1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
# Moon
__Version 4.3__
This directory contains all the modules for running the Moon platform.
## Platform Setup
- [Docker installation](tools/moon_kubernetes/README.md)
- [kubeadm installation](tools/moon_kubernetes/README.md)
- [Moon deployment](tools/moon_kubernetes/README.md)
- [OpenStack deployment](tools/openstack/README.md)
## Micro-service Architecture
The Moon platform is composed on the following components/containers:
- *consul*: a Consul configuration server
- *db*: a MySQL database server
- *keystone*: a Keystone authentication server
- [gui](moon_gui/README.md): a Moon web interface
- [manager](moon_manager/README.md): the Moon manager for the database
- [orchestrator](moon_orchestrator/README.md): the Moon component that manage pods in te K8S platform
- [wrapper](moon_wrapper/README.md): the Moon endpoint where OpenStack component connect to.
## Manipulation
### moon_gui
The Moon platform comes with a graphical user interface which can be used with
a web browser at this URL `http://$MOON_HOST:30002`
You will be asked to put a login and password. Those elements are the login and password
of the Keystone server, if you didn't modify the Keystone server, you will find the
login and password here `http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit`
**WARNING: the password is in clear text, this is a known security issue.**
### moon_manager
The Moon platform can also be requested through its API `http://$MOON_HOST:30001`
**WARNING: By default, no login/password will be needed because of
the configuration which is in DEV mode.**
If you want more security, you have to update the configuration of the Keystone server here:
`http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit`
by modifying the `check_token` argument to `yes`.
If you write this modification, your requests to Moon API must always include a valid token
taken from the Keystone server. This token must be place in the header of the request
(`X-Auth-Token`).
### End-to-end Functional Test
Check if the Manager API is running:
```bash
curl http://$MOON_HOST:30001
curl http://$MOON_HOST:30001/pdp
curl http://$MOON_HOST:30001/policies
```
### Consul Check
Check the Consul service for
- *Components/Manager*, e.g.
```json
{
"port": 8082,
"bind": "0.0.0.0",
"hostname": "manager",
"container": "wukongsun/moon_manager:v4.3.1",
"external": {
"port": 30001,
"hostname": "$MOON_HOST"
}
}
```
- *OpenStack/Keystone*: e.g.
```json
{
"url": "http://keystone:5000/v3",
"user": "admin",
"password": "p4ssw0rd",
"domain": "default",
"project": "admin",
"check_token": false,
"certificate": false,
"external": {
"url": "http://$MOON_HOST:30006/v3"
}
}
```
### Tests
Launch functional [test scenario](tests/functional/scenario_enabled) :
```bash
sudo pip install python_moonclient --upgrade
cd $MOON_HOME/tests/functional/scenario_tests
moon_create_pdp --consul-host=$MOON_HOST --consul-port=30005 -v rbac_large.py
moon_get_keystone_project --consul-host=$MOON_HOST --consul-port=30005
moon_get_pdp --consul-host=$MOON_HOST --consul-port=30005
moon_map_pdp_to_project "<pdp_id>" "<keystone_project_id>"
moon_send_authz_to_wrapper --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$WRAPPER_HOST --authz-port=$WRAPPER_PORT -v rbac_large.py
```
To retrieve the wrapper information, use the following command:
```bash
kubectl get -n moon services | grep wrapper
```
## Annexe
### Authentication
If you configured the authentication in the Moon platform:
```bash
curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "<set_your_password_here>"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "id": "default" }
}
}
}
}' \
"http://moon_hostname:30006/v3/auth/tokens" ; echo
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies
```
|