Merge branch 'master' of https://bitbucket.org/veldrane/lab

veldrane · Jul 23, 2020 · 023a749 · 023a749
2 parents 0a93d73 + ba6d7f6
commit 023a749
Show file tree

Hide file tree

Showing 20 changed files with 1,655 additions and 0 deletions.
diff --git a/02_freeipa.lab.local/model/group b/02_freeipa.lab.local/model/group
@@ -0,0 +1,14 @@
+lab-admin:x:10000
+lab-staff:x:10001
+nfs-admin:x:10010
+nfs-staff:x:10011
+docker-admin:x:10020
+docker-staff:x:10021
+kube-admin:x:10030
+kube-staff:x:10031
+okd-admin:x:10040
+okd-staff:x:10041
+oidc-admin:x:10050
+oidc-staff:x:10051
+simple-admin:x:10060
+simple-staff:x:10061
diff --git a/02_freeipa.lab.local/model/passwd b/02_freeipa.lab.local/model/passwd
@@ -0,0 +1,8 @@
+veldrane:x:2001:10001:Veldrane user:/nfshome/veldrane:/bin/bash
+valor:x:2002:10001:Valor user:/nfshome/valor:/bin/bash
+jdvorak:x:3001:10001:Jan Dvorak:/nfshome/jdvorak:/bin/bash
+mnovak:x:3002:10002:Martin Novak:/nfshome/mnovak:/bin/bash
+kube:x:5001:10031:Kubernetes service account:/nfshome/kube:/sbin/nologin
+okd:x:5002:10041:Openshift service account:/nfshome/okd:/sbin/nologin
+docker:x:5003:10021:Docker service account:/nfshome/docker:/sbin/nologin
+keycloak:x:5004:10021:Keycloak service account:/opt/keycloak:/sbin/nologin
diff --git a/03_okdv3/ansible/99_install_stap.yaml b/03_okdv3/ansible/99_install_stap.yaml
@@ -0,0 +1,14 @@
+- hosts:
+    - node11.lab.local
+    - node17.lab.local
+    - node18.lab.local
+    - node21.lab.local
+    - node22.lab.local
+    - node23.lab.local
+    - node24.lab.local
+  become: true
+  gather_facts: no
+  tasks:
+
+  - name: Install additional packages
+    shell: yum install -y systemtap bcc-tools curl tcpdump
diff --git a/08_keycloak/99_notes.md b/08_keycloak/99_notes.md
@@ -10,4 +10,68 @@ Enable "Periodic full sync"
 
 - must be considered the load of the full sync vs changed user sync and ad/disad
 
+#### Install steps ####
+
+##### Keycloak #####
+
+lvcreate -L4GiB -n opt rootvg
+mkfs.ext4 /dev/rootvg/opt
+echo "/dev/mapper/rootvg-opt  /opt                    ext4    noatime,nodiratime        1 2" >> /etc/fstab
+mount /opt
+yum install -y java-1.8.0-openjdk
+cd /tmp ; curl https://downloads.jboss.org/keycloak/9.0.3/keycloak-9.0.3.tar.gz -o keycloak-9.0.3.tar.gz
+mkdir -p /opt/keycloak/9.0.3
+ln -s /opt/keycloak/9.0.3 /opt/keycloak/current
+tar -xzf /tmp/keycloak-9.0.3.tar.gz -C /opt/keycloak/9.0.3 --strip-components=1
+chmod 700 /opt/keycloak/current/standalone
+cd /opt/keycloak/current/modules 
+mkdir -p org/postgresql/main
+curl https://jdbc.postgresql.org/download/postgresql-42.2.12.jar -o org/postgresql/main/postgresql-42.2.12.jar
+
+
+```echo '<?xml version="1.0" ?>
+<module xmlns="urn:jboss:module:1.3" name="org.postgresql">
+
+    <resources>
+        <resource-root path="postgresql-42.2.12.jar"/>
+	</resources>
+
+	<dependencies>
+		<module name="javax.api"/>
+		<module name="javax.transaction.api"/>
+	</dependencies>
+</module>' > org/postgresql/main/module.xml```
+
+```echo '[Unit]
+Description=Keycloak
+After=network.target syslog.target
+
+[Service]
+Type=idle
+User=keycloak
+Group=keycloak
+ExecStart=/opt/keycloak/current/bin/standalone.sh -b 0.0.0.0
+TimeoutStartSec=600
+TimeoutStopSec=600
+
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=keycloak
+
+[Install]
+WantedBy=multi-user.target
+' > /etc/systemd/system/keycloak.service```
+systemctl deamon-reload
+systemctl enable keycloak
+
+
+chown -R keycloak.keycloak-admin /opt/keycloak
+cd /opt/keycloak/current
+./bin/add-user-keycloak.sh -u admin -p admin -r master
+
+
+##### IPA #####
+
+ipa group-add keycloak-admin --gid=10012 --desc='Keycloak admins'
+echo keycloak | ipa user-add keycloak --first=Keycloak --last=Keycloak --homedir=/var/lib/keycloak --shell=/sbin/nologin --uid=1006 --gidnumber=10012 --password