Giters

plusserver / testbed-gx-iam

GAIA-X SCS Identity and Access Management (IAM) testbed

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GAIA-X SCS Identity and Access Management (IAM) testbed

This testbed provides a minimized GAIA-X Sovereign Cloud Stack (SCS) environment. By default MariaDB, Keystone, Keyloak and Horizon are deployed.

It focuses on working with Keystone and Keycloak in the context of the GAIA-X MVP WP.

The testbed is based on the testbed of the OSISM project. Documentation is available at https://docs.osism.de/testbed/.

Usage

  • Create clouds.yaml and secure.yaml in the terraform directory

  • Execute make ENVIRONMENT=betacloud deploy within the terraform directory (betacloud is replaced with the CSP to be used)

  • The progress of the deployment can be checked with make ENVIRONMENT=betacloud log

  • After completion of the deployment a login via make ENVIRONMENT=betacloud login is possible

  • For access to the web interfaces and API endpoints a tunnel can be created with make ENVIRONMENT=betacloud tunnel (https://github.com/sshuttle/sshuttle must be installed)

  • Add 192.168.16.9 testbed-gx-iam.osism.test to your local /etc/hosts file

  • It is possible to customize testbed-gx-iam.osism.test, for this purpose add PARAMS="-var endpoint=somehost.example.com"

  • It is possible to import an existing floating IP adress

    $ make ENVIRONMENT=betacloud attach PARAMS=4b041998-7c8d-4058-af01-f164e89c10bc
openstack_networking_floatingip_v2.manager_floating_ip: Importing from ID "4b041998-7c8d-4058-af01-f164e89c10bc"...
openstack_networking_floatingip_v2.manager_floating_ip: Import prepared!
  Prepared openstack_networking_floatingip_v2 for import
openstack_networking_floatingip_v2.manager_floating_ip: Refreshing state... [id=4b041998-7c8d-4058-af01-f164e89c10bc]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

    • After the import the address is managed by Terraform, if it should not be deleted by a make clean, the address must be removed from the Terraform state first

      $ make ENVIRONMENT=betacloud detach
Removed openstack_networking_floatingip_v2.manager_floating_ip
Successfully removed 1 resource instance(s).

Webinterfaces & API endpoints

The web interfaces and API endpoints can be accessed externally via the assigned floating IP address of the instance (run make ENVIRONMENT=betacloud endpoints).

Notes

Keystone mapping combinations

https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html

The mappings can be found in the file /opt/configuration/environments/openstack/files/keycloak_rules.json.

To update the mapping on the Keystone, execute the following command.

$ openstack --os-cloud admin mapping set \
    --rules /configuration/files/keycloak_rules.json \
    keycloak_mapping

About

GAIA-X SCS Identity and Access Management (IAM) testbed

License:Apache License 2.0

Languages

Language:HCL 54.8%Language:Shell 15.9%Language:Makefile 14.4%Language:HTML 10.9%Language:Python 4.0%