NFP (contrib) - Devstack and Diskimage Create Scripts

This changeset contains the following
(1) Changes to the NFP devstack to support configurator
(2) Changes to the NFP diskimage build script to build
    configurator disk image

Change-Id: I1717e07b82073945752549c254ed8a39ce7257ff
Implements: blueprint gbp-network-services-framework
Co-Authored-By: Deepak S <in.live.in@live.in>
Co-Authored-By: ashutosh mishra <mca.ashu4@gmail.com>

devstack/README-NFP-Advanced-Mode

@@ -0,0 +1,50 @@
+
+Fresh Installation Steps:
+=========================
+
+(1) Clone stable mitaka devstack.
+    # git clone https://git.openstack.org/openstack-dev/devstack -b stable/mitaka
+
+(2) Get local.conf.nfp from NFP devstack patch and copy to devstack directory
+    as local.conf
+    # cd devstack/
+    # wget -O local.conf.zip https://review.openstack.org/cat/335405,89,devstack/local.conf.nfp
+    # unzip local.conf.zip
+    # mv local.conf*.nfp local.conf
+    # rm local.conf.zip
+
+(3) Configure local.conf
+    # Modify NFP_DEVSTACK_MODE to 'advanced'
+    # Configure following external network details,
+      EXT_NET_GATEWAY=
+      EXT_NET_ALLOCATION_POOL_START=
+      EXT_NET_ALLOCATION_POOL_END=
+      EXT_NET_CIDR=
+    # Configure the Configurator VM image path(optional),
+    # If configured, install step uploads the specified image
+    # If not configured, install step will build a new one and upload it
+      ConfiguratorQcow2Image=
+    # Configure the Service VM image paths(optional),
+    # If configured, install step uploads the specified images
+    # If not configured, install step ignores uploading these service images
+      VyosQcow2Image=
+      HaproxyQcow2Image=
+    # Configure PUBLIC_INTERFACE with the public interface name
+
+(4) Install devstack.
+    # ./stack.sh
+
+
+Re-installation Steps:
+======================
+
+(1) Follow these steps for cleanup.
+    # cd devstack
+    # ./unstack.sh
+    # ./clean.sh
+    # sudo rm -rf /opt/stack
+    # cd ..
+    # sudo rm -rf devstack
+
+(2) Follow the fresh installation steps.
+

devstack/README-NFP-Base-Mode

@@ -8,16 +8,12 @@ Fresh Installation Steps:
 (2) Get local.conf.nfp from NFP devstack patch and copy to devstack directory
     as local.conf
     # cd devstack/
-    # wget -O local.conf.zip https://review.openstack.org/cat/309145,103,devstack/local.conf.nfp
+    # wget -O local.conf.zip https://review.openstack.org/cat/335405,89,devstack/local.conf.nfp
     # unzip local.conf.zip
     # mv local.conf*.nfp local.conf
     # rm local.conf.zip
 
-(3) Configure local.conf
-    # Edit local.conf to point HOST_IP to the devstack setup IP address
-    # Modify the GBPSERVICE_BRANCH to point to the top patch in devstack changeset
-
-(4) Install devstack.
+(3) Install devstack.
     # ./stack.sh
 
 
@@ -52,8 +48,8 @@ Steps to test Base Mode:
 (4) Delete members created in the consumer and provider groups in step 2.
 
 (5) Delete the test chain.
-     # cd /opt/stack/gbp/devstack/exercises/nfp_service
-     # bash lb_base_clean.sh
+    # cd /opt/stack/gbp/devstack/exercises/nfp_service
+    # bash lb_base_clean.sh
 
 
 Steps to test Base Mode with VM:
@@ -74,6 +70,6 @@ Steps to test Base Mode with VM:
 (5) Delete members created in the consumer and provider groups in step 2.
 
 (6) Delete the test chain.
-     # cd /opt/stack/gbp/devstack/exercises/nfp_service
-     # bash fw_base_vm_clean.sh
+    # cd /opt/stack/gbp/devstack/exercises/nfp_service
+    # bash fw_base_vm_clean.sh
 

devstack/exercises/nfp_service/user-data/configurator_user_data

@@ -0,0 +1,11 @@
+#cloud-config
+users:
+  - name: ubuntu
+    groups: sudo
+    shell: /bin/bash
+    sudo: ['ALL=(ALL) NOPASSWD:ALL']
+    ssh-authorized-keys:
+      - <SSH PUBLIC KEY>
+
+runcmd:
+  - docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker

devstack/lib/nfp

@@ -1,27 +1,49 @@
-#!/bin/bash
+# lib/nfp
+# functions - functions specific to nfp implementation
 
+# Dependencies:
+# ``functions`` file
+# ``DEST`` must be defined
+
+# ``stack.sh`` calls the entry points in this order:
+#
+# - prepare_nfp_image_builder
+# - install_nfpgbpservice
+# - init_nfpgbpservice
+# - assign_user_role_credential
+# - create_nfp_gbp_resources
+# - create_nfp_image
+# - launch_configuratorVM
+# - copy_nfp_files_and_start_process
+#
+# ``unstack.sh`` calls the entry points in this order:
+
+# Set up default directories
+DEVSTACK_DIR=$PWD
 NFPSERVICE_DIR=$DEST/gbp
-DISK_IMAGE_DIR=$DEST/gbp/gbpservice/tests/contrib
-TOP_DIR=$PWD
-
 NEUTRON_CONF_DIR=/etc/neutron
 NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
-
 NFP_CONF_DIR=/etc/nfp
-echo "TOP-DIR-NFP : $PWD"
+DISKIMAGE_CREATE_DIR=$NFPSERVICE_DIR/gbpservice/tests/contrib/diskimage-create
 
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+# Functions
+# ---------
+
+# prepare_nfp_image_builder() - Install the requirements for dib
 function prepare_nfp_image_builder {
-    #setup_develop $NFPSERVICE_DIR
-    sudo -H -E pip install -r $DISK_IMAGE_DIR/diskimage-create/requirements.txt
+    sudo -H -E pip install -r $DISKIMAGE_CREATE_DIR/requirements.txt
     sudo apt-get install -y --force-yes qemu-utils
+    sudo apt-get install -y --force-yes dpkg-dev
+    if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
+        sudo wget -qO- https://get.docker.com/ | bash
+    fi
 }
 
-function init_nfpgbpservice {
-    # Run GBP db migrations
-    gbp-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
-    iniset $NEUTRON_CONF DEFAULT policy_dirs $NFP_CONF_DIR
-}
-
+# install_nfpgbpservice() - Collect source and prepare
 function install_nfpgbpservice {
     git_clone $GBPSERVICE_REPO $NFPSERVICE_DIR $GBPSERVICE_BRANCH
     mv $NFPSERVICE_DIR/test-requirements.txt $NFPSERVICE_DIR/_test-requirements.txt
@@ -31,29 +53,268 @@ function install_nfpgbpservice {
     mv $NFPSERVICE_DIR/_test-requirements.txt $NFPSERVICE_DIR/test-requirements.txt
 }
 
-function create_nfp_image {
-    TOP_DIR=$TOP_DIR
-    sudo python $DISK_IMAGE_DIR/diskimage-create/disk_image_create.py $DISK_IMAGE_DIR/diskimage-create/conf.json
-    BUILT_IMAGE_PATH=$(cat /tmp/nfp_image_path)
-    upload_image file://$BUILT_IMAGE_PATH $TOKEN
-
-    openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny
+# init_nfpgbpservice() - Initialize databases, etc.
+function init_nfpgbpservice {
+    # Run GBP db migrations
+    gbp-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
+    iniset $NEUTRON_CONF DEFAULT policy_dirs $NFP_CONF_DIR
 }
 
+# assign_user_role_credential() - Assign Service role to the users
 function assign_user_role_credential {
-    TOP_DIR=$TOP_DIR
-    source $TOP_DIR/openrc admin admin
-    #set -x
+    source $DEVSTACK_DIR/openrc admin admin
+
     serviceTenantID=`keystone tenant-list | grep "service" | awk '{print $2}'`
     serviceRoleID=`keystone role-list | grep "service" | awk '{print $2}'`
     adminRoleID=`keystone role-list | grep "admin" | awk '{print $2}'`
-    keystone user-role-add --user nova --tenant $serviceTenantID --role $serviceRoleID
-    keystone user-role-add --user neutron --tenant $serviceTenantID --role $adminRoleID
+
+    keystone user-role-add\
+ --user nova\
+ --tenant $serviceTenantID\
+ --role $serviceRoleID
+
+    keystone user-role-add\
+ --user neutron\
+ --tenant $serviceTenantID\
+ --role $adminRoleID
 }
 
+# create_ext_net() - Create an external network
+function create_ext_net {
+    source $DEVSTACK_DIR/stackrc
+
+    EXT_NET_NAME=ext-net
+    EXT_NET_SUBNET_NAME=ext-net-subnet
+    EXT_NET_GATEWAY=$EXT_NET_GATEWAY
+    EXT_NET_ALLOCATION_POOL_START=$EXT_NET_ALLOCATION_POOL_START
+    EXT_NET_ALLOCATION_POOL_END=$EXT_NET_ALLOCATION_POOL_END
+    EXT_NET_CIDR=$EXT_NET_CIDR
+
+    neutron net-create\
+ --router:external=true\
+ --shared\
+ $EXT_NET_NAME
+
+    neutron subnet-create\
+ --ip_version 4\
+ --gateway $EXT_NET_GATEWAY\
+ --name $EXT_NET_SUBNET_NAME\
+ --allocation-pool start=$EXT_NET_ALLOCATION_POOL_START,end=$EXT_NET_ALLOCATION_POOL_END\
+ $EXT_NET_NAME\
+ $EXT_NET_CIDR
+}
+
+# create_ep_and_nsp() - Create GBP resources for the external netwrok
+function create_ep_and_nsp {
+    subnet_id=`neutron net-list | grep "$EXT_NET_NAME" | awk '{print $6}'`
+
+    gbp external-segment-create\
+ --ip-version 4\
+ --cidr $EXT_NET_CIDR\
+ --external-route destination=0.0.0.0/0,nexthop=\
+ --shared True\
+ --subnet_id=$subnet_id\
+ default
+
+    gbp nat-pool-create\
+ --ip-version 4\
+ --ip-pool $EXT_NET_CIDR\
+ --external-segment default\
+ --shared True\
+ default
+
+    gbp nsp-create\
+ --network-service-params type=ip_pool,name=vip_ip,value=nat_pool\
+ svc_mgmt_fip_policy
+}
+
+# create_nfp_gbp_resources() - Create various GBP resources
+function create_nfp_gbp_resources {
+    source $DEVSTACK_DIR/openrc neutron service
+    unset OS_USER_DOMAIN_ID
+    unset OS_PROJECT_DOMAIN_ID
+
+    if [[ $NFP_DEVSTACK_MODE = base ]]; then
+
+        IMAGE_NAME="reference_configurator_image"
+        FLAVOR=m1.nfp-tiny
+
+        gbp service-profile-create\
+ --servicetype LOADBALANCER\
+ --insertion-mode l3\
+ --shared True\
+ --service-flavor service_vendor=haproxy,device_type=None\
+ --vendor NFP\
+ base_mode_lb
+
+        gbp service-profile-create\
+ --servicetype FIREWALL\
+ --insertion-mode l3\
+ --shared True\
+ --service-flavor service_vendor=nfp,device_type=nova,image_name=$IMAGE_NAME,flavor=$FLAVOR\
+ --vendor NFP\
+ base_mode_fw_vm
+
+    else
+
+        gbp service-profile-create\
+ --servicetype LOADBALANCER\
+ --insertion-mode l3\
+ --shared True\
+ --service-flavor service_vendor=haproxy,device_type=nova\
+ --vendor NFP\
+ lb_profile
+
+        gbp service-profile-create\
+ --servicetype LOADBALANCERV2\
+ --insertion-mode l3\
+ --shared True\
+ --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova,flavor=m1.small\
+ --vendor NFP\
+ lbv2_profile
+
+        gbp service-profile-create\
+ --servicetype FIREWALL\
+ --insertion-mode l3\
+ --shared True\
+ --service-flavor service_vendor=vyos,device_type=nova\
+ --vendor NFP\
+ vyos_fw_profile
+
+        gbp service-profile-create\
+ --servicetype VPN\
+ --insertion-mode l3\
+ --shared True\
+ --service-flavor service_vendor=vyos,device_type=nova\
+ --vendor NFP\
+ vpn_profile
+
+        create_ext_net
+        create_ep_and_nsp
+
+    fi
+
+    gbp l3policy-create\
+ --ip-version 4\
+ --proxy-ip-pool=192.169.0.0/24\
+ --ip-pool 120.0.0.0/24\
+ --subnet-prefix-length 24\
+ service_management
+
+    gbp l2policy-create\
+ --l3-policy service_management\
+ svc_management_ptg
+
+    gbp group-create\
+ svc_management_ptg\
+ --service_management True\
+ --l2-policy\
+ svc_management_ptg
+
+    neutron router-gateway-clear\
+ l3p_service_management
+
+    gbp l3policy-update\
+ --external-segment ""\
+ service_management
+}
+
+# create_port_for_vm() - Create a port, and get its details
+# Args:
+#     $1 - image_name
+#     $2 - instance name
+function create_port_for_vm {
+    GROUP="svc_management_ptg"
+    PortId=$(gbp policy-target-create --policy-target-group $GROUP $2 | grep port_id | awk '{print $4}')
+    IpAddr_extractor=`neutron port-list --format value | grep $PortId | awk '{print $7}'`
+    IpAddr_purge_last=${IpAddr_extractor::-1}
+    IpAddr=${IpAddr_purge_last//\"/}
+    echo "IpAddr of port($PortId): $IpAddr"
+    configurator_image_name=$1
+    configurator_port_id=$PortId
+    configurator_ip=$IpAddr
+}
+
+# create_nfp_image() - Create and upload the service images
+function create_nfp_image {
+    source $DEVSTACK_DIR/openrc neutron service
+    unset OS_USER_DOMAIN_ID
+    unset OS_PROJECT_DOMAIN_ID
+
+    if [[ $NFP_DEVSTACK_MODE = base ]]; then
+        RefConfiguratorQcow2ImageName=reference_configurator_image
+        echo "Building Image: $RefConfiguratorQcow2ImageName"
+        sudo python $DISKIMAGE_CREATE_DIR/disk_image_create.py $DISKIMAGE_CREATE_DIR/ref_configurator_conf.json
+        RefConfiguratorQcow2Image=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
+        echo "Uploading Image: $RefConfiguratorQcow2ImageName"
+        glance image-create --name $RefConfiguratorQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $RefConfiguratorQcow2Image
+        openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny
+    else
+        ConfiguratorQcow2ImageName=configurator
+        ConfiguratorInstanceName="configuratorVM_instance"
+        create_port_for_vm $ConfiguratorQcow2ImageName $ConfiguratorInstanceName
+        if [[ $ConfiguratorQcow2Image = build ]]; then
+            echo "Building Image: $ConfiguratorQcow2ImageName"
+            sudo python $DISKIMAGE_CREATE_DIR/disk_image_create.py $DISKIMAGE_CREATE_DIR/configurator_conf.json $GBPSERVICE_BRANCH
+            ConfiguratorQcow2Image=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
+        fi
+        echo "Uploading Image: $ConfiguratorQcow2ImageName"
+        glance image-create --name $ConfiguratorQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $ConfiguratorQcow2Image
+
+        VyosQcow2ImageName=vyos
+        if ! [[ -z $VyosQcow2Image ]]; then
+            echo "Uploading Image: $VyosQcow2ImageName"
+            glance image-create --name $VyosQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $VyosQcow2Image
+        fi
+
+        HaproxyQcow2ImageName=haproxy
+        if ! [[ -z $HaproxyQcow2Image ]]; then
+            echo "Uploading Image: $HaproxyQcow2ImageName"
+            glance image-create --name $HaproxyQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $HaproxyQcow2Image
+        fi
+    fi
+}
+
+# configure_configurator_user_data() - Configure Configurator user data
+function configure_configurator_user_data {
+    CUR_DIR=$PWD
+    sudo rm -rf /opt/configurator_user_data
+    sudo cp -r $NFPSERVICE_DIR/devstack/exercises/nfp_service/user-data/configurator_user_data /opt/.
+    cd /opt
+    sudo rm -rf my.key my.key.pub
+    sudo ssh-keygen -t rsa -N "" -f my.key
+    value=`sudo cat my.key.pub`
+    sudo echo $value
+    sudo sed -i "8 i\      -\ $value" configurator_user_data
+    sudo sed -i '9d' configurator_user_data
+    cd $CUR_DIR
+}
+
+# launch_configuratorVM() - Launch the Configurator VM
+function launch_configuratorVM {
+    echo "Collecting ImageId : for $configurator_image_name"
+    ImageId=`glance image-list | grep $configurator_image_name | awk '{print $2}'`
+    if [ ! -z "$ImageId" -a "$ImageId" != " " ]; then
+        echo $ImageId
+    else
+        echo "No image found with name $configurator_image_name"
+        exit
+    fi
+
+    configure_configurator_user_data
+    nova boot\
+ --flavor m1.medium\
+ --user-data /opt/configurator_user_data\
+ --image $ImageId\
+ --nic port-id=$configurator_port_id\
+ $ConfiguratorInstanceName
+    sleep 10
+}
+
+# namespace_delete() - Utility for namespace management
 function namespace_delete {
-    TOP_DIR=$TOP_DIR
-    source $TOP_DIR/openrc neutron service
+    source $DEVSTACK_DIR/openrc neutron service
+
     #Deletion namespace
     NFP_P=`sudo ip netns | grep "nfp-proxy"`
     if [ ${#NFP_P} -ne 0 ]; then
@@ -75,23 +336,20 @@ function namespace_delete {
         echo "ovs port ptr1 is removed"
     fi
 
-    echo "nfp-proxy cleaning success.... "
+    echo "nfp-proxy cleaning success."
 }
 
+# namespace_create() - Utility for namespace management
 function namespace_create {
-    TOP_DIR=$TOP_DIR
-    #doing it in namespace_delete, so no need to do it again
-    #source $1/openrc neutron service
     SERVICE_MGMT_NET="l2p_svc_management_ptg"
-    cidr="/24"
     echo "Creating new namespace nfp-proxy...."
 
     #new namespace with name proxy
     NFP_P=`sudo ip netns add nfp-proxy`
     if [ ${#NFP_P} -eq 0 ]; then
-        echo "New namepace nfp-proxt create"
+        echo "New namepace nfp-proxy created"
     else
-        echo "nfp-proxy creation failed"
+        echo "New namespace nfp-proxy creation failed"
         exit 0
     fi
 
@@ -135,7 +393,7 @@ function namespace_create {
     #get port id from router nampace
     port=`sudo ip netns exec $nm_space ip a | grep "tap" | tail -n 1 | awk '{print $7}'`
 
-    #get tag_id  form port in ovs-bridge
+    #get tag_id form port in ovs-bridge
     tag_id=`sudo ovs-vsctl list port $port | grep "tag" | tail -n 1 | awk '{print $3}'`
 
     sudo ovs-vsctl set port pt1 tag=$tag_id
@@ -145,91 +403,69 @@ function namespace_create {
     sudo ip netns exec nfp-proxy ip link set lo up
     sudo ip link set pt1 up
 
-    PING=`sudo ip netns exec nfp-proxy ping $2 -q -c 2 > /dev/null`
-    if [ ${#PING} -eq 0 ]
-    then
-        echo "nfp-proxy namespcace creation success and reaching to $2"
+    PING=`sudo ip netns exec nfp-proxy ping $configurator_ip -q -c 2 > /dev/null`
+    if [ ${#PING} -eq 0 ]; then
+        echo "nfp-proxy namespcace creation success and reaching to $configurator_ip"
     else
-        echo "Fails reaching to $2"
+        echo "Fails reaching to $configurator_ip"
     fi
 
     sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini
 }
 
-function create_nfp_gbp_resources {
-   TOP_DIR=$TOP_DIR
-   source $TOP_DIR/openrc neutron service
-
-   if [[ $DISABLE_BUILD_IMAGE = False ]]; then
-       IMAGE_PATH=$(cat /tmp/nfp_image_path)
-       IMAGE_NAME=`basename "$IMAGE_PATH"`
-       IMAGE_NAME_FLAT="${IMAGE_NAME%.*}"
-       FLAVOR=m1.nfp-tiny
-   else
-       IMAGE_NAME_FLAT="reference_configurator_image"
-       FLAVOR=m1.small
-   fi
-   gbp network-service-policy-create --network-service-params type=ip_pool,name=vip_ip,value=nat_pool svc_mgmt_fip_policy
-   gbp service-profile-create --servicetype LOADBALANCER --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=None --vendor NFP base_mode_lb
-   gbp service-profile-create --servicetype FIREWALL --insertion-mode l3 --shared True --service-flavor service_vendor=nfp,device_type=nova,image_name=$IMAGE_NAME_FLAT,flavor=$FLAVOR --vendor NFP base_mode_fw_vm
-   gbp group-create svc_management_ptg --service_management True
-}
-
-function get_router_namespace {
-    TOP_DIR=$TOP_DIR
-    source $TOP_DIR/openrc neutron service
-
-    GROUP="svc_management_ptg"
-    echo "GroupName: $GROUP"
-
-    l2p_id=`gbp ptg-show svc_management_ptg | grep l2_policy_id | awk '{print $4}'`
-    l3p_id=`gbp l2p-show $l2p_id | grep l3_policy_id | awk '{print $4}'`
-    RouterId=`gbp l3p-show $l3p_id | grep routers | awk '{print $4}'`
-}
-
+# copy_nfp_files_and_start_process() - Setup configuration and start processes
 function copy_nfp_files_and_start_process {
-    TOP_DIR=$TOP_DIR
-    cd /opt/stack/gbp/gbpservice/nfp
-    sudo cp -r  bin/nfp /usr/bin/
+    cd $NFPSERVICE_DIR/gbpservice/nfp
+    sudo cp -r bin/nfp /usr/bin/
     sudo chmod +x /usr/bin/nfp
     sudo rm -rf /etc/nfp_*
-    sudo cp -r  bin/nfp_orchestrator.ini /etc/
-    sudo cp -r  bin/nfp_proxy_agent.ini /etc/
-    sudo cp -r  bin/nfp_proxy.ini /etc/nfp_proxy.ini
-    sudo cp -r  bin/nfp_proxy /usr/bin/
+    sudo cp -r bin/nfp_orchestrator.ini /etc/
+    sudo cp -r bin/nfp_proxy_agent.ini /etc/
+    [[ $NFP_DEVSTACK_MODE = advanced ]] && sudo cp -r ../contrib/nfp/bin/nfp_config_orch.ini /etc/
+    sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini
+    sudo cp -r bin/nfp_proxy /usr/bin/
 
-    IpAddr=127.0.0.1
-    echo "Configuring proxy.ini .... with rest_server_address as $IpAddr"
-    sudo sed -i "s/rest_server_address=*.*/rest_server_address=$IpAddr/g" /etc/nfp_proxy.ini
-    sudo sed -i "s/rest_server_port= *.*/rest_server_port=8080/g" /etc/nfp_proxy.ini
-    ipnetns_router=`sudo ip netns |grep $RouterId`
+    if [[ $NFP_DEVSTACK_MODE = base ]]; then
+        configurator_ip=127.0.0.1
+        configurator_port=8080
+    else
+        configurator_ip=$configurator_ip
+        configurator_port=8070
+    fi
+    echo "Configuring proxy.ini .... with rest_server_address as $configurator_ip:$configurator_port"
+    sudo sed -i "s/rest_server_address=*.*/rest_server_address=$configurator_ip/g" /etc/nfp_proxy.ini
+    sudo sed -i "s/rest_server_port= *.*/rest_server_port=$configurator_port/g" /etc/nfp_proxy.ini
 
-    sed -i 's#source.*#source '$TOP_DIR'/openrc demo demo#g' /opt/stack/gbp/devstack/exercises/nfp_service/*.sh
-    source $TOP_DIR/functions-common
+    sed -i 's#source.*#source '$DEVSTACK_DIR'/openrc demo demo#g' $NFPSERVICE_DIR/devstack/exercises/nfp_service/*.sh
+    source $DEVSTACK_DIR/functions-common
 
-    echo "Starting orchestrator  >>>> under screen named : orchestrator"
-    run_process nfp_orchestrator "sudo /usr/bin/nfp  --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file /opt/stack/logs/nfp_orchestrator.log"
-    sleep 1
+    echo "Starting nfp_orchestrator under screen named nfp_orchestrator"
+    run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log"
+    sleep 4
 
-    echo "Starting proxy_agent  >>>> under screen named : proxy_agent"
-    run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file /opt/stack/logs/nfp_proxy_agent.log"
-    sleep 1
+    echo "Starting nfp_proxy_agent under screen named nfp_proxy_agent"
+    run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log"
+    sleep 4
 
-    echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy"
-    run_process nfp_proxy "source /opt/stack/gbp/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $IpAddr"
+    echo "Starting nfp_proxy inside namespace named nfp-proxy, under screen named nfp_proxy"
+    run_process nfp_proxy "source $NFPSERVICE_DIR/devstack/lib/nfp; namespace_delete; namespace_create"
     sleep 10
 
-    cd pecan/api
-    sudo python setup.py develop
-    echo "Starting base_configurator  >>>> under screen named : base_configurator"
-    run_process nfp_base_configurator "cd /opt/stack/gbp/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
+    if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
+        echo "Starting nfp_config_orchestrator under screen named nfp_config_orchestrator"
+        run_process nfp_config_orchestrator "sudo /usr/bin/nfp --config-file /etc/nfp_config_orch.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log"
+    else
+        cd pecan/api
+        sudo python setup.py develop
+        echo "Starting nfp_base_configurator under screen named nfp_base_configurator"
+        run_process nfp_base_configurator "cd $NFPSERVICE_DIR/gbpservice/nfp/pecan/api; sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
+    fi
     sleep 1
 
-    echo "Running gbp-db-manage"
-
-    source $TOP_DIR/openrc neutron service
-
+    echo "Upgrading DB to HEAD"
+    source $DEVSTACK_DIR/openrc neutron service
     gbp-db-manage --config-file /etc/neutron/neutron.conf upgrade head
     sleep 2
-    echo "Configuration success ... "
+
+    echo "NFP configuration done."
 }

devstack/local.conf.nfp

@@ -13,12 +13,39 @@ MYSQL_PASSWORD=mysqlsecret
 RABBIT_PASSWORD=myrabbitsecret
 SERVICE_PASSWORD=$ADMIN_PASSWORD
 SERVICE_TOKEN=admin
-HOST_IP=
 
-enable_plugin gbp https://git.openstack.org/openstack/group-based-policy master
+# NFP Service
 ENABLE_NFP=True
+GBPSERVICE_REPO=https://git.openstack.org/openstack/group-based-policy.git
+GBPSERVICE_BRANCH=refs/changes/05/335405/89
+# Edit NFP_DEVSTACK_MODE with either 'base' or 'advanced'
+if [[ $ENABLE_NFP = True ]]; then
+    NFP_DEVSTACK_MODE=base
 
-#e.g IMAGE_URLS+=http://192.168.6.1/images/cirros-0.3.0-x86_64-disk.img #image extenson should be .img OR img.gz
-#IMAGE_URLS+=
+    if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
+        # External Network
+        EXT_NET_GATEWAY=
+        EXT_NET_ALLOCATION_POOL_START=
+        EXT_NET_ALLOCATION_POOL_END=
+        EXT_NET_CIDR=
+
+        # Configurator image path option, its optional
+        # If configured, install step uploads the specified image
+        # If not configured, install step will build a new one and upload it
+        ConfiguratorQcow2Image=
+        # Service VM image path options, they are optional
+        # If configured, install step uploads the specified images
+        # If not configured, install step ignores uploading these service images
+        VyosQcow2Image=
+        HaproxyQcow2Image=
+
+        # Make sure that your public interface is not attached to any bridge.
+        PUBLIC_INTERFACE=
+
+        enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/mitaka
+        enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git stable/mitaka
+
+    fi
+fi
+enable_plugin gbp $GBPSERVICE_REPO $GBPSERVICE_BRANCH
 
-DISABLE_BUILD_IMAGE=False

devstack/plugin.sh

@@ -30,7 +30,6 @@ function nfp_configure_neutron {
     iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name "service"
     iniset $NEUTRON_CONF keystone_authtoken admin_user "neutron"
     iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD
-    iniset $NEUTRON_CONF group_policy policy_drivers "implicit_policy,resource_mapping,chain_mapping"
     iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber"
     iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver"
     iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron"
@@ -43,6 +42,44 @@ function nfp_configure_neutron {
     iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg"
 }
 
+function configure_nfp_loadbalancer {
+    echo "Configuring NFP Loadbalancer plugin driver"
+    sudo\
+ sed\
+ -i\
+ '/^service_provider.*HaproxyOnHostPluginDriver:default/'\
+'s'/\
+':default'/\
+'\n'\
+'service_provider = LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default'/\
+ /etc/neutron/neutron_lbaas.conf
+}
+
+function configure_nfp_firewall {
+    echo "Configuring NFP Firewall plugin"
+    sudo\
+ sed\
+ -i\
+ '/^service_plugins/'\
+'s'/\
+'neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin'/\
+'gbpservice.contrib.nfp.service_plugins.firewall.nfp_fwaas_plugin.NFPFirewallPlugin'/\
+ /etc/neutron/neutron.conf
+}
+
+function configure_nfp_vpn {
+    echo "Configuring NFP VPN plugin driver"
+    sudo\
+ sed\
+ -i\
+ '/^service_provider.*IPsecVPNDriver:default/'\
+'s'/\
+':default'/\
+'\n'\
+'service_provider = VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default'/\
+ /etc/neutron/neutron_vpnaas.conf
+}
+
 # Process contract
 if is_service_enabled group-policy; then
     if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
@@ -52,15 +89,22 @@ if is_service_enabled group-policy; then
         [[ $ENABLE_APIC_AIM = True ]] && install_apic_aim
         if [[ $ENABLE_NFP = True ]]; then
             echo_summary "Installing $NFP"
-            [[ $DISABLE_BUILD_IMAGE = False ]] && prepare_nfp_image_builder
+            prepare_nfp_image_builder
         fi
     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
         echo_summary "Configuring $GBP"
         gbp_configure_nova
         gbp_configure_heat
         gbp_configure_neutron
-        [[ $ENABLE_NFP = True ]] && echo_summary "Configuring $NFP"
-        [[ $ENABLE_NFP = True ]] && nfp_configure_neutron
+        if [[ $ENABLE_NFP = True ]]; then
+            echo_summary "Configuring $NFP"
+            nfp_configure_neutron
+            if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
+                configure_nfp_loadbalancer
+                configure_nfp_firewall
+                configure_nfp_vpn
+            fi
+        fi
         # REVISIT move installs to install phase?
         # install_apic_ml2
         install_gbpclient
@@ -77,10 +121,10 @@ if is_service_enabled group-policy; then
         echo_summary "Initializing $GBP"
         if [[ $ENABLE_NFP = True ]]; then
             echo_summary "Initializing $NFP"
-            [[ $DISABLE_BUILD_IMAGE = False ]] && create_nfp_image
             assign_user_role_credential
             create_nfp_gbp_resources
-            get_router_namespace
+            create_nfp_image
+            [[ $NFP_DEVSTACK_MODE = advanced ]] && launch_configuratorVM
             copy_nfp_files_and_start_process
         fi
     fi

devstack/settings

@@ -4,8 +4,10 @@ source $DEST/gbp/devstack/lib/gbp
 [[ $ENABLE_APIC_AIM = True ]] && source $DEST/gbp/devstack/lib/apic_aim
 
 ENABLE_NFP=${ENABLE_NFP:-False}
+[[ $ENABLE_NFP = True ]] && NFP_DEVSTACK_MODE=${NFP_DEVSTACK_MODE:-base}
 [[ $ENABLE_NFP = True ]] && source $DEST/gbp/devstack/lib/nfp
-[[ $ENABLE_NFP = True ]] && DISABLE_BUILD_IMAGE=${DISABLE_BUILD_IMAGE:-False}
+# VM locations
+ConfiguratorQcow2Image=${ConfiguratorQcow2Image:-build}
 
 # Enable necessary Neutron plugins, including group_policy and ncp
 Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,group_policy,ncp
@@ -39,18 +41,26 @@ else
 fi
 enable_service q-dhcp
 enable_service q-fwaas
+[[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && enable_service neutron-vpnaas
 enable_service q-lbaas
 enable_service q-meta
 enable_service neutron
 enable_service group-policy
 disable_service tempest
 ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
-# NFP services
-enable_service nfp_orchestrator,nfp_proxy,nfp_proxy_agent,nfp_base_configurator
+if [[ $ENABLE_NFP = True ]]; then
+    # NFP services
+    enable_service nfp_orchestrator
+    enable_service nfp_proxy
+    enable_service nfp_proxy_agent
+    [[ $NFP_DEVSTACK_MODE = base ]] && enable_service nfp_base_configurator
+    [[ $NFP_DEVSTACK_MODE != base ]] && enable_service nfp_config_orchestrator
+fi
+
+OVS_PHYSICAL_BRIDGE=br-ex
 
 # Deployment preferences
 SYSLOG=${SYSLOG:-True}
 
 # Skip exercises by default (can be overridden in local.conf)
 SKIP_EXERCISES=${SKIP_EXERCISES:-volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregates,zaqar,client-env,neutron-adv-test,floating_ips,client-args,horizon,sec_groups,gbp_servicechain,gbp_heat}
-

gbpservice/contrib/nfp/configurator/Dockerfile

@@ -0,0 +1,71 @@
+FROM ubuntu:14.04 
+
+RUN apt-get -y update --fix-missing
+
+# dependencies
+RUN apt-get -y --force-yes install vim\
+ python2.7\
+ python-pip\
+ python2.7-dev\
+ build-essential libssl-dev libffi-dev\
+ libyaml-dev\
+ python-ipaddr\
+ git\
+ rabbitmq-server\
+ unzip
+ 
+
+# python dependencies
+RUN pip install python-keystoneclient \
+oslo.config==3.6.0 \
+oslo.log==2.4.0 \
+oslo.messaging==4.2.0 \
+oslo.db==4.4.0 \
+oslo.policy \
+iptools \
+cryptography \
+pecan==1.0.4 \
+amqp==1.4.9 \
+wsme
+
+#haproxy lbaasv2 depedencies
+RUN sudo apt-get -y --force-yes install python-dev
+RUN sudo pip install "octavia<0.8"
+
+RUN git clone -b stable/mitaka --single-branch https://github.com/openstack/neutron-lbaas.git neutron-lbaas
+RUN sudo pip install -r /neutron-lbaas/requirements.txt --allow-all-external
+RUN cur_dir=$PWD
+RUN cd /neutron-lbaas && sudo python setup.py install
+RUN cd $cur_dir
+
+RUN git clone https://github.com/kevinsteves/pan-python.git pan-python
+RUN cur_dir=$PWD
+RUN cd /pan-python && sudo ./setup.py install
+RUN cd $cur_dir
+
+# Cache buster
+ADD https://www.random.org/strings/?num=10&len=8&digits=on&upperalpha=on&loweralpha=on&unique=on&format=plain&rnd=new cache-buster
+
+RUN git clone -b stable/mitaka --single-branch https://github.com/openstack/neutron-lib.git neutron_lib
+RUN cp -r  /neutron_lib/neutron_lib /usr/local/lib/python2.7/dist-packages/
+RUN git clone -b stable/mitaka --single-branch https://github.com/openstack/neutron.git neutron
+RUN cp -r /neutron/neutron /usr/local/lib/python2.7/dist-packages/
+RUN git clone https://github.com/openstack/group-based-policy.git group-based-policy
+RUN cd /group-based-policy && git fetch https://git.openstack.org/openstack/group-based-policy GIT-BRANCH-NAME && git checkout FETCH_HEAD
+RUN cp -r /group-based-policy/gbpservice /usr/local/lib/python2.7/dist-packages/
+RUN cp /group-based-policy/gbpservice/nfp/bin/nfp /usr/bin/
+RUN chmod +x /usr/bin/nfp
+RUN cp /group-based-policy/gbpservice/contrib/nfp/bin/nfp_configurator.ini /etc/
+RUN cp /group-based-policy/gbpservice/contrib/nfp/bin/policy.json /etc/
+RUN mkdir -p /var/log/nfp
+RUN touch /var/log/nfp/nfp_configurator.log
+RUN touch /var/log/nfp/nfp_pecan.log
+RUN sed -i "/version = version.encode('utf-8')/a\    version = '1.8.0'" /usr/local/lib/python2.7/dist-packages/pbr/packaging.py
+RUN apt-get -y --force-yes install screen
+COPY  ./run.sh /run.sh
+RUN chmod +777 /run.sh
+
+EXPOSE 8070:8080
+EXPOSE 5672:5672
+ENV HOME /root
+CMD ["/run.sh"]

gbpservice/contrib/nfp/configurator/run.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+service rabbitmq-server start
+screen -dmS "configurator" /usr/bin/python2 /usr/bin/nfp --config-file=/etc/nfp_configurator.ini --log-file=/var/log/nfp/nfp_configurator.log
+cd /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api/
+python setup.py develop
+screen -dmS  "pecan" pecan configurator_decider config.py --mode  advanced
+/bin/bash
+

gbpservice/tests/contrib/devstack/nfp

@@ -10,8 +10,8 @@ function prepare_nfp_image_builder {
 
 function create_nfp_image {
     TOP_DIR=$1
-    sudo python $DISK_IMAGE_DIR/diskimage-create/disk_image_create.py $DISK_IMAGE_DIR/diskimage-create/conf.json
-    BUILT_IMAGE_PATH=$(cat /tmp/nfp_image_path)
+    sudo python $DISK_IMAGE_DIR/diskimage-create/disk_image_create.py $DISK_IMAGE_DIR/diskimage-create/ref_configurator_conf.json
+    BUILT_IMAGE_PATH=$(cat $DISK_IMAGE_DIR/diskimage-create/output/last_built_image_path)
     upload_image file://$BUILT_IMAGE_PATH
 
     openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny
@@ -136,7 +136,7 @@ function namespace_create {
 function create_nfp_gbp_resources {
    TOP_DIR=$1
    source $TOP_DIR/openrc neutron service
-   IMAGE_PATH=$(cat /tmp/nfp_image_path)
+   IMAGE_PATH=$(cat $DISK_IMAGE_DIR/diskimage-create/output/last_built_image_path)
    IMAGE_NAME=`basename "$IMAGE_PATH"`
    IMAGE_NAME_FLAT="${IMAGE_NAME%.*}"
    FLAVOR=m1.nfp-tiny

gbpservice/tests/contrib/diskimage-create/configurator_conf.json

@@ -0,0 +1,13 @@
+{
+    "dib":
+        {
+            "image_size_in_GB": 3,
+            "cache_path": "~/.cache/image-create",
+            "elements": ["configurator", "root-passwd"],
+            "root_password": "oc@sc!23;)"
+        },
+    "ubuntu_release":
+        {
+            "release": "trusty"
+        }
+}

gbpservice/tests/contrib/diskimage-create/disk_image_create.py

@@ -10,9 +10,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-#! /usr/bin/python
-
-import datetime
 import os
 from oslo_serialization import jsonutils
 import subprocess
@@ -31,23 +28,54 @@ def parse_json(j_file):
     return
 
 
-def dib():
+def set_nfp_git_branch(nfp_branch_name, configurator_dir):
+    Dockerfile_path = configurator_dir + '/Dockerfile'
+    cmd = "sudo sed -i \"s/GIT-BRANCH-NAME/%s/g\" %s" % (
+               nfp_branch_name.replace('/', '\/'), Dockerfile_path)
+    os.system(cmd)
+
+
+def create_configurator_docker(nfp_branch_name):
+    configurator_dir = "%s/../../../contrib/nfp/configurator" % cur_dir
+    docker_images = "%s/output/docker_images/" % cur_dir
+    if not os.path.exists(docker_images):
+        os.makedirs(docker_images)
+
+    # create a docker image
+    os.chdir(configurator_dir)
+    set_nfp_git_branch(nfp_branch_name, configurator_dir)
+    docker_args = ['docker', 'build', '-t', 'configurator-docker', '.']
+    ret = subprocess.call(docker_args)
+    if(ret):
+        print("Failed to build docker image [configurator-docker]")
+        return -1
+
+    os.chdir(docker_images)
+    del(docker_args)
+    # save the docker image
+    docker_args = ['docker', 'save', '-o', 'configurator-docker',
+                   'configurator-docker']
+    ret = subprocess.call(docker_args)
+    if(ret):
+        print("Failed to save docker image [configurator-docker]")
+        return -1
+    # set environment variable, needed by 'extra-data.d'
+    os.environ['DOCKER_IMAGES_PATH'] = docker_images
+
+    return 0
+
+
+def dib(nfp_branch_name):
     dib = conf['dib']
-    elems = cur_dir + '/elements/'
+    elems = "%s/elements/" % cur_dir
 
     # set the elements path in environment variable
     os.environ['ELEMENTS_PATH'] = elems
     # set the Ubuntu Release for the build in environment variable
     os.environ['DIB_RELEASE'] = conf['ubuntu_release']['release']
 
-    image_name = 'nfp_reference_service'
     # basic elements
-    dib_args = ['disk-image-create', 'base', 'vm', 'ubuntu', 'devuser',
-                'dhcp-all-interfaces']
-
-    # create user
-    os.environ['DIB_DEV_USER_USERNAME'] = 'ubuntu'
-    os.environ['DIB_DEV_USER_SHELL'] = '/bin/bash'
+    dib_args = ['disk-image-create', 'base', 'vm', 'ubuntu']
 
     # configures elements
     for element in dib['elements']:
@@ -55,15 +83,28 @@ def dib():
         # root login enabled, set password environment varaible
         if element == 'root-passwd':
             os.environ['DIB_PASSWORD'] = dib['root_password']
-        if element == 'nfp-reference-configurator':
-            # set environment variable, needed by 'extra-data.d'
-            service_dir = cur_dir + '/../nfp_service/'
+        elif element == 'devuser':
+            os.environ['DIB_DEV_USER_USERNAME'] = 'ubuntu'
+            os.environ['DIB_DEV_USER_SHELL'] = '/bin/bash'
+        elif element == 'nfp-reference-configurator':
+            image_name = 'nfp_reference_service'
+            service_dir = "%s/../nfp_service/" % cur_dir
             pecan_dir = os.path.abspath(os.path.join(cur_dir,
                                                      '../../../nfp'))
             service_dir = os.path.realpath(service_dir)
             pecan_dir = os.path.realpath(pecan_dir)
             os.environ['PECAN_GIT_PATH'] = pecan_dir
             os.environ['SERVICE_GIT_PATH'] = service_dir
+            if 'devuser' in dib['elements']:
+                os.environ['SSH_RSS_KEY'] = (
+                    "%s/output/%s" % (cur_dir, image_name))
+                os.environ['DIB_DEV_USER_AUTHORIZED_KEYS'] = (
+                    "%s.pub" % os.environ['SSH_RSS_KEY'])
+        elif element == 'configurator':
+            image_name = 'configurator'
+            create_configurator_docker(nfp_branch_name)
+            # for bigger size images
+            dib_args.append('--no-tmpfs')
 
     # offline mode, assuming the image cache (tar) already exists
     dib_args.append('--offline')
@@ -73,19 +114,9 @@ def dib():
 
     dib_args.append('--image-size')
     dib_args.append(str(dib['image_size_in_GB']))
-    timestamp = datetime.datetime.now().strftime('%I%M%p-%d-%m-%Y')
-    image_name = image_name + '_' + timestamp
     dib_args.append('-o')
     dib_args.append(str(image_name))
 
-    # set environment variable, needed by 'extra-data.d'
-    os.environ['NFP_IMAGE_NAME'] = image_name
-    if 'nfp-reference-configurator' in dib['elements']:
-        os.environ['SSH_RSS_KEY'] = (
-            "%s/output/%s" % (cur_dir, image_name))
-        os.environ['DIB_DEV_USER_AUTHORIZED_KEYS'] = (
-            "%s.pub" % os.environ['SSH_RSS_KEY'])
-
     os.chdir(cur_dir)
     out_dir = 'output'
     if not os.path.isdir(out_dir):
@@ -95,18 +126,20 @@ def dib():
 
     ret = subprocess.call(dib_args)
     if not ret:
-        image_path = cur_dir + '/output/' + image_name + '.qcow2'
+        image_path = "%s/output/%s.qcow2" % (cur_dir, image_name)
         print("Image location: %s" % image_path)
-        with open("/tmp/nfp_image_path", "w") as f:
+        with open("%s/output/last_built_image_path" % cur_dir, "w") as f:
             f.write(image_path)
 
 
 if __name__ == "__main__":
 
-    if len(sys.argv) != 2:
+    if len(sys.argv) < 2:
         print("ERROR: Invalid Usage")
-        print("Usage:\n\t%s <json config file>" % sys.argv[0])
+        print("Usage:\n\t%s <json config file> [NFP_BRANCH_NAME]"
+              % sys.argv[0])
         print("\twhere: <json config file> contains all the configuration")
+        print("\tand NFP_BRANCH_NAME is the string, and is optional.")
         exit()
 
     # save PWD
@@ -120,5 +153,11 @@ if __name__ == "__main__":
     parse_json(sys.argv[1])
     elements = conf['dib']['elements']
 
+    nfp_branch_name = sys.argv[2] if len(sys.argv) == 3 else None
+
+    if 'configurator' in elements and nfp_branch_name is None:
+        print("ERROR: You have to pass NFP_BRANCH_NAME.")
+        exit()
+
     # run Disk Image Builder to create VM image
-    dib()
+    dib(nfp_branch_name)

gbpservice/tests/contrib/diskimage-create/elements/configurator/README.md

@@ -0,0 +1,5 @@
+Visibility
+----------
+These are the custom elements defined for adding configurator
+docker inside the cloud image.
+

gbpservice/tests/contrib/diskimage-create/elements/configurator/extra-data.d/49-cp

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -eux
+
+# create 'images' directory to hold docker images
+sudo mkdir -p ${TMP_MOUNT_PATH}/usr/share/configurator/docker/images
+
+#copy docker images to VM
+sudo cp -L ${DOCKER_IMAGES_PATH}/configurator-docker ${TMP_MOUNT_PATH}/usr/share/configurator/docker/images/

gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/01-configurator

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -eux
+
+apt-get -y --force-yes install apt-transport-https ca-certificates
+apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
+echo "deb https://apt.dockerproject.org/repo ubuntu-$DIB_RELEASE main" >> /etc/apt/sources.list.d/docker.list
+apt-get update
+apt-get purge lxc-docker
+apt-get -y --force-yes install linux-image-extra-$(uname -r)
+apt-get -y --force-yes install docker-engine
+
+sed -i '2i docker start configurator' /etc/rc.local

gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/02-cgroupfs-mount

@@ -0,0 +1,40 @@
+#!/bin/sh
+# This script is used to mount cgroup
+
+set -e
+
+# for simplicity this script provides no flexibility
+
+# if cgroup is mounted by fstab, don't run
+# don't get too smart - bail on any uncommented entry with 'cgroup' in it
+if grep -v '^#' /etc/fstab | grep -q cgroup; then
+	echo 'cgroups mounted from fstab, not mounting /sys/fs/cgroup'
+	exit 0
+fi
+
+# kernel provides cgroups?
+if [ ! -e /proc/cgroups ]; then
+	exit 0
+fi
+
+# if we don't even have the directory we need, something else must be wrong
+if [ ! -d /sys/fs/cgroup ]; then
+	exit 0
+fi
+
+# mount /sys/fs/cgroup if not already done
+if ! mountpoint -q /sys/fs/cgroup; then
+	mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+fi
+
+cd /sys/fs/cgroup
+
+# get/mount list of enabled cgroup controllers
+for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+	mkdir -p $sys
+	if ! mountpoint -q $sys; then
+		if ! mount -n -t cgroup -o $sys cgroup $sys; then
+			rmdir $sys || true
+		fi
+	fi
+done

gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/03-docker-load

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -eux
+# start docker for loading the configurator image
+docker daemon --raw-logs &
+
+# wait for docker daemon to come up
+sleep 10
+
+# preload the docker image inside the VM
+docker load -i /usr/share/configurator/docker/images/configurator-docker

gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/04-cgroupfs-umount

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# Unmount the cgroup
+
+set -e
+
+# we don't care to move tasks around gratuitously - just umount the cgroups
+
+# if we don't even have the directory we need, something else must be wrong
+if [ ! -d /sys/fs/cgroup ]; then
+	exit 0
+fi
+
+# if /sys/fs/cgroup is not mounted, we don't bother
+if ! mountpoint -q /sys/fs/cgroup; then
+	exit 0
+fi
+
+cd /sys/fs/cgroup
+
+for sys in *; do
+	if mountpoint -q $sys; then
+		umount $sys
+	fi
+	if [ -d $sys ]; then
+		rmdir $sys || true
+	fi
+done

gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/05-stop-docker

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# on the safer side, stop the docker
+service docker stop

gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/06-del-docker-images

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -eux
+
+
+# since we already did a docker load, we can delete docker images
+rm -rf /usr/share/configurator/docker/images/

gbpservice/tests/contrib/diskimage-create/elements/root-passwd/post-install.d/99-setup

@@ -0,0 +1,11 @@
+#!/bin/bash
+if [ -z "$DIB_PASSWORD" ]; then
+    echo "Error during setup password for root"
+    exit 1
+fi
+sed -i "s/disable_root: true/disable_root: false/" /etc/cloud/cloud.cfg
+install-packages augeas-tools openssh-server openssh-client
+augtool -s set /files/etc/ssh/sshd_config/PasswordAuthentication yes
+augtool -s set /files/etc/ssh/sshd_config/PermitRootLogin yes
+augtool -s set /files/etc/ssh/ssh_config/PasswordAuthentication yes
+echo -e "$DIB_PASSWORD\n$DIB_PASSWORD\n" | passwd

gbpservice/tests/contrib/diskimage-create/ref_configurator_conf.json

@@ -2,9 +2,8 @@
     "dib":
         {
             "image_size_in_GB": 3,
-            "ram_size": 512,
             "cache_path": "~/.cache/image-create",
-            "elements": ["nfp-reference-configurator"]
+            "elements": ["nfp-reference-configurator", "dhcp-all-interfaces", "devuser"]
         },
     "ubuntu_release":
         {