Version 4.3

This directory contains all the modules for running the Moon platform.

• Docker installation
• kubeadm installation
• Moon deployment
• OpenStack deployment

The Moon platform is composed on the following components/containers:

• consul: a Consul configuration server
• db: a MySQL database server
• keystone: a Keystone authentication server
• gui: a Moon web interface
• manager: the Moon manager for the database
• orchestrator: the Moon component that manage pods in te K8S platform
• wrapper: the Moon endpoint where OpenStack component connect to.

The Moon platform comes with a graphical user interface which can be used with a web browser at this URL http://$MOON_HOST:30002

You will be asked to put a login and password. Those elements are the login and password of the Keystone server, if you didn't modify the Keystone server, you will find the login and password here http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit

WARNING: the password is in clear text, this is a known security issue.

The Moon platform can also be requested through its API http://$MOON_HOST:30001

WARNING: By default, no login/password will be needed because of the configuration which is in DEV mode.

If you want more security, you have to update the configuration of the Keystone server here: http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit by modifying the check_token argument to yes. If you write this modification, your requests to Moon API must always include a valid token taken from the Keystone server. This token must be place in the header of the request (X-Auth-Token).

Check if the Manager API is running:

curl http://$MOON_HOST:30001
curl http://$MOON_HOST:30001/pdp
curl http://$MOON_HOST:30001/policies

Check the Consul service for

• Components/Manager, e.g.

{
  "port": 8082, 
  "bind": "0.0.0.0", 
  "hostname": "manager", 
  "container": "wukongsun/moon_manager:v4.3.1", 
  "external": {
    "port": 30001, 
    "hostname": "$MOON_HOST"
  }
}

• OpenStack/Keystone: e.g.

{
  "url": "http://keystone:5000/v3", 
  "user": "admin", 
  "password": "p4ssw0rd", 
  "domain": "default", 
  "project": "admin", 
  "check_token": false, 
  "certificate": false, 
  "external": {
    "url": "http://$MOON_HOST:30006/v3"
  }
}

Launch functional test scenario :

sudo pip install python_moonclient --upgrade
cd $MOON_HOME/tests/functional/scenario_tests
moon_create_pdp --consul-host=$MOON_HOST --consul-port=30005 -v rbac_large.py
moon_get_keystone_project --consul-host=$MOON_HOST --consul-port=30005 
moon_get_pdp --consul-host=$MOON_HOST --consul-port=30005 
moon_map_pdp_to_project "<pdp_id>" "<keystone_project_id>"
moon_send_authz_to_wrapper --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$WRAPPER_HOST --authz-port=$WRAPPER_PORT -v rbac_large.py

To retrieve the wrapper information, use the following command:

kubectl get -n moon services | grep wrapper

If you configured the authentication in the Moon platform:

curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "<set_your_password_here>"
        }
      }
    },
    "scope": {
      "project": {
        "name": "admin",
        "domain": { "id": "default" }
      }
    }
  }
}' \
  "http://moon_hostname:30006/v3/auth/tokens" ; echo
  
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies