keycloak server

Keycloak/README.md

@@ -0,0 +1,68 @@
+# Keycloak Server Automation with Terraform
+
+Terraform configurations for automating the deployment of a Keycloak server on AWS. The deployment script provisions an EC2 instance with Keycloak installed and configured, using specified AWS resources and settings.
+
+## Prerequisites
+
+Before you begin, ensure you have the following:
+
+- **Terraform**: Make sure Terraform is installed on your local machine. You can download it from [Terraform's official website](https://www.terraform.io/downloads.html).
+
+
+## Configuration
+
+1. Clone the Repository
+
+   ```
+   git clone <repository-url>
+   cd <repository-directory>
+   ```
+
+2. Update `terraform.tfvars`
+
+   Edit the terraform.tfvars file with your specific AWS and Keycloak configurations:
+
+4. Initialize Terraform
+
+   Run the following command to initialize Terraform. This will download the necessary provider plugins:
+
+   ```
+   terraform init
+   ```
+6. Plan the Deployment
+
+   Create an execution plan to review the resources that Terraform will create or modify:
+   ```
+   terraform plan
+   ```
+7. Apply the Configuration
+
+   Apply the Terraform configuration to create the resources:
+   ```
+   terraform apply
+   ```
+   Confirm the action by typing `yes` when prompted.
+
+## Keycloak Access
+Once the deployment is complete, you can access your Keycloak server using the provided domain. 
+~~~
+Admin URL: https://prefix-keycloak.test.rancher.space
+Admin Username: admin
+Admin Password: The password specified in `terraform.tfvars`.
+~~~
+
+Cleanup:
+
+To remove the resources created by Terraform, run:  
+```
+terraform destroy
+```
+Confirm the action by typing `yes` when prompted.
+
+# Important Notice
+
+This deployment is intended for internal use only and is not suitable for production environments or customer deployments. It is provided as-is, without any warranties or guarantees. There is no official support provided by SUSE for this deployment.
+
+# Additional Information
+
+Feel free to customize the content further based on your specific project details and preferences.

Keycloak/cloud-init.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+apt update -y
+apt install docker* -y
+systemctl enable --now docker.service
+apt install certbot -y
+
+
+# Request Certificate. 
+certbot certonly --non-interactive --standalone -d ${keycloak_server_name} --agree-tos -m ${email}
+
+# Set up Keycloak certificates directory
+mkdir -p /opt/keycloak/certs
+cp /etc/letsencrypt/live/${keycloak_server_name}/fullchain.pem /opt/keycloak/certs
+cp /etc/letsencrypt/live/${keycloak_server_name}/privkey.pem /opt/keycloak/certs
+chmod 755 /opt/keycloak/certs
+chmod 644 /opt/keycloak/certs/*
+
+
+cat <<EOF > /opt/keycloak/keycloak.yml
+version: '3'
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:latest
+    container_name: keycloak
+    restart: always
+    ports:
+      - 80:8080
+      - 443:8443
+    volumes:
+      - ./certs/fullchain.pem:/etc/x509/https/tls.crt
+      - ./certs/privkey.pem:/etc/x509/https/tls.key
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=${keycloak_password}
+      - KC_HOSTNAME=${keycloak_server_name}
+      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/tls.crt
+      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/tls.key
+    command:
+      - start-dev
+EOF
+
+
+
+# Install docker compose
+curl -SL https://github.com/docker/compose/releases/download/${docker_compose_version}/docker-compose-linux-x86_64 -o /usr/bin/docker-compose
+chmod +x /usr/bin/docker-compose
+
+# Start Keycloak with Docker Compose
+cd /opt/keycloak
+docker-compose -f /opt/keycloak/keycloak.yml up

Keycloak/main.tf

@@ -0,0 +1,80 @@
+provider "aws" {
+  region = var.region
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+}
+
+data "aws_route53_zone" "selected" {
+  name         = var.aws_domain
+  private_zone = false
+}
+
+data "template_file" "keycloak" {
+  template = file("cloud-init.sh")
+  vars = {
+    keycloak_server_name   = "${var.instance_suffix}-keycloak.${var.aws_domain}"
+    keycloak_password = var.keycloak_password
+    docker_compose_version = var.docker_compose_version
+    email                 = var.email
+  }
+}
+
+resource "aws_instance" "keycloak" {
+  ami               = var.ami_id
+  instance_type     = var.instance_type
+  subnet_id         = var.subnet_id
+  vpc_security_group_ids = var.security_group_ids
+  key_name          = var.key_name
+
+  associate_public_ip_address = true
+
+  user_data = data.template_file.keycloak.rendered
+
+  tags = {
+    Name = "${var.instance_suffix}-keycloak"
+  }
+}
+
+resource "aws_route53_record" "dns" {
+  zone_id = data.aws_route53_zone.selected.zone_id
+  name    = "${var.instance_suffix}-keycloak"
+  type    = "A"
+  ttl     = 300
+  records = [aws_instance.keycloak.public_ip]
+}
+
+# check the keycloak server rediness and print the status
+
+resource "null_resource" "keycloak_readiness_check" {
+  provisioner "local-exec" {
+    command = <<EOT
+      #!/bin/bash
+
+      timeout=300  # Maximum time to wait in seconds
+      interval=20  # Time to wait between checks in seconds
+      end_time=$(( $(date +%s) + timeout ))
+
+      while [ $(date +%s) -lt $end_time ]; do
+        if curl -k -s -o /dev/null -w "%%{http_code}" -L https://${data.template_file.keycloak.vars.keycloak_server_name} | grep -q '^200$'; then
+          echo "Keycloak is ready!"      
+          exit 0
+        fi
+        echo "Keycloak not ready yet. Waiting $interval seconds..." 
+        sleep $interval
+      done
+
+      echo "Timeout reached. Keycloak service is not ready."   
+      exit 1
+    EOT
+  }
+
+  depends_on = [aws_route53_record.dns]
+}
+
+output "keycloak_server_ip" {
+    value = aws_instance.keycloak.public_ip
+}
+
+output "keycloak_server_name" {
+    value = "https://${data.template_file.keycloak.vars.keycloak_server_name}"
+}

Keycloak/terraform.tfvars

@@ -0,0 +1,41 @@
+# terraform.tfvars
+
+# AWS region to deploy the instance
+region = ""       # Select your region
+
+# AWS credentials
+aws_access_key = ""  # Replace with your AWS Access Key
+aws_secret_key = ""  # Replace with your AWS Secret Key
+
+# EC2 instance type
+instance_type = ""       # Choose your instance type
+
+# Name of the SSH key pair to use for the EC2 instance
+key_name = ""  # Replace with your actual key pair name
+
+# VPC ID where the EC2 instance will be deployed
+vpc_id = ""  # Replace with your actual VPC ID
+
+# Subnet ID within the VPC where the EC2 instance will be deployed
+subnet_id = ""  # Replace with your actual Subnet ID
+
+# Security Group IDs associated with the EC2 instance
+security_group_ids = [""]  # Replace with your actual Security Group IDs
+
+# AMI ID for the EC2 instance
+ami_id = ""   # Use any Ubuntu image, as the `cloud-init.sh` script is compatible only with Ubuntu images
+
+# AWS Route 53 domain name
+aws_domain = ""  # Update your AWS domain
+
+# Suffix to append to the instance name and DNS record
+instance_suffix = ""  # e.g., 'dev', 'prod', or any other environment identifier
+
+# Keycloak admin password
+keycloak_password = ""  # Replace with a secure password
+
+#Email needs to be valid, otherwise certbot will fail
+email = ""
+
+# docker compose version, note: I've tested with older versions 
+docker_compose_version = ""

Keycloak/variables.tf

@@ -0,0 +1,62 @@
+variable "region" {
+  description = "AWS region"
+  type        = string
+}
+
+variable "aws_access_key" {
+  description = "AWS access key"
+  type        = string
+}
+
+variable "aws_secret_key" {
+  description = "AWS secret key"
+  type        = string
+  sensitive   = true
+}
+
+variable "instance_type" {
+  description = "EC2 instance type"
+}
+
+variable "key_name" {
+  description = "The name of the key pair to use for the instance"
+}
+
+variable "vpc_id" {
+  description = "The VPC ID where the instance will be deployed"
+}
+
+variable "subnet_id" {
+  description = "The Subnet ID where the instance will be deployed"
+}
+
+variable "security_group_ids" {
+  description = "List of security group IDs to associate with the instance"
+  type        = list(string)
+}
+
+variable "ami_id" {
+  description = "The AMI ID to use for the instance" 
+}
+
+variable "aws_domain" {
+  description = "The domain name for the AWS Route 53"
+}
+
+variable "instance_suffix" {
+  description = "Suffix to append to the instance name"
+}
+
+variable "keycloak_password" {
+  description = "Keycloak admin password"
+  type        = string
+}
+
+variable "email" {
+  description = "email for cert verification"
+  type = string
+}
+
+variable "docker_compose_version" {
+  description = "docker-compose version" 
+}