Home > Menu > Plateformes > 800 (Total Challenge)

800 (Total Challenge)

openstack --os-cloud admin project create total --description "Total Challenge"
openstack --os-cloud admin role add member --project total --user remi
openstack --os-cloud admin quota set --secgroup-rules 1000 total

Modifier /etc/openstack/clouds.yaml

Déployer l’infra :

cd ~/work/infras/terraform/800
terraform apply

Ajouter l’enregistrement DNS :

front800 300 IN A 167.235.86.103

Ajouter dans .ssh/config :

Host os801
    Hostname front800.pkgdata.net

Configurer l’infra :

ansible-playbook -i inventory/800_hosts playbooks/site.yml --vault-id @prompt --flush-cache --limit os801\*

Keycloak

ansible-playbook -i inventory/800_hosts playbooks/site.yml --vault-id @prompt --flush-cache --limit os802\*

useradd -d /opt/keycloak -m -s /bin/false keycloak
su - keycloak -s /bin/bash
wget https://github.com/keycloak/keycloak/releases/download/23.0.4/keycloak-23.0.4.zip
unzip keycloak-23.0.4.zip
ln -s keycloak-23.0.4 current
current/bin/kc.sh start-dev

####Create admin password

We need a SSH tunnel for that

$ ssh -L 8080:localhost:8080 sc604.pkgdata.net

Connect to http://localhost:8080/

User: admin Pass: FudPaiFrejyeulEnMuldOfMiccudWoc7

We can open firewall to test Keycloak on port 8080, but admin login requires https, so not possible yet.

####Additions

Adding MariaDB, Haproxy and Let’s Encrypt from ansible

####Create database

MariaDB [(none)]> GRANT USAGE ON *.* TO 'keycloak'@'localhost' IDENTIFIED BY 'Ac0quidNiDruErjicgetavyeOgVeocsi';
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON `keycloak`.* to 'keycloak'@'localhost';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> CREATE DATABASE `keycloak` DEFAULT CHARACTER SET utf8;
Query OK, 1 row affected (0.001 sec)

####Create systemd file

cat /etc/systemd/system/keycloak.service

[Unit] Description=Keycloak After=network.target

[Service] Type=idle User=keycloak Group=keycloak ExecStart=/opt/keycloak/current/bin/kc.sh start –http-enabled true –http-host 127.0.0.1 –proxy edge –hostname kc-tt.pkgdata.net –db-url-host localhost –db-url-database keycloak –db-username keycloak –db-password Ac0quidNiDruErjicgetavyeOgVeocsi TimeoutStartSec=600 TimeoutStopSec=600

[Install] WantedBy=multi-user.target


and start service

systemctl daemon-reload systemctl enable keycloak.service systemctl start keycloak.service


#### Modify Haproxy configuration

backend be_keycloak mode http option httpchk GET / HTTP/1.0 server localhost 127.0.0.1:8080 check