如何配置Fiware PEP WILMA代理以在我自己的服务器上使用Keyrock和Orion实例 [英] How to configure the Fiware PEP WILMA proxy to use a Keyrock and Orion instance on my own servers
问题描述
我大部分时间都在尝试配置Fiware PEP代理Wilma,以保护我在开发服务器上运行的Orion Context Broker.此处的文档: http://forge.fiware .org/plugins/mediawiki/wiki/fiware/index.php/PEP_Proxy _- Wilma -__ Installation_and_Administration_Guide 尚不清楚.
这是我的设置:
- 在server1的端口3000上运行的Fiware Keyrock实例
- 在服务器1上运行的PEP代理
- 运行在server2端口1026上的Orion上下文代理
手册指出要编辑config.js脚本.这就是我所做的更改(Stackoverflow阻止我输入url,因此将http ..替换为http:)
config.account_host = 'http..//localhost:3000';
config.keystone_host = 'http..//server1';
config.keystone_port = 3000;
config.app_host = 'server2';
config.app_port = '1026';
config.username = '***** username of the user in Keyrock *****';
config.password = '***** password of the user in Keyrock *****';
这是错误
〜/fi-ware-pep-proxy $节点server.js 表示已弃用的app.configure: 在if语句中检查app.get('env')server.js:30:5启动PEP代理.梯形失真验证...梯形失真通信中的错误 错误:getaddrinfo ENOTFOUND 在errnoException(dns.js:37:11) at Object.onanswer [as oncomplete](dns.js:124:16)
我的Orion和Keyrock实例已启动并正在运行.我可以用curl或浏览器查询它们.
我真的不知道我应该在config.js中填写什么来进行设置.
我希望这会有所帮助.我们正在使用docker和docker-compose部署一些通用启动器,包括IdM,Wilma PEP和Orion等.
这个称为Fiware-devguide-APP的环境实际上正在构建中,但是您可以测试该环境(已经工作)并检查我们的配置此处. /p>
需要Docker和docker-compose.
如果已经拥有它们,要启动集成在Devguide中的所有应用程序,只需克隆存储库即可:
git clone https://github.com/Bitergia/fiware-devguide-app.git
然后使用fiware-devguide-app/docker/compose中的.yml文件运行docker-compose:
docker-compose -f docker-compose.yml up -d
因此,您将拥有所有的容器!最后,将devguide容器的IP(compose_devguide_1)添加到您的/etc/hosts中,您将可以浏览它:)
说明:
为此,我们经历了几种配置.我假设您对IdM和Wilma PEP感兴趣,所以这就是我们所做的事情:
-
我们从头开始安装了IdM GE,以提供所需的用户,角色和权限.在这里您可以找到我们在
test_data方法:
注意,所有这些规定也可以使用
我们已经安装了 Authzforce 有关角色管理,如导览指南.您将需要它,因为wilma-pep将发送PDP请求以针对受保护的资源验证请求. 最后是PEP Wilma. 此处,您可以找到配置文件. /p>
这就是诀窍.让我们假设env Authzforce(访问控制),IdM,PEP Wilma,Orion(要保护的应用程序)和devguide.当我们使用docker-compose时,所有这些步骤几乎是同时完成的! :) 希望我很清楚. 最好! I've spent most of the day trying to configure the Fiware PEP proxy Wilma to secure an Orion Context Broker i have running on a development server. The documentation here: http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/PEP_Proxy_-Wilma-_Installation_and_Administration_Guide is not clear. Here is my setup: The manual states to edit the config.js script. Here is what i changed (Stackoverflow prevents me from entering url's so replace http.. with http:)它如何工作?
config.account_host = 'http..//localhost:3000';
config.keystone_host = 'http..//server1';
config.keystone_port = 3000;
config.app_host = 'server2';
config.app_port = '1026';
config.username = '***** username of the user in Keyrock *****';
config.password = '***** password of the user in Keyrock *****';
Here is the error
~/fi-ware-pep-proxy$ node server.js express deprecated app.configure: Check app.get('env') in an if statement server.js:30:5 Starting PEP proxy. Keystone authentication ... Error in keystone communication Error: getaddrinfo ENOTFOUND at errnoException (dns.js:37:11) at Object.onanswer [as oncomplete] (dns.js:124:16)
My Orion and Keyrock instances are up and running. I can query them with curl or a browser.
I really have no idea what i should be filling in the config.js to get this set up.
I hope this helps. We are working on deploying some of the Generic Enablers, included IdM, Wilma PEP and Orion among others using docker and docker-compose.
This environment, called Fiware-devguide-APP is actually under construction, but you can test's the environment (already working) and also check our configuration here.
We are updating all the documentation!
For this, we have the images here.
Docker and docker-compose are required.
If you already have them, to start all the apps integrated in Devguide, you just have to clone the repository:
git clone https://github.com/Bitergia/fiware-devguide-app.git
And then run docker-compose using the .yml file in the fiware-devguide-app/docker/compose:
docker-compose -f docker-compose.yml up -d
So you will have up all the containers! Finally, add the ip of the devguide container (compose_devguide_1) to your /etc/hosts and you will be able to browse it :)
Explanation:
We've went through several configurations for this. I assume you are interested in IdM and Wilma PEP, so here it goes what we did:
We've installed a IdM GE from the scratch providing the users, roles, and permissions desired. Here you can find what we added at
test_datamethod:- We've added test users
- Couple organizations
- Our app
- Roles for the application
- And permissions for the actions
Note that all those provision could have been done also using Keystone REST API
Also here you can find the Dockerfile i.e. how it has been installed.
We've installed an Authzforce for the role management as explained in the tour guide. You will need it as wilma-pep will send the PDP requests to validate requests against the resource protected.
Finally the PEP Wilma. Here you can find the configuration files.
How does it work?
Here goes the trick. Let's assume the env Authzforce (Access Control), IdM, PEP Wilma, Orion (the app to be protected) and the devguide. As we use docker-compose, all this steps are done almost at the same time! :)
In authzforce, we need to create a domain as stands in the documentation, and we do it here.
The script itself retrieves the domain ID and, it parses the
config.jsfile of the PEP Wilma in this line using the right path.The
config.jsis simple:account_hostandkeystone_hostare in the same container 'idm'. Docker-compose handle this by adding aliases to the/etc/hostsof each container, which makes the process much easier and we don't need to handle the IP's ourselves.app_hostandapp_portare the IP and port of the app to protect, in our case is 'orion'!config.usernameandconfig.password. We've created a user 'pepproxy' in the provision we explained before, exactly here. (Note that this user must havedomain rolesassigned in order to work, as done here).- And the
azfconfiguration, which contains also the 'authzforce' host and where the path is parsed as explained before.
Adding the authzforce configuration to IdM and PEP (i.e. domain)
Get an Oauth2 token as it explains here.
Finally, with this token and everything running, you can open the
compose_devguide_1. It has different resources that can be reached depending on the roles you have assigned at IdM. For example, 'user0@test.com' can access to all the resources, meanwhile the other one can access just to the restaurants.
Hope I was clear enough.
Best!
这篇关于如何配置Fiware PEP WILMA代理以在我自己的服务器上使用Keyrock和Orion实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
