Created
July 14, 2017 09:36
-
-
Save jpkrohling/5c9d4bb72895ba1b4e929a70ff56f533 to your computer and use it in GitHub Desktop.
Red Hat SSO on OpenShift
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SECRETS_KEYSTORE_PASSWORD=$(openssl rand -base64 512 | tr -dc A-Z-a-z-0-9 | head -c 17) | |
| oc cluster up --version=latest | |
| oc login -u system:admin | |
| oc new-project redhat-sso | |
| oc create serviceaccount sso-service-account | |
| oc policy add-role-to-user view system:serviceaccount:redhat-sso:sso-service-account | |
| oc create -n openshift -f https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.3.7/jboss-image-streams.json | |
| for template in sso71-https.json \ | |
| sso71-mysql-persistent.json \ | |
| sso71-mysql.json \ | |
| sso71-postgresql-persistent.json \ | |
| sso71-postgresql.json | |
| do | |
| oc create -n openshift -f \ | |
| https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.3.7/sso/${template} | |
| done | |
| openssl req -new -newkey rsa:4096 -x509 -keyout xpaas.key -out xpaas.crt -days 365 -subj "/CN=xpaas-redhat-sso.ca" -passin pass:${SECRETS_KEYSTORE_PASSWORD} -passout pass:${SECRETS_KEYSTORE_PASSWORD} | |
| keytool -genkeypair -keyalg RSA -keysize 2048 -dname "CN=secure-sso-redhat-sso.apps.127.0.0.1.nip.io" -alias sso-https-key -keystore sso-https.jks -storepass ${SECRETS_KEYSTORE_PASSWORD} | |
| keytool -certreq -keyalg rsa -alias sso-https-key -keystore sso-https.jks -file sso.csr -storepass ${SECRETS_KEYSTORE_PASSWORD} | |
| openssl x509 -req -CA xpaas.crt -CAkey xpaas.key -in sso.csr -out sso.crt -days 365 -CAcreateserial -passin pass:${SECRETS_KEYSTORE_PASSWORD} | |
| keytool -import -file xpaas.crt -alias xpaas.ca -keystore sso-https.jks -storepass ${SECRETS_KEYSTORE_PASSWORD} | |
| keytool -import -file sso.crt -alias sso-https-key -keystore sso-https.jks -storepass ${SECRETS_KEYSTORE_PASSWORD} | |
| keytool -import -file xpaas.crt -alias xpaas.ca -keystore truststore.jks -storepass ${SECRETS_KEYSTORE_PASSWORD} | |
| keytool -genseckey -alias jgroups -storetype JCEKS -keystore jgroups.jceks -storepass ${SECRETS_KEYSTORE_PASSWORD} | |
| oc secret new sso-jgroup-secret jgroups.jceks | |
| oc secret new sso-ssl-secret sso-https.jks truststore.jks | |
| oc secrets link sso-service-account sso-jgroup-secret sso-ssl-secret | |
| oc new-app --template=sso71-https \ | |
| -p APPLICATION_NAME=sso \ | |
| -p HOSTNAME_HTTPS=secure-sso-redhat-sso.apps.127.0.0.1.nip.io \ | |
| -p HOSTNAME_HTTP=sso-redhat-sso.apps.127.0.0.1.nip.io \ | |
| -p HTTPS_KEYSTORE=sso-https.jks \ | |
| -p HTTPS_PASSWORD=${SECRETS_KEYSTORE_PASSWORD} \ | |
| -p HTTPS_SECRET=sso-ssl-secret \ | |
| -p SSO_TRUSTSTORE_SECRET=sso-ssl-secret \ | |
| -p JGROUPS_ENCRYPT_KEYSTORE=jgroups.jceks \ | |
| -p JGROUPS_ENCRYPT_PASSWORD=${SECRETS_KEYSTORE_PASSWORD} \ | |
| -p JGROUPS_ENCRYPT_SECRET=sso-jgroup-secret \ | |
| -p SERVICE_ACCOUNT_NAME=sso-service-account \ | |
| -p SSO_REALM=jaeger \ | |
| -p SSO_SERVICE_USERNAME=jaeger-admin \ | |
| -p SSO_SERVICE_PASSWORD=$(openssl rand -base64 512 | tr -dc A-Z-a-z-0-9 | head -c 17) \ | |
| -p SSO_ADMIN_USERNAME=sso-admin \ | |
| -p SSO_TRUSTSTORE=truststore.jks \ | |
| -p SSO_TRUSTSTORE_SECRET=sso-ssl-secret \ | |
| -p SSO_TRUSTSTORE_PASSWORD=${SECRETS_KEYSTORE_PASSWORD} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment