keycloak server

Keycloak/README.md

@@ -0,0 +1,68 @@
+# Keycloak Server Automation with Terraform
+
+Terraform configurations for automating the deployment of a Keycloak server on AWS. The deployment script provisions an EC2 instance with Keycloak installed and configured, using specified AWS resources and settings.
+
+## Prerequisites
+
+Before you begin, ensure you have the following:
+
+- **Terraform**: Make sure Terraform is installed on your local machine. You can download it from [Terraform's official website](https://www.terraform.io/downloads.html).
+
+
+## Configuration
+
+1. Clone the Repository
+
+   ```
+   git clone <repository-url>
+   cd <repository-directory>
+   ```
+
+2. Update `terraform.tfvars`
+
+   Edit the terraform.tfvars file with your specific AWS and Keycloak configurations:
+
+4. Initialize Terraform
+
+   Run the following command to initialize Terraform. This will download the necessary provider plugins:
+
+   ```
+   terraform init
+   ```
+6. Plan the Deployment
+
+   Create an execution plan to review the resources that Terraform will create or modify:
+   ```
+   terraform plan
+   ```
+7. Apply the Configuration
+
+   Apply the Terraform configuration to create the resources:
+   ```
+   terraform apply
+   ```
+   Confirm the action by typing `yes` when prompted.
+
+## Keycloak Access
+Once the deployment is complete, you can access your Keycloak server using the provided domain. 
+~~~
+Admin URL: https://prefix-keycloak.test.rancher.space
+Admin Username: admin
+Admin Password: The password specified in `terraform.tfvars`.
+~~~
+
+Cleanup:
+
+To remove the resources created by Terraform, run:  
+```
+terraform destroy
+```
+Confirm the action by typing `yes` when prompted.
+
+# Important Notice
+
+This deployment is intended for internal use only and is not suitable for production environments or customer deployments. It is provided as-is, without any warranties or guarantees. There is no official support provided by SUSE for this deployment.
+
+# Additional Information
+
+Feel free to customize the content further based on your specific project details and preferences.

Keycloak/cloud-init.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+apt update -y
+apt install -y docker*
+systemctl enable --now docker.service
+
+
+# Generate certificates using Docker
+docker run -v $PWD/certs:/certs \
+  -e CA_SUBJECT="My own root CA" \
+  -e CA_EXPIRE="1825" \
+  -e SSL_EXPIRE="365" \
+  -e SSL_SUBJECT="${keycloak_server_name}" \
+  -e SSL_DNS="${keycloak_server_name}" \
+  -e SILENT="true" \
+  superseb/omgwtfssl
+
+# Combine certificate and CA into fullchain.pem
+cat certs/cert.pem certs/ca.pem > certs/fullchain.pem
+
+
+# Set up Keycloak certificates directory
+mkdir -p /opt/keycloak/certs
+cp certs/fullchain.pem /opt/keycloak/certs/
+cp certs/key.pem /opt/keycloak/certs/
+
+
+cat <<EOF > /opt/keycloak/keycloak.yml
+version: '3'
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:latest
+    container_name: keycloak
+    restart: always
+    ports:
+      - 80:8080
+      - 443:8443
+    volumes:
+      - ./certs/fullchain.pem:/etc/x509/https/tls.crt
+      - ./certs/key.pem:/etc/x509/https/tls.key
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=${keycloak_password}
+      - KC_HOSTNAME=${keycloak_server_name}
+      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/tls.crt
+      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/tls.key
+    command:
+      - start-dev
+EOF
+
+# Start Keycloak with Docker Compose
+curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose 
+chmod +x /usr/bin/docker-compose
+docker-compose -f /opt/keycloak/keycloak.yml up

Keycloak/main.tf

@@ -0,0 +1,76 @@
+provider "aws" {
+  region = var.region
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+}
+
+data "aws_route53_zone" "selected" {
+  name         = var.aws_domain
+  private_zone = false
+}
+
+data "template_file" "keycloak" {
+  template = file("cloud-init.sh")
+  vars = {
+    keycloak_server_name   = "${var.instance_suffix}-keycloak.${var.aws_domain}"
+    keycloak_password = var.keycloak_password
+  }
+}
+
+resource "aws_instance" "keycloak" {
+  ami               = var.ami_id
+  instance_type     = var.instance_type
+  subnet_id         = var.subnet_id
+  vpc_security_group_ids = var.security_group_ids
+  key_name          = var.key_name
+
+  associate_public_ip_address = true
+
+  user_data = data.template_file.keycloak.rendered
+
+  tags = {
+    Name = "${var.instance_suffix}-keycloak"
+  }
+}
+
+resource "aws_route53_record" "dns" {
+  zone_id = data.aws_route53_zone.selected.zone_id
+  name    = "${var.instance_suffix}-keycloak"
+  type    = "A"
+  ttl     = 300
+  records = [aws_instance.keycloak.public_ip]
+}
+
+resource "null_resource" "keycloak_readiness_check" {
+  provisioner "local-exec" {
+    command = <<EOT
+      #!/bin/bash
+
+      timeout=300  # Maximum time to wait in seconds
+      interval=20  # Time to wait between checks in seconds
+      end_time=$(( $(date +%s) + timeout ))
+
+      while [ $(date +%s) -lt $end_time ]; do
+        if curl -k -s -o /dev/null -w "%%{http_code}" -L https://${data.template_file.keycloak.vars.keycloak_server_name} | grep -q '^200$'; then
+          echo "Keycloak is ready!"      
+          exit 0
+        fi
+        echo "Keycloak not ready yet. Waiting $interval seconds..." 
+        sleep $interval
+      done
+
+      echo "Timeout reached. Keycloak service is not ready."   
+      exit 1
+    EOT
+  }
+
+  depends_on = [aws_route53_record.dns]
+}
+
+output "keycloak_server_ip" {
+    value = aws_instance.keycloak.public_ip
+}
+
+output "keycloak_server_name" {
+    value = "https://${data.template_file.keycloak.vars.keycloak_server_name}"
+}

Keycloak/terraform.tfvars

@@ -0,0 +1,35 @@
+# terraform.tfvars
+
+# AWS region to deploy the instance
+region = "us-east-2"
+
+# AWS credentials
+aws_access_key = ""  # Replace with your AWS Access Key
+aws_secret_key = ""  # Replace with your AWS Secret Key
+
+# EC2 instance type
+instance_type = "t3.medium"
+
+# Name of the SSH key pair to use for the EC2 instance
+key_name = ""  # Replace with your actual key pair name
+
+# VPC ID where the EC2 instance will be deployed
+vpc_id = ""  # Replace with your actual VPC ID
+
+# Subnet ID within the VPC where the EC2 instance will be deployed
+subnet_id = ""  # Replace with your actual Subnet ID
+
+# Security Group IDs associated with the EC2 instance
+security_group_ids = [""]  # Replace with your actual Security Group IDs
+
+# AMI ID for the EC2 instance
+ami_id = ""  
+
+# AWS Route 53 domain name
+aws_domain = ""  
+
+# Suffix to append to the instance name and DNS record
+instance_suffix = ""  # e.g., 'dev', 'prod', or any other environment identifier
+
+# Keycloak admin password
+keycloak_password = ""  # Replace with a secure password

Keycloak/variables.tf

@@ -0,0 +1,57 @@
+variable "region" {
+  description = "AWS region"
+  type        = string
+  default     = "us-east-2"
+}
+
+variable "aws_access_key" {
+  description = "AWS access key"
+  type        = string
+}
+
+variable "aws_secret_key" {
+  description = "AWS secret key"
+  type        = string
+  sensitive   = true
+}
+
+variable "instance_type" {
+  description = "EC2 instance type"
+  default     = "t3.medium"
+}
+
+variable "key_name" {
+  description = "The name of the key pair to use for the instance"
+}
+
+variable "vpc_id" {
+  description = "The VPC ID where the instance will be deployed"
+}
+
+variable "subnet_id" {
+  description = "The Subnet ID where the instance will be deployed"
+}
+
+variable "security_group_ids" {
+  description = "List of security group IDs to associate with the instance"
+  type        = list(string)
+}
+
+variable "ami_id" {
+  description = "The AMI ID to use for the instance"
+  default     = "ami-0862be96e41dcbf74" 
+}
+
+variable "aws_domain" {
+  description = "The domain name for the AWS Route 53"
+}
+
+variable "instance_suffix" {
+  description = "Suffix to append to the instance name"
+}
+
+variable "keycloak_password" {
+  description = "Keycloak admin password"
+  type        = string
+  default     = "password"
+}