Version 4.3
This directory contains all the modules for running the Moon platform.
The Moon platform is composed on the following components/containers:
- consul: a Consul configuration server
- db: a MySQL database server
- keystone: a Keystone authentication server
- gui: a Moon web interface
- manager: the Moon manager for the database
- orchestrator: the Moon component that manage pods in te K8S platform
- wrapper: the Moon endpoint where OpenStack component connect to.
The Moon platform comes with a graphical user interface which can be used with
a web browser at this URL http://$MOON_HOST:30002
You will be asked to put a login and password. Those elements are the login and password
of the Keystone server, if you didn't modify the Keystone server, you will find the
login and password here http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit
WARNING: the password is in clear text, this is a known security issue.
The Moon platform can also be requested through its API http://$MOON_HOST:30001
WARNING: By default, no login/password will be needed because of the configuration which is in DEV mode.
If you want more security, you have to update the configuration of the Keystone server here:
http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit
by modifying the check_token
argument to yes
.
If you write this modification, your requests to Moon API must always include a valid token
taken from the Keystone server. This token must be place in the header of the request
(X-Auth-Token
).
Check if the Manager API is running:
curl http://$MOON_HOST:30001
curl http://$MOON_HOST:30001/pdp
curl http://$MOON_HOST:30001/policies
Check the Consul service for
- Components/Manager, e.g.
{
"port": 8082,
"bind": "0.0.0.0",
"hostname": "manager",
"container": "wukongsun/moon_manager:v4.3.1",
"external": {
"port": 30001,
"hostname": "$MOON_HOST"
}
}
- OpenStack/Keystone: e.g.
{
"url": "http://keystone:5000/v3",
"user": "admin",
"password": "p4ssw0rd",
"domain": "default",
"project": "admin",
"check_token": false,
"certificate": false,
"external": {
"url": "http://$MOON_HOST:30006/v3"
}
}
Launch functional test scenario :
sudo pip install python_moonclient --upgrade
cd $MOON_HOME/tests/functional/scenario_tests
moon_create_pdp --consul-host=$MOON_HOST --consul-port=30005 -v rbac_large.py
moon_get_keystone_project --consul-host=$MOON_HOST --consul-port=30005
moon_get_pdp --consul-host=$MOON_HOST --consul-port=30005
moon_map_pdp_to_project "<pdp_id>" "<keystone_project_id>"
moon_send_authz_to_wrapper --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$WRAPPER_HOST --authz-port=$WRAPPER_PORT -v rbac_large.py
To retrieve the wrapper information, use the following command:
kubectl get -n moon services | grep wrapper
If you configured the authentication in the Moon platform:
curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "<set_your_password_here>"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "id": "default" }
}
}
}
}' \
"http://moon_hostname:30006/v3/auth/tokens" ; echo
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp
curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies