This testbed provides a minimized GAIA-X Sovereign Cloud Stack (SCS) environment. By default MariaDB, Keystone, Keyloak and Horizon are deployed.
It focuses on working with Keystone and Keycloak in the context of the GAIA-X MVP WP.
The testbed is based on the testbed of the OSISM project. Documentation is available at https://docs.osism.de/testbed/.
Create
clouds.yaml
andsecure.yaml
in theterraform
directoryExecute
make ENVIRONMENT=betacloud deploy
within theterraform
directory (betacloud
is replaced with the CSP to be used)The progress of the deployment can be checked with
make ENVIRONMENT=betacloud log
After completion of the deployment a login via
make ENVIRONMENT=betacloud login
is possibleFor access to the web interfaces and API endpoints a tunnel can be created with
make ENVIRONMENT=betacloud tunnel
(https://github.com/sshuttle/sshuttle must be installed)Add
192.168.16.9 testbed-gx-iam.osism.test
to your local/etc/hosts
fileIt is possible to customize
testbed-gx-iam.osism.test
, for this purpose addPARAMS="-var endpoint=somehost.example.com"
It is possible to import an existing floating IP adress
$ make ENVIRONMENT=betacloud attach PARAMS=4b041998-7c8d-4058-af01-f164e89c10bc openstack_networking_floatingip_v2.manager_floating_ip: Importing from ID "4b041998-7c8d-4058-af01-f164e89c10bc"... openstack_networking_floatingip_v2.manager_floating_ip: Import prepared! Prepared openstack_networking_floatingip_v2 for import openstack_networking_floatingip_v2.manager_floating_ip: Refreshing state... [id=4b041998-7c8d-4058-af01-f164e89c10bc] Import successful! The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform.
After the import the address is managed by Terraform, if it should not be deleted by a
make clean
, the address must be removed from the Terraform state first$ make ENVIRONMENT=betacloud detach Removed openstack_networking_floatingip_v2.manager_floating_ip Successfully removed 1 resource instance(s).
The web interfaces and API endpoints can be accessed externally via
the assigned floating IP address of the instance (run
make ENVIRONMENT=betacloud endpoints
).
Service | Username | Password | Note |
Keycloak | admin | password | |
Keystone | admin | password | Credentials |
Keystone | keycloak1 | password | Keycloak |
Keystone | keycloak2 | password | Keycloak |
Keystone | keycloak3 | password | Keycloak |
https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html
The mappings can be found in the file
/opt/configuration/environments/openstack/files/keycloak_rules.json
.
To update the mapping on the Keystone, execute the following command.
$ openstack --os-cloud admin mapping set \
--rules /configuration/files/keycloak_rules.json \
keycloak_mapping