fiware-idm-deprecated
fiware-idm-deprecated copied to clipboard
ging
pep-proxy connection
welcome i'm trying to deploy the security layer in orion context broken using idm and pep-proxy but i have a problem with the pep proxy using docker compose:
version: "2"
networks:
fiware:
driver: bridge
services:
# Base de datos Orion
mongodb:
image: mongo:3.4.7
hostname: mongodb
container_name: mongodb
expose:
- "27017"
ports:
- "27018:27017"
command: --smallfiles
networks:
- fiware
# GE encargado de la publicación y suscripción
orion:
image: fiware/orion:latest
hostname: orion
container_name: orion
links:
- mongodb
expose:
- "1026"
ports:
- "1026:1026"
volumes:
- "./data/db/mongo:/data/db:rw"
command: -dbhost mongodb
networks:
- fiware
# GE encargada de la persistencia de datos
cygnus:
image: fiware/cygnus-ngsi:latest
hostname: cygnus
container_name: cygnus
volumes:
- "./config/cygnus/agent.conf:/opt/apache-flume/conf/agent.conf:rw"
- "./config/cygnus/grouping_rules.conf:/opt/apache-flume/conf/grouping_rules.conf:rw"
links:
- mysql-cygnus
expose:
- "5050"
- "8081"
ports:
- "5050:5050"
- "8081:8081"
environment:
- CYGNUS_MYSQL_HOST=mysql-cygnus
- CYGNUS_MYSQL_PORT=3306
- CYGNUS_MYSQL_USER=root
- CYGNUS_MYSQL_PASS=fiware
- CYGNUS_LOG_LEVEL=INFO
networks:
- fiware
# Base de datos para historicos
mysql-cygnus:
image: mysql
hostname: mysql-cygnus
container_name: mysql-cygnus
expose:
- "3306"
ports:
- "3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=fiware
volumes:
- "./data/db/mysql:/var/lib/mysql:rw"
networks:
- fiware
# GE de control de acceso
authzforce:
image: fiware/authzforce-ce-server:release-5.4.1
hostname: authzforce
container_name: authzforce
expose:
- "8080"
ports:
- "8080:8080"
# GE encargado de la administración de seguridad
keyrock:
image: fiware/idm:latest
hostname: keyrock
container_name: keyrock
volumes:
- "./config/idm/keystone.db:/keystone/keystone.db:rw"
- "./config/idm/local_settings.py:/horizon/openstack_dashboard/local/local_settings.py:rw"
- "./config/idm/keystone.conf:/keystone/etc/keystone.conf:rw"
links:
- orion
expose:
- "5000"
- "8000"
ports:
- "5000:5000"
- "8000:8000"
networks:
- fiware
# GE encargado del redireccionamiento
pepwilma:
image: ging/fiware-pep-proxy
hostname: pepwilma
container_name: pepwilma
volumes:
- "./config/pepproxy/config.js:/opt/fiware-pep-proxy/config.js:rw"
links:
- keyrock
- orion
- authzforce
volumes_from:
- keyrock
expose:
- "80"
ports:
- "80:80"
networks:
- fiware
I can't continue because pep proxy shows an error when i make the request to:
(without specifying a port)
using this config.js: 
got this error: 
ERROR: Server - Caught exception: SyntaxError: Unexpected token E
can you share an updated method about how to configure pep proxy
thanks to all for your help
I integrate succesfully pep+orion+idm using this slides: https://www.slideshare.net/daltoncezane/integrating-fiware-orion-keyrock-and-wilma (But I don't use "cygnus" and docker-compose for this). I cloned pep-wilma from the repo.
About your pep settings they appear correct to me. But I use 127.0.0.1 instead of localhost, maybe try to change this.
I'm not a docker-compose expert, are you sure that is correct the link of keyrock with orion and not with pep?
keyrock:
....
links:
- orion
You should print the wilma received message from idm as a log to understand where is the error editing idm.js in pep-proxy, before the JSON parsing
https://github.com/ging/fiware-pep-proxy/blob/66ae73fdde604eff35398c3b706d2e1f2a4c1f06/lib/idm.js#L80
@zabuTNT yes, i follow those slides, as you can see in the next repository:
and this is my keyrock app:
Although not if the shipping URL is without especific a port, and my postman request are ok.
i will try to follow your suggestion
@zabuTNT got this error:
I will try to install pep proxy out of the docker-compose file
If it say Connection Refused pep and idm can't comunicate. Change the hostnames in pep settings from "localhost" to the "hostname" assigns to your keyrock and orion containers in your docker compose.
From docker compose docs: https://docs.docker.com/compose/networking/
Each container can now look up the hostname web or db and get back the appropriate container’s IP address. For example, web’s application code could connect to the URL postgres://db:5432 and start using the Postgres database. [...] Within the web container, your connection string to db would look like postgres://db:5432, and from the host machine, the connection string would look like postgres://{DOCKER_IP}:8001.
In fact you still did this for orion and cygnus with the commands/env:
-dbhost mongodb
and
- CYGNUS_MYSQL_HOST=mysql-cygnus
You have to do the same thing in pep settings. Use the hostname, not localhost.
@zabuTNT i did and got this:
the problem persist although i think that the communication is ready... now i need to find the authzforce solution, thanks
@RiosQ yes, it seems that now connection works.
pep asks to keyrock and then to AZF.
The response is a 404 from AZF as you can read in pep code: https://github.com/ging/fiware-pep-proxy/blob/ac9532c537f196ee21d0b9375e192ba425027510/controllers/root.js#L56
so it's not a connection issue. I never used it, but from the message it seems that you have to create a domain for the application with that id. Maybe do you forgot to create it? Or with a different id?
Sorry for the replies @zabuTNT, But do you have an example without authzforce, in the Config. js of pepproxy when i disable it, fails:
config.azf = {
enabled: true, //TESTES: reativar
host: 'authzforce', //usar o nome do container (o --link cria a entrada no hosts)
port: 8080,
path: '/authzforce/domains/',
custom_policy: undefined, // use undefined to default policy checks (HTTP verb + path).
protocol: 'http'
};
This is my config in pep for AZF (disable, default values)
config.azf = {
enabled: false,
protocol: 'https',
host: 'auth.lab.fiware.org',
port: 6019,
custom_policy: undefined // use undefined to default policy checks (HTTP verb + path).
};
@zabuTNT thanks man, for any reason, when the authzforce container was present in the docker-compose file, disable it was not an option then i only coment that part.