This directory contains all the modules for running the Moon platform.
-**WARNING: this is a proof of concept, don't expect anymore...**
-
## Installation
-
### kubeadm
-
You must follow those explanations to install `kubeadm`:
-
> https://kubernetes.io/docs/setup/independent/install-kubeadm/
To summarize, you must install `docker`:
-
- apt update
- apt install -y docker.io
-
+```bash
+apt update
+apt install -y docker.io
+```
+
And then, install `kubeadm`:
-
- apt update && apt install -y apt-transport-https
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
- cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
- deb http://apt.kubernetes.io/ kubernetes-xenial main
- EOF
- apt update
- apt install -y kubelet kubeadm kubectl
-
+```bash
+apt update && apt install -y apt-transport-https
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+apt update
+apt install -y kubelet kubeadm kubectl
+```
### Moon
-
The Moon code is not necessary to start the platform but you need
Kubernetes configuration files from the GIT repository.
The easy way is to clone the Moon code:
-
- git clone https://git.opnfv.org/moon
- cd moon/moonv4
- export MOON=$(pwd)
-
+```bash
+git clone https://git.opnfv.org/moon
+cd moon/moonv4
+export MOON=$(pwd)
+```
### OpenStack
-
You must have the following OpenStack components installed somewhere:
-
- nova, see [Nova install](https://docs.openstack.org/mitaka/install-guide-ubuntu/nova-controller-install.html)
- glance, see [Glance install](https://docs.openstack.org/glance/pike/install/)
A Keystone component is automatically installed and configured in the Moon platform.
After the Moon platform installation, the Keystone server will be available
-at: http://localhost:30005 or http://\<servername\>:30005
+at: `http://localhost:30005 or http://\<servername\>:30005`
You can also use your own Keystone server if you want.
-## initialisation
-
+## Initialisation
### kubeadm
-
The `kubeadm` platform can be initialized with the following shell script:
-
- sh kubernetes/init_k8s.sh
+```bash
+sh kubernetes/init_k8s.sh
+```
Wait until all the kubeadm containers are in the `running` state:
-
- watch kubectl get po --namespace=kube-system
+```bash
+watch kubectl get po --namespace=kube-system
+```
You must see something like this:
kube-scheduler-varuna 1/1 Running 0 1h
### Moon
-
The Moon platform is composed on the following components:
-
* `consul`: a Consul configuration server
* `db`: a MySQL database server
* `keystone`: a Keystone authentication server
* `wrapper`: the Moon endpoint where OpenStack component connect to.
At this point, you must choose one of the following options:
-
* Specific configuration
* Generic configuration
-#### Specific configuration
-
+#### Specific Configuration
Why using a specific configuration:
-
1. The `db` and `keystone` can be installed by yourself but you must configure the
Moon platform to use them.
2. You want to change the default passwords in the Moon platform
-Use the following commands:
-
- TODO
-
-#### Generic configuration
+Use the following commands: `TODO`
+#### Generic Configuration
Why using a specific configuration:
-
1. You just want to test the platform
2. You want to develop on the Moon platform
The `Moon` platform can be initialized with the following shell script:
+```bash
+sh kubernetes/start_moon.sh
+```
- sh kubernetes/start_moon.sh
-
Wait until all the Moon containers are in the `running` state:
-
- watch kubectl get po --namespace=moon
+```bash
+watch kubectl get po --namespace=moon
+```
You must see something like this:
orchestrator-65d8fb4574-tnfx2 1/1 Running 0 51m
wrapper-astonishing-748b7dcc4f-ngsvp 1/1 Running 0 51m
-
-## configuration
-
+## Configuration
### Moon
-
#### Introduction
-
The Moon platform is already configured after the installation.
If you want to see or modify the configuration, go with a web browser
to the following page:
This is a known security issue.**
#### Keystone
-
If you have your own Keystone server, you can point Moon to your server in the
`openstack/keystone` element or through the link:
-
> http://localhost:30005/ui/#/dc1/kv/openstack/keystone/edit
This configuration element is read every time Moon need it, specially when adding users.
#### Database
-
The database can also be modified here:
-
> http://varuna:30005/ui/#/dc1/kv/database/edit
**WARNING: the password is in clear text, this is a known security issue.**
kubectl create -f kubernetes/templates/moon_configuration.yaml
-### Openstack
-
+### OpenStack
Before updating the configuration of the OpenStack platform, check that the platform
is working without Moon, use the following commands:
-
- # set authentication
- openstack endpoint list
- openstack user list
- openstack server list
+```bash
+# set authentication
+openstack endpoint list
+openstack user list
+openstack server list
+```
In order to connect the OpenStack platform with the Moon platform, you must update some
configuration files in Nova and Glance:
-
* `/etc/nova/policy.json`
* `/etc/glance/policy.json`
In some installed platform, the `/etc/nova/policy.json` can be absent so you have
to create one. You can find example files in those directory:
-
> ${MOON}/moonv4/templates/nova/policy.json
> ${MOON}/moonv4/templates/glance/policy.json
31002/TCP
### Moon
-
The Moon platform comes with a graphical user interface which can be used with
a web browser at this URL:
-
-> http://localhost:30002
+> http://$MOON_HOST:30002
You will be asked to put a login and password. Those elements are the login and password
of the Keystone server, if you didn't modify the Keystone server, you will find the
login and password here:
-
-> http://varuna:30005/ui/#/dc1/kv/openstack/keystone/edit
+> http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit
**WARNING: the password is in clear text, this is a known security issue.**
The Moon platform can also be requested through its API:
-
-> http://localhost:30001
+> http://$MOON_HOST:30001
**WARNING: By default, no login/password will be needed because of
the configuration which is in DEV mode.**
If you want more security, you have to update the configuration of the Keystone server here:
-
-> http://varuna:30005/ui/#/dc1/kv/openstack/keystone/edit
+> http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit
by modifying the `check_token` argument to `yes`.
If you write this modification, your requests to Moon API must always include a valid token
(`X-Auth-Token`).
## usage
-
### tests the platform
-
In order to know if the platform is healthy, here are some commands you can use.
-
1) Check that all the K8S pods in the Moon namespace are in running state:
-
- kubectl get pods -n moon
+`kubectl get pods -n moon`
2) Check if the Manager API is running:
-
- curl http://moon_hostname:30001
- curl http://moon_hostname:30001/pdp
- curl http://moon_hostname:30001/policies
-
+```bash
+curl http://$MOON_HOST:30001
+curl http://$MOON_HOST:30001/pdp
+curl http://$MOON_HOST:30001/policies
+```
- If you configured the authentication in the Moon platform:
-
- curl -i \
- -H "Content-Type: application/json" \
- -d '
- { "auth": {
- "identity": {
- "methods": ["password"],
- "password": {
- "user": {
- "name": "admin",
- "domain": { "id": "default" },
- "password": "<set_your_password_here>"
- }
- }
- },
- "scope": {
- "project": {
- "name": "admin",
- "domain": { "id": "default" }
- }
+If you configured the authentication in the Moon platform:
+```bash
+curl -i \
+ -H "Content-Type: application/json" \
+ -d '
+{ "auth": {
+ "identity": {
+ "methods": ["password"],
+ "password": {
+ "user": {
+ "name": "admin",
+ "domain": { "id": "default" },
+ "password": "<set_your_password_here>"
}
}
- }' \
- "http://moon_hostname:30006/v3/auth/tokens" ; echo
-
- curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001
- curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp
- curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies
-
+ },
+ "scope": {
+ "project": {
+ "name": "admin",
+ "domain": { "id": "default" }
+ }
+ }
+ }
+}' \
+ "http://moon_hostname:30006/v3/auth/tokens" ; echo
+
+curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001
+curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp
+curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies
+```
+
3) Use a web browser to navigate to the GUI and enter the login and password of the keystone service:
-
- firefox http://moon_hostname:30002
+`firefox http://$MOON_HOST:30002`
+
+4) Use tests Python Scripts
+check firstly the Consul service for *Components/Manager*, e.g.
+```json
+{
+ "port": 8082,
+ "bind": "0.0.0.0",
+ "hostname": "manager",
+ "container": "wukongsun/moon_manager:v4.3.1",
+ "external": {
+ "port": 30001,
+ "hostname": "$MOON_HOST"
+ }
+}
+```
+*OpenStack/Keystone*: e.g.
+```json
+{
+ "url": "http://keystone:5000/v3",
+ "user": "admin",
+ "password": "p4ssw0rd",
+ "domain": "default",
+ "project": "admin",
+ "check_token": false,
+ "certificate": false,
+ "external": {
+ "url": "http://$MOON_HOST:30006/v3"
+ }
+}
+```
+
+```bash
+python3 populate_default_values.py --consul-host=$MOON_HOST --consul-port=30005 -v scenario/rbac_large.py
+python3 send_authz.py --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$MOON_HOST --authz-port=31002 -v scenario/rbac_large.py
+```
### GUI usage
-
After authentication, you will see 4 tabs: Project, Models, Policies, PDP:
* *Projects*: configure mapping between Keystone projects and PDP (Policy Decision Point)
Code Review / moon.git / commitdiff