From 14785d119ca7a2f0448b8acd3fa2e8a157a8bb05 Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Thu, 1 Jun 2017 08:50:59 +0700 Subject: [PATCH] issue-9, README file enhancements. Signed-off-by: Shane Bryzak --- README.md | 150 +++++++++++++++++++++++++++++++++++++++++++- docker/README.md | 46 -------------- minishift/README.md | 77 ----------------------- 3 files changed, 149 insertions(+), 124 deletions(-) delete mode 100644 docker/README.md delete mode 100644 minishift/README.md diff --git a/README.md b/README.md index dad008a7..20643151 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,154 @@ # Keycloak-deployment - This repository contains all our scripts to deploy keycloak on Openshift and minishift. Also we have scripts to bake our own docker image using the keycloak source code from our repository `almighty/keycloak`. + +# Almighty-Keycloak Docker Image + +To build this image it is necessary to have previously generated the executables of this +project. When building Keycloak for the first time, it is necessary to execute this Maven +command in the almighty/keycloak repository: + +`$ mvn clean install -DskipTests -am -P distribution` + +After running successfully, build the keycloak-server-dist distribution in the almighty/keycloak repository also: + +`$ mvn clean install -DskipTests -pl :keycloak-server-dist -am -P distribution` + +This generates some tarballs with the required executables. To build the docker image, +copy the generated tar file (e.g. `keycloak-3.0.0.Final.tar.gz`) from the almighty/keycloak +repository into the docker folder, like so: + +`$ cp $KEYCLOAK_REPO/distribution/server-dist/target/keycloak-3.0.0.Final.tar.gz $KEYCLOAK_DEPLOYMENT_REPO/docker` + +Then you just need to build the docker image. Change into the docker directory and run the following command: + +`$ docker build --tag IMAGE_NAME .` + +If you would like to build image for clustered mode add build argument + +`$ docker build --build-arg OPERATING_MODE=clustered --tag IMAGE_NAME .` + +Note that, this docker image installs the certificate to securely talk to OpenShift Online. +This step is done inside the `install_certificate.sh` script which adds this +certificate into the Java system keystore at building time. We assume this certificate +points to `tsrv.devshift.net`. So any change to the certificate requires rebuilding the +Docker image. + +In the content of the Dockerfile, you can find these ENV variables: +``` +ENV OSO_ADDRESS tsrv.devshift.net:8443 +ENV OSO_DOMAIN_NAME tsrv.devshift.net +``` + +Also note that it is possible to use a certificate from minishift. To do this, first obtain the +IP address of your minishift instance: + +``` +minishift ip +``` + +Then edit docker/Dockerfile and replace these values with the minishift IP (this is just an example, +the address will most likely be different): + +``` +ENV OSO_ADDRESS 192.168.42.134:8443 +ENV OSO_DOMAIN_NAME 192.168.42.134 +``` + +The command for building the docker image will need to be slightly different, since docker build by default does not +have access to local IP addresses. Add the --network="host" parameter to allow the install_certificate.sh script to +connect to minishift and retrieve the certificate: + +`$ docker build --network="host" --tag IMAGE_NAME .` + + +# Openshift Configuration for clustered deployment + +Majority of the config is defined in `DeploymentConfig` files you can find in `openshift` folder in the root of this repository. + +There is one thing needed however to have properly functioning cluster (using [k8s PING protocol in `jgroups`](https://github.com/jgroups-extras/jgroups-kubernetes)). +Service account has to have `view` privileges. This can be enabled using `oc` cli as follows: + +``` +$ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default -n $(oc project -q) +``` + +# Deploying Keycloak to Minishift + +To deploy a Keycloak cluster in minishift use the following commands: + +``` +oc new-project keycloak --display-name="Keycloak server" \ +--description="keycloak server + postgres" + +oc new-app -f postgresql.json +sleep 20 + +# deploying 3 keycloak instances +oc new-app -f keycloak.json +``` + +### Customization options + +#### KeyCloak + +edit environment variables: + + "env":[ + { + "name":"KEYCLOAK_USER", + "value":"admin" + }, + { + "name":"KEYCLOAK_PASSWORD", + "value":"admin" + }, + { + "name":"POSTGRES_DATABASE", + "value":"userdb" + }, + { + "name":"POSTGRES_USER", + "value":"keycloak" + }, + { + "name":"POSTGRES_PASSWORD", + "value":"password" + }, + { + "name":"POSTGRES_PORT_5432_TCP_ADDR", + "value":"postgres" + }, + { + "name":"POSTGRES_PORT_5432_TCP_PORT", + "value":"5432" + }, + { + "name":"OPERATING_MODE", + "value":"clustered" + } + ] + + +#### Postgresql + + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "keycloak" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "password" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "userdb" + }, + { + "name": "POSTGRESQL_ADMIN_PASSWORD", + "value": "password" + } + ] diff --git a/docker/README.md b/docker/README.md deleted file mode 100644 index 659f3a28..00000000 --- a/docker/README.md +++ /dev/null @@ -1,46 +0,0 @@ - - -# Almighty-Keycloak Docker Image - -To build this image is necessary to previously generate the executables of this -project. - -`$ mvn clean install -DskipTests -pl :keycloak-server-dist -am -P distribution` - -This generates some tarballs with the required executables. In our case, we just -need to copy the generated tarball from `server-dist` e.g. `keycloak-3.0.0.Final.tar.gz`. -You can find this tarball in `./distribution/server-dist/target/` directory. - -`$ cp ../distribution/server-dist/target/keycloak-3.0.0.Final.tar.gz .` - -Then you just need to build the docker image: - -`$ docker build --tag IMAGE_NAME .` - -If you would like to build image for clustered mode add build argument - -`$ docker build --build-arg OPERATING_MODE=clustered --tag IMAGE_NAME .` - -Note that, this docker image installs the certificate to securely talk to OpenShift Online. -This step is done inside the `install_certificate.sh` script which adds this -certificate into the Java system keystore at building time. We assume this certificate -points to `tsrv.devshift.net`. So any change on that direction should trigger a -change in the docker image. - -In the content of the Dockerfile, you could find this ENV variables: -``` -ENV OSO_ADDRESS tsrv.devshift.net:8443 -ENV OSO_DOMAIN_NAME tsrv.devshift.net -``` - -# Openshift Configuration for clustered deployment - -Majority of the config is defined in `DeploymentConfig` files you can find in `openshift` folder in the root of this repository. - -There is one thing needed however to have properly functioning cluster (using [k8s PING protocol in `jgroups`](https://github.com/jgroups-extras/jgroups-kubernetes)). -Service account has to have `view` privileges. This can be enabled using `oc` cli as follows: - -``` -$ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default -n $(oc project -q) -``` - diff --git a/minishift/README.md b/minishift/README.md deleted file mode 100644 index 7b6a7c68..00000000 --- a/minishift/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# Keycloak - Openshift commands - -To deploy a Keycloak cluster in minishift use the following commands: - -``` -oc new-project keycloak --display-name="Keycloak server" \ ---description="keycloak server + postgres" - -oc new-app -f postgresql.json -sleep 20 - -# deploying 3 keycloak instances -oc new-app -f keycloak.json -``` - -### Customization options - -#### KeyCloak - -edit environment variables: - - "env":[ - { - "name":"KEYCLOAK_USER", - "value":"admin" - }, - { - "name":"KEYCLOAK_PASSWORD", - "value":"admin" - }, - { - "name":"POSTGRES_DATABASE", - "value":"userdb" - }, - { - "name":"POSTGRES_USER", - "value":"keycloak" - }, - { - "name":"POSTGRES_PASSWORD", - "value":"password" - }, - { - "name":"POSTGRES_PORT_5432_TCP_ADDR", - "value":"postgres" - }, - { - "name":"POSTGRES_PORT_5432_TCP_PORT", - "value":"5432" - }, - { - "name":"OPERATING_MODE", - "value":"clustered" - } - ] - - -#### Postgresql - - "env": [ - { - "name": "POSTGRESQL_USER", - "value": "keycloak" - }, - { - "name": "POSTGRESQL_PASSWORD", - "value": "password" - }, - { - "name": "POSTGRESQL_DATABASE", - "value": "userdb" - }, - { - "name": "POSTGRESQL_ADMIN_PASSWORD", - "value": "password" - } - ]