Change to use 4 CPUs

- Change to access 8 GB of RAM

- Change disk to size 60 GB

- Change the network interface to use the previously created TFS-NAT-Net

Run the VM to start the installation.

# Install Ubuntu 22.04.1 LTS Operating System

The installation will be automatic, without any configuration required.

- Configure the guest IP, gateway and DNS:

  Using the Network Settings for the wired connection, set the IP to 10.0.2.10,

  the mask to 255.255.255.0, the gateway to 10.0.2.2 and the DNS to 10.0.2.2.

- Disable and remove swap file:

  $ sudo swapoff -a

  $ sudo rm /swapfile

  Then you can remove or comment the /swapfile entry in /etc/fstab

- Install Open SSH Server

  - Import SSH keys, if any.

- Restart the VM when the installation is completed.

# Upgrade the Ubuntu distribution

```bash

sudo apt-get update -y

sudo apt-get dist-upgrade -y

```