echo "Waiting for Consul (http://consul:8500)"
while ! python -c "import requests; req = requests.get('http://consul:8500')" 2>/dev/null ; do
sleep 5 ;
- echo "."
+ echo -n "."
done
+echo "."
echo "Consul (http://consul:8500) is up."
python3 /root/conf2consul.py /etc/moon/moon.conf
echo "Waiting for DB (tcp://db:3306)"
while ! python -c "import socket, sys; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.connect(('db', 3306)); sys.exit(0)" 2>/dev/null ; do
sleep 5 ;
- echo "."
+ echo -n "."
done
+echo "."
echo "Database (http://db:3306) is up."
moon_db_manager upgrade
echo "Waiting for Keystone (http://keystone:5000)"
while ! python -c "import requests; req = requests.get('http://keystone:5000')" 2>/dev/null ; do
sleep 5 ;
- echo "."
+ echo -n "."
done
+echo "."
echo "Keystone (http://keystone:5000) is up."
echo "Waiting for Manager (http://manager:8082)"
while ! python -c "import requests; req = requests.get('http://manager:8082')" 2>/dev/null ; do
sleep 5 ;
- echo "."
+ echo -n "."
done
+echo "."
echo "Manager (http://manager:8082) is up."
for i in /data/*.py ; do
0.1.0
-----
-- First version of the python-moonclient
\ No newline at end of file
+- First version of the python-moonclient
+
+1.0.0
+-----
+- First public version of the python-moonclient
+
+1.0.1
+-----
+- Fix a bug in configuration
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "0.0.1"
+__version__ = "1.0.1"
def get_config_data(consul_host, consul_port):
conf_data = dict()
- conf_data['manager_host'] = get_configuration(consul_host, consul_port,
- 'components/manager')['components/manager']['external']['hostname']
- conf_data['manager_port'] = get_configuration(consul_host, consul_port,
- 'components/manager')['components/manager']['external']['port']
- # conf_data['authz_host'] = get_configuration(consul_host, consul_port,
- # 'components/interface')['components/interface']['external']['hostname']
- # conf_data['authz_port'] = get_configuration(consul_host, consul_port,
- # 'components/interface')['components/interface']['external']['port']
- conf_data['keystone_host'] = get_configuration(consul_host, consul_port,
- 'openstack/keystone')['openstack/keystone']['external']['url']
- # conf_data['keystone_port'] = '5000'
+ conf_data['manager_host'] = get_configuration(
+ consul_host, consul_port,
+ 'components/manager')['components/manager']['external']['hostname']
+ conf_data['manager_port'] = get_configuration(
+ consul_host, consul_port,
+ 'components/manager')['components/manager']['external']['port']
+ try:
+ requests.get("http://{}:{}/".format(
+ conf_data['manager_host'],
+ conf_data['manager_port']
+ ),
+ timeout=2)
+ except requests.exceptions.ConnectionError:
+ conf_data['manager_host'] = get_configuration(consul_host, consul_port,
+ 'components/manager')[
+ 'components/manager']['hostname']
+ conf_data['manager_port'] = get_configuration(consul_host, consul_port,
+ 'components/manager')[
+ 'components/manager']['port']
+
+ conf_data['keystone_host'] = get_configuration(
+ consul_host, consul_port,
+ 'openstack/keystone')['openstack/keystone']['external']['url']
+ try:
+ requests.get(conf_data['keystone_host'], timeout=2)
+ except requests.exceptions.ConnectionError:
+ conf_data['keystone_host'] = get_configuration(
+ consul_host, consul_port,
+ 'openstack/keystone')['openstack/keystone']['url']
+
conf_data['keystone_user'] = get_configuration(consul_host, consul_port,
'openstack/keystone')['openstack/keystone']['user']
conf_data['keystone_password'] = get_configuration(consul_host, consul_port,
conf_data['keystone_project'] = get_configuration(consul_host, consul_port,
'openstack/keystone')['openstack/keystone']['project']
return conf_data
-
-# get_conf_data('88.88.88.2', '30005')
-# get_conf_data('127.0.0.1', 8082)
--- /dev/null
+
+pdp_name = "pdp_mls"
+policy_name = "MLS Policy example"
+model_name = "MLS"
+policy_genre = "authz"
+
+subjects = {"adminuser": "", "user1": "", "user2": "", }
+objects = {"vm0": "", "vm1": "", }
+actions = {"start": "", "stop": ""}
+
+subject_categories = {"subject-security-level": "", }
+object_categories = {"object-security-level": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {
+ "subject-security-level": {"low": "", "medium": "", "high": ""},
+}
+object_data = {
+ "object-security-level": {"low": "", "medium": "", "high": ""},
+}
+action_data = {"action-type": {"vm-action": "", "storage-action": "", }}
+
+subject_assignments = {
+ "adminuser": {"subject-security-level": "high"},
+ "user1": {"subject-security-level": "medium"},
+}
+object_assignments = {
+ "vm0": {"object-security-level": "medium"},
+ "vm1": {"object-security-level": "low"},
+}
+action_assignments = {
+ "start": {"action-type": "vm-action"},
+ "stop": {"action-type": "vm-action"}
+}
+
+meta_rule = {
+ "mls": {
+ "id": "",
+ "value": ("subject-security-level",
+ "object-security-level",
+ "action-type")},
+}
+
+rules = {
+ "mls": (
+ {
+ "rule": ("high", "medium", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ {
+ "rule": ("high", "low", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ {
+ "rule": ("medium", "low", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ )
+}
--- /dev/null
+
+pdp_name = "pdp_rbac1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {"adminuser": "", "user1": "", }
+objects = {"vm0": "", "vm1": "", }
+actions = {"start": "", "stop": ""}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {"admin": "", "employee": "", "*": ""}}
+object_data = {"id": {"vm0": "", "vm1": "", "*": ""}}
+action_data = {"action-type": {"vm-action": "", "*": ""}}
+
+subject_assignments = {
+ "adminuser":
+ ({"role": "admin"}, {"role": "employee"}, {"role": "*"}),
+ "user1":
+ ({"role": "employee"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0":
+ ({"id": "vm0"}, {"id": "*"}),
+ "vm1":
+ ({"id": "vm1"}, {"id": "*"})
+}
+action_assignments = {
+ "start":
+ ({"action-type": "vm-action"}, {"action-type": "*"}),
+ "stop":
+ ({"action-type": "vm-action"}, {"action-type": "*"})
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-action"),
+ "instructions": (
+ {"decision": "grant"},
+ # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ )
+ },
+ {
+ "rule": ("employee", "vm1", "vm-action"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
## Moon Deployment
### Initiate K8S
```bash
-cd $MOON_HOME/tools/moon_kubernes
-sudo bash init_k8s.sh
+cd $MOON_HOME
+bash tools/moon_kubernes/init_k8s.sh
```
Wait until all the kubeadm containers are in the `running` state:
### Deploy Moon
```bash
-cd $MOON_HOME/tools/moon_kubernes
-sudo bash start_moon.sh
+cd $MOON_HOME
+sudo bash tools/moon_kubernes/start_moon.sh
```
Wait until all the Moon containers are in the `running` state:
#kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl delete deployment kube-dns --namespace=kube-system
-kubectl apply -f templates/kube-dns.yaml
+kubectl apply -f tools/moon_kubernetes/templates/kube-dns.yaml
kubectl taint nodes --all node-role.kubernetes.io/master- # make the master also as a node
set -x
kubectl create namespace moon
-kubectl create configmap moon-config --from-file conf/moon.conf -n moon
+kubectl create configmap moon-config --from-file tools/moon_kubernetes/conf/moon.conf -n moon
kubectl create configmap config --from-file ~/.kube/config -n moon
-kubectl create secret generic mysql-root-pass --from-file=conf/password_root.txt -n moon
-kubectl create secret generic mysql-pass --from-file=conf/password_moon.txt -n moon
+kubectl create configmap moon-policy-templates --from-file tests/functional/scenario_tests -n moon
+kubectl create secret generic mysql-root-pass --from-file=tools/moon_kubernetes/conf/password_root.txt -n moon
+kubectl create secret generic mysql-pass --from-file=tools/moon_kubernetes/conf/password_moon.txt -n moon
-kubectl create -n moon -f templates/consul.yaml
-kubectl create -n moon -f templates/db.yaml
-kubectl create -n moon -f templates/keystone.yaml
+kubectl create -n moon -f tools/moon_kubernetes/templates/consul.yaml
+kubectl create -n moon -f tools/moon_kubernetes/templates/db.yaml
+kubectl create -n moon -f tools/moon_kubernetes/templates/keystone.yaml
echo =========================================
kubectl get pods -n moon
echo =========================================
sleep 10
-kubectl create -n moon -f templates/moon_forming.yaml
+kubectl create -n moon -f tools/moon_kubernetes/templates/moon_forming.yaml
echo Waiting for jobs forming
sleep 5
kubectl logs -n moon jobs/forming
sleep 5
-kubectl create -n moon -f templates/moon_manager.yaml
+kubectl create -n moon -f tools/moon_kubernetes/templates/moon_manager.yaml
sleep 2
-kubectl create -n moon -f templates/moon_orchestrator.yaml
+kubectl create -n moon -f tools/moon_kubernetes/templates/moon_orchestrator.yaml
-kubectl create -n moon -f templates/moon_gui.yaml
+kubectl create -n moon -f tools/moon_kubernetes/templates/moon_gui.yaml
spec:
containers:
- name: forming
- image: wukongsun/moon_forming:v1.3
+ image: wukongsun/moon_forming:latest
env:
- name: POPULATE_ARGS
value: "--verbose" # debug mode: --debug
volumeMounts:
- name: config-volume
mountPath: /etc/moon
- - name: test-volume
+ - name: templates-volume
mountPath: /data
volumes:
- name: config-volume
configMap:
name: moon-config
- - name: test-volume
- hostPath:
- path: tests/functional/scenario_enabled
- type: Directory
+ - name: templates-volume
+ configMap:
+ name: moon-policy-templates
restartPolicy: Never
#backoffLimit: 4
\ No newline at end of file
Code Review / moon.git / commitdiff