diff options
-rw-r--r-- | moonv4/README.md | 237 |
1 files changed, 119 insertions, 118 deletions
diff --git a/moonv4/README.md b/moonv4/README.md index d05c03b2..ba3604d6 100644 --- a/moonv4/README.md +++ b/moonv4/README.md @@ -3,68 +3,61 @@ __Version 4.3__ This directory contains all the modules for running the Moon platform. -**WARNING: this is a proof of concept, don't expect anymore...** - ## Installation - ### kubeadm - You must follow those explanations to install `kubeadm`: - > https://kubernetes.io/docs/setup/independent/install-kubeadm/ To summarize, you must install `docker`: - - apt update - apt install -y docker.io - +```bash +apt update +apt install -y docker.io +``` + And then, install `kubeadm`: - - apt update && apt install -y apt-transport-https - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list - deb http://apt.kubernetes.io/ kubernetes-xenial main - EOF - apt update - apt install -y kubelet kubeadm kubectl - +```bash +apt update && apt install -y apt-transport-https +curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - +cat <<EOF >/etc/apt/sources.list.d/kubernetes.list +deb http://apt.kubernetes.io/ kubernetes-xenial main +EOF +apt update +apt install -y kubelet kubeadm kubectl +``` ### Moon - The Moon code is not necessary to start the platform but you need Kubernetes configuration files from the GIT repository. The easy way is to clone the Moon code: - - git clone https://git.opnfv.org/moon - cd moon/moonv4 - export MOON=$(pwd) - +```bash +git clone https://git.opnfv.org/moon +cd moon/moonv4 +export MOON=$(pwd) +``` ### OpenStack - You must have the following OpenStack components installed somewhere: - - nova, see [Nova install](https://docs.openstack.org/mitaka/install-guide-ubuntu/nova-controller-install.html) - glance, see [Glance install](https://docs.openstack.org/glance/pike/install/) A Keystone component is automatically installed and configured in the Moon platform. After the Moon platform installation, the Keystone server will be available -at: http://localhost:30005 or http://\<servername\>:30005 +at: `http://localhost:30005 or http://\<servername\>:30005` You can also use your own Keystone server if you want. -## initialisation - +## Initialisation ### kubeadm - The `kubeadm` platform can be initialized with the following shell script: - - sh kubernetes/init_k8s.sh +```bash +sh kubernetes/init_k8s.sh +``` Wait until all the kubeadm containers are in the `running` state: - - watch kubectl get po --namespace=kube-system +```bash +watch kubectl get po --namespace=kube-system +``` You must see something like this: @@ -81,9 +74,7 @@ You must see something like this: kube-scheduler-varuna 1/1 Running 0 1h ### Moon - The Moon platform is composed on the following components: - * `consul`: a Consul configuration server * `db`: a MySQL database server * `keystone`: a Keystone authentication server @@ -93,36 +84,31 @@ The Moon platform is composed on the following components: * `wrapper`: the Moon endpoint where OpenStack component connect to. At this point, you must choose one of the following options: - * Specific configuration * Generic configuration -#### Specific configuration - +#### Specific Configuration Why using a specific configuration: - 1. The `db` and `keystone` can be installed by yourself but you must configure the Moon platform to use them. 2. You want to change the default passwords in the Moon platform -Use the following commands: - - TODO - -#### Generic configuration +Use the following commands: `TODO` +#### Generic Configuration Why using a specific configuration: - 1. You just want to test the platform 2. You want to develop on the Moon platform The `Moon` platform can be initialized with the following shell script: +```bash +sh kubernetes/start_moon.sh +``` - sh kubernetes/start_moon.sh - Wait until all the Moon containers are in the `running` state: - - watch kubectl get po --namespace=moon +```bash +watch kubectl get po --namespace=moon +``` You must see something like this: @@ -138,13 +124,9 @@ You must see something like this: orchestrator-65d8fb4574-tnfx2 1/1 Running 0 51m wrapper-astonishing-748b7dcc4f-ngsvp 1/1 Running 0 51m - -## configuration - +## Configuration ### Moon - #### Introduction - The Moon platform is already configured after the installation. If you want to see or modify the configuration, go with a web browser to the following page: @@ -159,18 +141,14 @@ and not during its life cycle. This is a known security issue.** #### Keystone - If you have your own Keystone server, you can point Moon to your server in the `openstack/keystone` element or through the link: - > http://localhost:30005/ui/#/dc1/kv/openstack/keystone/edit This configuration element is read every time Moon need it, specially when adding users. #### Database - The database can also be modified here: - > http://varuna:30005/ui/#/dc1/kv/database/edit **WARNING: the password is in clear text, this is a known security issue.** @@ -187,25 +165,23 @@ This can be done with the following commands: kubectl create -f kubernetes/templates/moon_configuration.yaml -### Openstack - +### OpenStack Before updating the configuration of the OpenStack platform, check that the platform is working without Moon, use the following commands: - - # set authentication - openstack endpoint list - openstack user list - openstack server list +```bash +# set authentication +openstack endpoint list +openstack user list +openstack server list +``` In order to connect the OpenStack platform with the Moon platform, you must update some configuration files in Nova and Glance: - * `/etc/nova/policy.json` * `/etc/glance/policy.json` In some installed platform, the `/etc/nova/policy.json` can be absent so you have to create one. You can find example files in those directory: - > ${MOON}/moonv4/templates/nova/policy.json > ${MOON}/moonv4/templates/glance/policy.json @@ -230,30 +206,25 @@ To find this TCP port, use the following command: 31002/TCP ### Moon - The Moon platform comes with a graphical user interface which can be used with a web browser at this URL: - -> http://localhost:30002 +> http://$MOON_HOST:30002 You will be asked to put a login and password. Those elements are the login and password of the Keystone server, if you didn't modify the Keystone server, you will find the login and password here: - -> http://varuna:30005/ui/#/dc1/kv/openstack/keystone/edit +> http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit **WARNING: the password is in clear text, this is a known security issue.** The Moon platform can also be requested through its API: - -> http://localhost:30001 +> http://$MOON_HOST:30001 **WARNING: By default, no login/password will be needed because of the configuration which is in DEV mode.** If you want more security, you have to update the configuration of the Keystone server here: - -> http://varuna:30005/ui/#/dc1/kv/openstack/keystone/edit +> http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit by modifying the `check_token` argument to `yes`. If you write this modification, your requests to Moon API must always include a valid token @@ -261,58 +232,88 @@ taken from the Keystone server. This token must be place in the header of the re (`X-Auth-Token`). ## usage - ### tests the platform - In order to know if the platform is healthy, here are some commands you can use. - 1) Check that all the K8S pods in the Moon namespace are in running state: - - kubectl get pods -n moon +`kubectl get pods -n moon` 2) Check if the Manager API is running: - - curl http://moon_hostname:30001 - curl http://moon_hostname:30001/pdp - curl http://moon_hostname:30001/policies - +```bash +curl http://$MOON_HOST:30001 +curl http://$MOON_HOST:30001/pdp +curl http://$MOON_HOST:30001/policies +``` - If you configured the authentication in the Moon platform: - - curl -i \ - -H "Content-Type: application/json" \ - -d ' - { "auth": { - "identity": { - "methods": ["password"], - "password": { - "user": { - "name": "admin", - "domain": { "id": "default" }, - "password": "<set_your_password_here>" - } - } - }, - "scope": { - "project": { - "name": "admin", - "domain": { "id": "default" } - } +If you configured the authentication in the Moon platform: +```bash +curl -i \ + -H "Content-Type: application/json" \ + -d ' +{ "auth": { + "identity": { + "methods": ["password"], + "password": { + "user": { + "name": "admin", + "domain": { "id": "default" }, + "password": "<set_your_password_here>" } } - }' \ - "http://moon_hostname:30006/v3/auth/tokens" ; echo - - curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001 - curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp - curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies - + }, + "scope": { + "project": { + "name": "admin", + "domain": { "id": "default" } + } + } + } +}' \ + "http://moon_hostname:30006/v3/auth/tokens" ; echo + +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001 +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies +``` + 3) Use a web browser to navigate to the GUI and enter the login and password of the keystone service: - - firefox http://moon_hostname:30002 +`firefox http://$MOON_HOST:30002` + +4) Use tests Python Scripts +check firstly the Consul service for *Components/Manager*, e.g. +```json +{ + "port": 8082, + "bind": "0.0.0.0", + "hostname": "manager", + "container": "wukongsun/moon_manager:v4.3.1", + "external": { + "port": 30001, + "hostname": "$MOON_HOST" + } +} +``` +*OpenStack/Keystone*: e.g. +```json +{ + "url": "http://keystone:5000/v3", + "user": "admin", + "password": "p4ssw0rd", + "domain": "default", + "project": "admin", + "check_token": false, + "certificate": false, + "external": { + "url": "http://$MOON_HOST:30006/v3" + } +} +``` + +```bash +python3 populate_default_values.py --consul-host=$MOON_HOST --consul-port=30005 -v scenario/rbac_large.py +python3 send_authz.py --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$MOON_HOST --authz-port=31002 -v scenario/rbac_large.py +``` ### GUI usage - After authentication, you will see 4 tabs: Project, Models, Policies, PDP: * *Projects*: configure mapping between Keystone projects and PDP (Policy Decision Point) |