Skip to content

GuinsooLab/console

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
badge
console
Management UI for GuinsooLab

GuinsooLab Console

A graphical user interface for GuinsooLab.

Overview

Install

Docker

Pull the latest release via:

docker pull guinsoolab/console (coming)

Build from source

You will need a working Go environment. Therefore, please follow How to install Go. Minimum version required is go1.17

git clone git@github.com:GuinsooLab/console.git
sh cross-compile.sh
./console server
cd portal-ui
yarn start

Setup

All console needs is a GuinsooLab user with admin privileges and URL pointing to your GuinsooLab deployment.

Note: We don't recommend using GuinsooLab's Operator Credentials

1. Create a user console using mc

mc admin user add mystore/
Enter Access Key: admin
Enter Secret Key: xxxxxxxx

2. Create a policy for console with admin access to all resources (for testing)

cat > admin.json << EOF
{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:*"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
                "s3:*"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}
EOF
mc admin policy add mystore/ consoleAdmin admin.json

3. Set the policy for the new console user

mc admin policy set myGuinsooLab ConsoleAdmin user=console

NOTE: Additionally, you can create policies to limit the privileges for other console users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:

{
	"Version": "2012-10-17",
	"Statement": [{
			"Action": [
				"admin:ServerInfo"
			],
			"Effect": "Allow",
			"Sid": ""
		},
		{
			"Action": [
				"s3:ListenBucketNotification",
				"s3:PutBucketNotification",
				"s3:GetBucketNotification",
				"s3:ListMultipartUploadParts",
				"s3:ListBucketMultipartUploads",
				"s3:ListBucket",
				"s3:HeadBucket",
				"s3:GetObject",
				"s3:GetBucketLocation",
				"s3:AbortMultipartUpload",
				"s3:CreateBucket",
				"s3:PutObject",
				"s3:DeleteObject",
				"s3:DeleteBucket",
				"s3:PutBucketPolicy",
				"s3:DeleteBucketPolicy",
				"s3:GetBucketPolicy"
			],
			"Effect": "Allow",
			"Resource": [
				"arn:aws:s3:::*"
			],
			"Sid": ""
		}
	]
}

Documentation

Start Console service

Before running console service, following environment settings must be supplied

# Salt to encrypt JWT payload
export CONSOLE_PBKDF_PASSPHRASE=SECRET

# Required to encrypt JWT payload
export CONSOLE_PBKDF_SALT=SECRET

# AnnaStore Endpoint
export CONSOLE_ANNASTORE_SERVER=http://localhost:9000

Now start the console service.

./console server
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090

By default console runs on port 9090 this can be changed with --port of your choice.

Start Console service with TLS

Copy your public.crt and private.key to ~/.console/certs, then:

./console server
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090
2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443

For advanced users, console has support for multiple certificates to service clients through multiple domains.

Following tree structure is expected for supporting multiple domains:

 certs/
  │
  ├─ public.crt
  ├─ private.key
  │
  ├─ example.com/
  │   │
  │   ├─ public.crt
  │   └─ private.key
  └─ foobar.org/
     │
     ├─ public.crt
     └─ private.key
  ...

Contribute to console Project

Please follow console Contributor's Guide