Skip to content
This repository has been archived by the owner on Aug 15, 2022. It is now read-only.

GAIA-X SCS Identity and Access Management (IAM) testbed

License

Notifications You must be signed in to change notification settings

SovereignCloudStack/testbed-gx-iam

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

GAIA-X SCS Identity and Access Management (IAM) testbed

This testbed provides a minimized GAIA-X Sovereign Cloud Stack (SCS) environment. By default MariaDB, Keystone, Keyloak and Horizon are deployed.

It focuses on working with Keystone and Keycloak in the context of the GAIA-X MVP WP.

The testbed is based on the testbed of the OSISM project. Documentation is available at https://docs.osism.de/testbed/.

Usage

  • Create clouds.yaml and secure.yaml in the terraform directory

  • Execute make ENVIRONMENT=betacloud deploy within the terraform directory (betacloud is replaced with the CSP to be used)

  • The progress of the deployment can be checked with make ENVIRONMENT=betacloud log

  • After completion of the deployment a login via make ENVIRONMENT=betacloud login is possible

  • For access to the web interfaces and API endpoints a tunnel can be created with make ENVIRONMENT=betacloud tunnel (https://github.com/sshuttle/sshuttle must be installed)

  • Add 192.168.16.9 testbed-gx-iam.osism.test to your local /etc/hosts file

  • It is possible to customize testbed-gx-iam.osism.test, for this purpose add PARAMS="-var endpoint=somehost.example.com"

  • It is possible to import an existing floating IP adress

    $ make ENVIRONMENT=betacloud attach PARAMS=4b041998-7c8d-4058-af01-f164e89c10bc
    openstack_networking_floatingip_v2.manager_floating_ip: Importing from ID "4b041998-7c8d-4058-af01-f164e89c10bc"...
    openstack_networking_floatingip_v2.manager_floating_ip: Import prepared!
      Prepared openstack_networking_floatingip_v2 for import
    openstack_networking_floatingip_v2.manager_floating_ip: Refreshing state... [id=4b041998-7c8d-4058-af01-f164e89c10bc]
    
    Import successful!
    
    The resources that were imported are shown above. These resources are now in
    your Terraform state and will henceforth be managed by Terraform.
    • After the import the address is managed by Terraform, if it should not be deleted by a make clean, the address must be removed from the Terraform state first

      $ make ENVIRONMENT=betacloud detach
      Removed openstack_networking_floatingip_v2.manager_floating_ip
      Successfully removed 1 resource instance(s).

Webinterfaces & API endpoints

The web interfaces and API endpoints can be accessed externally via the assigned floating IP address of the instance (run make ENVIRONMENT=betacloud endpoints).

Accounts

Service Username Password Note
Keycloak admin password  
Keystone admin password Credentials
Keystone keycloak1 password Keycloak
Keystone keycloak2 password Keycloak
Keystone keycloak3 password Keycloak

Notes

Keystone mapping combinations

https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html

The mappings can be found in the file /opt/configuration/environments/openstack/files/keycloak_rules.json.

To update the mapping on the Keystone, execute the following command.

$ openstack --os-cloud admin mapping set \
    --rules /configuration/files/keycloak_rules.json \
    keycloak_mapping