首页 文章

Fiware Orion - pepProxy

提问于
浏览
2

我是开发使用Fiware的应用程序的团队的一部分GE拥有Smart-AgriFood加速器的一部分 . 我们使用Orion Context Broker来收集传感器网络提供的数据,我们打算使用Pep-Proxy来验证传感器节点以访问Orion实例 . 我们尝试了以下pepProxy:

https://github.com/telefonicaid/fiware-orion-pep

https://github.com/ging/fi-ware-pep-proxy

我们只是成功实现了代理的第二个(fi-ware-pep-proxy)实现 . 有了fiware-orion-pep,我们无法连接到Keystone Global实例(account.lab.fi-ware.org),我们尝试了account.lab ...和cloud.lab ...... ,我的问题是:

1)是用于验证account.lab或cloud.lab的keystone(IDM)实例?什么端口使用或解决?

2)是在account.lab.fi-ware.org上准备认证的fiware-orion-pep?这是我问这个的方式:

这个可以使用>> cloud.lab.fiware.org:4730/v2.0/tokens中的curl命令

{
    "auth": {
        "passwordCredentials": {

                   "username": "<my_user>",
                    "password": "<my_password>"
                }
            }
}'

这个不适用于>> account.lab.fi-ware.org:5000/v3/auth/tokens的卷曲命令

{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "domain": {
                        "name": "<my_domain>"
                    },
                    "name": "<my_user>",
                    "password": "<my_password>"
                }
            }
        }
    } }'

3)我应该用于验证设备或其他对Orion实例的调用的实现是什么?

以下是我使用的配置:

fiware - 猎户座-PEP

config.authentication = {
    checkHeaders: true,
    module: 'keystone',
    user: '<my_user>',
    password: '<my_password>',
    domainName: '<my_domain>',
    retries: 3,
    cacheTTLs: {
        users: 1000,
        projectIds: 1000,
        roles: 60
    },
    options: {
        protocol: 'http',
        host: 'account.lab.fiware.org',
        port: 5000,
        path: '/v3/role_assignments',
        authPath: '/v3/auth/tokens'
    }
};

fi-ware-pep-proxy(这个工作),我已经在源代码中将列表端口设置为1026

var config = {};

config.account_host = 'https://account.lab.fiware.org';

config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;

config.app_host = 'localhost';
config.app_port = '10026';

config.username = 'pepProxy';
config.password = 'pepProxy';

// in seconds
config.chache_time = 300;
config.check_permissions = false;

config.magic_key = undefined;

module.exports = config;

在此先感谢... :)

fiware-orion

2 回答

  • 0

    目前,PEP Proxies对全局实例的身份验证和验证方式存在一些差异,因此它们的行为方式并不完全相同 .

    telefonicaid / fiware-orion-pep中的一个开发是为了满足个别项目中的PEP代理要求(针对Keystone和访问控制的身份验证和验证)以及他们自己的Keystone和Keypass(一种访问控制)安装,所以它演变得比ging / fi-ware-pep-proxy更快,方向略有不同 . 例如,前者使用fiware-service和fiware-servicepath头支持多租户,而后者对这些机制是透明的 . 此开发方向还意味着功能与全局实例中的功能略有不同 .

    话虽如此,具体答案是: - 两个PEP代理都应该能够联系全局实例 . 如果没有,请填写Github存储库问题中的错误,我们会尽快修复它 . - ging / fi-ware-pep-proxy专门用于访问全局实例,因此您应该能够按预期使用它 .

    如果您尝试继续使用telefonicaid / fiware-orion-pep,请注意: - 配置标志authentication.checkHeaders应为false,因为全局实例当前不支持多租户 . - 当前稳定版本(0.5.0)即将更改为下一版本(可能是今天),因此可能会有一些问题会在更新时解决 .

    希望这能澄清你的一些疑虑 .

    回复于
  • 0

    [编辑]

    1)我已经从源代码和从github中提供的教程创建的rpm软件包中安装了telefonicaid / fiware-orion-pep(v 0.6.0) . 创建rpm包时,将使用以下名称pep-proxy-0.4.0_next-0.noarch.rpm创建 .

    2)这是我使用的配置:

    /opt/fiware-orion-pep/config.js

    var config = {};
 config.resource = {
     original: {
         host: 'localhost', 
         port: 10026
     },
     proxy: { 
        port: 1026,
        adminPort: 11211
     } }; 

 config.authentication = {
     checkHeaders: false,
     module: 'keystone',
     user: '<##################>',
     password: '<###################>',
     domainName: 'admin_domain',
     retries: 3,
     cacheTTLs: {
         users: 1000,
         projectIds: 1000,
         roles: 60
     },
     options: {     protocol: 'http',
         host: 'cloud.lab.fiware.org',
         port: 4730,
         path: '/v3/role_assignments',
         authPath: '/v3/auth/tokens'
     } };  

 config.ssl = {
     active: false,
     keyFile: '',
     certFile: '' }

 config.logLevel = 'DEBUG'; // List of component
 config.middlewares = {
     require: 'lib/plugins/orionPlugin',
     functions: [
         'extractCBAction'
     ] };

 config.componentName = 'orion'; 
 config.resourceNamePrefix = 'fiware:';

 config.bypass = false;

 config.bypassRoleId = '';

 module.exports = config;

    / etc / sysconfig / pepProxy

    # General Configuration
############################################################################

# Port where the proxy will listen for requests
PROXY_PORT=1026

# User to execute the PEP Proxy with
PROXY_USER=pepproxy

# Host where the target Context Broker is located
# TARGET_HOST=localhost

# Port where the target Context Broker is listening
# TARGET_PORT=10026

# Maximum level of logs to show (FATAL, ERROR, WARNING, INFO, DEBUG)
LOG_LEVEL=DEBUG

# Indicates what component plugin should be loaded with this PEP: orion, keypass, perseo
COMPONENT_PLUGIN=orion

#
# Access Control Configuration
############################################################################

# Host where the Access Control (the component who knows the policies for the incoming requests) is located
# ACCESS_HOST=

# Port where the Access Control is listening
# ACCESS_PORT=

# Host where the authentication authority for the Access Control is located
# AUTHENTICATION_HOST=

# Port where the authentication authority is listening
# AUTHENTICATION_PORT=

# User name of the PEP Proxy in the authentication authority
PROXY_USERNAME=XXXXXXXXXXXXX

# Password of the PEP Proxy in the Authentication authority
PROXY_PASSWORD=XXXXXXXXXXXXX

    在上面的文件中,我尝试了以下参数:

    Keystone实例:account.lab.fiware.org或cloud.lab.fiware.org

    用户:pep或pepProxy或“来自fiware帐户的用户”

    通过:pep或pepProxy或“帐户的用户密码”

    港口:4730,4731,5000

    结果与以前一样...... telefonicaid / fiware-orion-pep无法进行身份验证:

    log file at /var/log/pepProxy/pepProxy
time=2015-04-13T14:49:24.718Z | lvl=ERROR | corr=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | trans=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | op=/v1/updateContext | msg=VALIDATION-GEN-003] Error connecting to Keystone authentication: KEYSTONE_AUTHENTICATION_ERROR: There was a connection error while authenticating to Keystone: 500
time=2015-04-13T14:49:24.721Z | lvl=DEBUG | corr=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | trans=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | op=/v1/updateContext | msg=response-time: 50745 statusCode: 500

    来自客户端控制台的结果

    {
    "message": "There was a connection error while authenticating to Keystone: 500", 
    "name": "KEYSTONE_AUTHENTICATION_ERROR"
}

    我在这里做错了什么?

    回复于

相关问题