aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
blob: 681bce90f3644b0ba84eb51f4744de3fea5bb0ac (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Moon
__Version 4.3__

This directory contains all the modules for running the Moon platform.

## Platform Setup
- [Docker installation](tools/moon_kubernetes/README.md)
- [kubeadm installation](tools/moon_kubernetes/README.md)
- [Moon deployment](tools/moon_kubernetes/README.md)
- [OpenStack deployment](tools/openstack/README.md)


## Micro-service Architecture
The Moon platform is composed on the following components/containers:
- *consul*: a Consul configuration server
- *db*: a MySQL database server
- *keystone*: a Keystone authentication server
- [gui](moon_gui/README.md): a Moon web interface
- [manager](moon_manager/README.md): the Moon manager for the database
- [orchestrator](moon_orchestrator/README.md): the Moon component that manage pods in te K8S platform
- [wrapper](moon_wrapper/README.md): the Moon endpoint where OpenStack component connect to.


## Manipulation
### moon_gui
The Moon platform comes with a graphical user interface which can be used with 
a web browser at this URL `http://$MOON_HOST:30002`

You will be asked to put a login and password. Those elements are the login and password 
of the Keystone server, if you didn't modify the Keystone server, you will find the 
login and password here `http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit` 

**WARNING: the password is in clear text, this is a known security issue.**

### moon_manager
The Moon platform can also be requested through its API `http://$MOON_HOST:30001`

**WARNING: By default, no login/password will be needed because of 
the configuration which is in DEV mode.**

If you want more security, you have to update the configuration of the Keystone server here:
`http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit` 
by modifying the `check_token` argument to `yes`.
If you write this modification, your requests to Moon API must always include a valid token 
taken from the Keystone server. This token must be place in the header of the request 
(`X-Auth-Token`).

### End-to-end Functional Test
Check if the Manager API is running:
```bash
curl http://$MOON_HOST:30001
curl http://$MOON_HOST:30001/pdp
curl http://$MOON_HOST:30001/policies
```
    
If you configured the authentication in the Moon platform:
```bash
curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "<set_your_password_here>"
        }
      }
    },
    "scope": {
      "project": {
        "name": "admin",
        "domain": { "id": "default" }
      }
    }
  }
}' \
  "http://moon_hostname:30006/v3/auth/tokens" ; echo
  
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies
```
    
Check the Consul service for 
- *Components/Manager*, e.g. 
```json
{
  "port": 8082, 
  "bind": "0.0.0.0", 
  "hostname": "manager", 
  "container": "wukongsun/moon_manager:v4.3.1", 
  "external": {
    "port": 30001, 
    "hostname": "$MOON_HOST"
  }
}
```
- *OpenStack/Keystone*: e.g. 
```json
{
  "url": "http://keystone:5000/v3", 
  "user": "admin", 
  "password": "p4ssw0rd", 
  "domain": "default", 
  "project": "admin", 
  "check_token": false, 
  "certificate": false, 
  "external": {
    "url": "http://$MOON_HOST:30006/v3"
  }
}
```

Launch functional [test scenario](tests/functional/scenario_enabled) : 
```bash
cd $MOON_HOME/tests/functional/scenario_enabled
docker run -ti -v $(pwd):/data wukongsun/moon_forming:latest /bin/bash
moon_populate_values --consul-host=$MOON_HOST --consul-port=30005 -v /data/rbac_large.py
moon_send_authz --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$MOON_HOST --authz-port=31002 -v /data/rbac_large.py
```