Versions Compared

Version Old Version 8 New Version Current
Changes made by

Alejandro Perez Mendez

Alejandro Perez Mendez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Panel

On this page you will find instructions on how to get and use the Moonshot docker-compose demo, which lets you see and test all of the components of Moonshot.

Contents

Table of Contents


Numberedheadings

Introduction

The docker-compose demo runs locally a small Moonshot infrastructure, including:

  • One APC (apc)
  • A Trust Router server (trustrouter)
  • Two IDPs (idp1 and idp2)
  • An SSH server (sshserver)
  • An HTTP server (httpserver)
  • A Client (client)

The names in brackets correspond to the names of the docker-compose services. The following figure depicts how these containers are connected and what protocols are used for each connection:

Dashed lines represent RadSec connections established as a consequence of having used the TID Protocol.

Prepare the host system

The only requirement to run this demo is having a Docker and docker-compose installation. Both are available for GNU/Linux, Windows and MacOS. See instructions on how to install it for your chosen platform (https://www.docker.com/).

If you do not want to install docker in your system or you do not have a Linux host but want to try the Moonshot GTK UI, you can use the Debian 10 Live DVD as a host, using the following steps:

  1. Download the .ISO image from here.

  2. Run the image, either on a physical machine or a VM. 

    Make sure the machine has at least 6GB of RAM, since the live system uses memory as storage.


  3. Install docker and docker compose.

    true


  4. Start docker

    true


  5. Assign Live user to the docker group and make sure group becomes active.

    true


Get the demo files

Get the demo files from https://github.com/janetuk/moonshot_docker. Use the Clone or download button and follow instructions. If you choose downloading the ZIP file, please uncompress it to a known location.

Start the services

Enter into the demo folder you got via git or from the ZIP file. The provided docker-compose file will build and start each individual service conforming the Moonshot infrastructure. To do so, simply execute the following command:

Build and starttrue

That will build the images, recreate the containers, and run them in the background.

The expected output is something similar to:

Performing Moonshot authentications

Once all the services are up, you can log into the Client container and start performing Moonshot authentications.

Getting into the Client container

To get an interactive bash session on the Client container, use the following command:

Get into the containertrue

That will give you a bash session as the root user. 

Providing access to host's display (only for Linux hosts)

If your host is running an Xorg desktop session, you can allow docker containers to access the display and run graphical applications by executing the following command on your host.

Allow local X connectionstrue

The, from within the Client container, set the appropriate value to the DISPLAY variable:

Set DISPLAY env vartrue

If you do not do this, Moonshot will use the TEXT UI instead.

Testing SSH

  1. From within the Client container, try to authenticate to the SSH server container by issuing the following command:

    Launch SSH connectiontrue


  2. The will pop up, asking you to select an identity. You can use the Import button on the right to import the /config/user_credentials.xml file. That will import the alice@test1.org and alice@test2.org identities.

  3. Select one of them and click on the Send button. Note that using alice@test1.org will perform a local Moonshot authentication, that is, the Trust Router infrastructure will not be involved since the SSH server is directly connected to the IDP1. However, using alice@test2.org will imply a Moonshot authentication that will also involve the use of the Trust Router server and the APC, as IDP1 will need to ask for details about IDP2.

  4. After having authenticated, you should see yourself logged into the sshserver as the moonshot user. You can verify both by using the hostname and whoami system tools.

    SSH connection succeeded


Testing HTTP

  1. From within the Client container, try to authenticate to the SSH server container by issuing the following command:

    Launch HTTP connectiontrue


  2. The Moonshot UI will pop up, asking you to select an identity. Select one of them and click on the Send button.

  3. After having authenticated, you should see something like this, including the username and attributes of the authenticated user.

    HTTP connection succeeded


Checking the logs

You can check the log output of the different services by using the docker-compose logs functionality. For instance, to check the Trust Router server logs, use:

Check IDP1 logstrue