keycloak server #11
keycloak server #11
Conversation
| ``` | ||
| Confirm the action by typing `yes` when prompted. | ||
|
|
||
| # Important Notice |
There was a problem hiding this comment.
This is more of an Important Notice because it provides critical information about the intended use, lack of warranties, and the absence of official support. It doesn't explicitly warn of an immediate danger but clarifies important terms that users must be aware of before proceeding. so I believe, in its current form, "Important Notice" is the appropriate term....
Keycloak/cloud-init.sh
Outdated
| apt update -y | ||
| apt install -y docker* |
There was a problem hiding this comment.
Since the script is a sample for internal use, the choice between Ubuntu and openSUSE Leap may depend on what the individual is comfortable with.
Any more specific reasons why openSUSE Leap would be a better fit in this context or a dependency that Keycloak/rancher?
There was a problem hiding this comment.
Any more specific reasons why openSUSE Leap would be a better fit in this context or a dependency that Keycloak/rancher?
No specific reason at all other than the proverb eat your own dog food.
Keycloak/cloud-init.sh
Outdated
| mkdir -p /opt/keycloak/certs | ||
| cp certs/fullchain.pem /opt/keycloak/certs/ | ||
| cp certs/key.pem /opt/keycloak/certs/ |
There was a problem hiding this comment.
| mkdir -p /opt/keycloak/certs | |
| cp certs/fullchain.pem /opt/keycloak/certs/ | |
| cp certs/key.pem /opt/keycloak/certs/ | |
| KEYCLOAK_CERTS=/opt/keycloak/certs | |
| mkdir -p $KEYCLOAK_CERTS | |
| cp certs/fullchain.pem $KEYCLOAK_CERTS | |
| cp certs/key.pem $KEYCLOAK_CERTS |
Keycloak/terraform.tfvars
Outdated
| # terraform.tfvars | ||
|
|
||
| # AWS region to deploy the instance | ||
| region = "us-east-2" |
There was a problem hiding this comment.
Since most of the team is based in India, could we use ap-south-1 for convenience?
There was a problem hiding this comment.
I’ve included instructions in the README.md that guide users to customize the terraform.tfvars file with their specific AWS configurations, including the region. Just edit the terraform.tfvars file with the preferred region and other relevant settings.
| end_time=$(( $(date +%s) + timeout )) | ||
|
|
||
| while [ $(date +%s) -lt $end_time ]; do | ||
| if curl -k -s -o /dev/null -w "%%{http_code}" -L https://${data.template_file.keycloak.vars.keycloak_server_name} | grep -q '^200$'; then |
There was a problem hiding this comment.
A code comment explaining what this is doing would help everyone if something needs to be changed in future. Especially folks like me who aren't shell script experts.
Keycloak/variables.tf
Outdated
| variable "region" { | ||
| description = "AWS region" | ||
| type = string | ||
| default = "us-east-2" |
There was a problem hiding this comment.
removed a default region... so you need to set it up from tf.vars
Keycloak/cloud-init.sh
Outdated
| docker run -v $PWD/certs:/certs \ | ||
| -e CA_SUBJECT="My own root CA" \ | ||
| -e CA_EXPIRE="1825" \ | ||
| -e SSL_EXPIRE="365" \ | ||
| -e SSL_SUBJECT="${keycloak_server_name}" \ | ||
| -e SSL_DNS="${keycloak_server_name}" \ | ||
| -e SILENT="true" \ | ||
| superseb/omgwtfssl |
There was a problem hiding this comment.
superseb/omgwtfssl was updated almost 6 years ago. Can we maybe create an image using it as base image and update it for CVEs and such?
EDIT: Just a simple apt/zypper/dnf update would suffice. However, if it's based on a container image that's no longer maintained, e.g. ubuntu 20.10, it might be better to find the Dockerfile and create our own image based on a openSUSE base, if possible, or simply use latest container of ubuntu/fedora whatever the original image is using.
There was a problem hiding this comment.
I have updated the SSL creation process using Certbot.
|
@skanakal thanks for the changes, and apologies for not being able to keep a tab on it. 👍🏽 |
Keycloak server