| #!/usr/bin/python3 |
| |
| # ***************************************************************************** |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # ****************************************************************************** |
| |
| import logging |
| from fabric import * |
| import argparse |
| import sys |
| import os |
| import subprocess |
| from patchwork.files import exists |
| from patchwork import files |
| |
| parser = argparse.ArgumentParser() |
| parser.add_argument('--os_user', type=str, default='') |
| parser.add_argument('--public_ip_address', type=str, default='') |
| parser.add_argument('--keyfile', type=str, default='') |
| parser.add_argument('--keycloak_realm_name', type=str, default='') |
| parser.add_argument('--keycloak_user', type=str, default='') |
| parser.add_argument('--keycloak_user_password', type=str, default='') |
| args = parser.parse_args() |
| |
| keycloak_version = "8.0.1" |
| templates_dir = './templates/' |
| external_port = "80" |
| internal_port = "8080" |
| private_ip_address = "127.0.0.1" |
| |
| def ensure_jre_jdk(os_user): |
| if not exists(conn,'/home/' + os_user + '/.ensure_dir/jre_jdk_ensured'): |
| try: |
| conn.sudo('mkdir -p /home/' + os_user + '/.ensure_dir') |
| conn.sudo('apt-get update') |
| conn.sudo('apt-get install -y default-jre') |
| conn.sudo('apt-get install -y default-jdk') |
| conn.sudo('touch /home/' + os_user + '/.ensure_dir/jre_jdk_ensured') |
| except: |
| sys.exit(1) |
| |
| def configure_keycloak(): |
| conn.sudo('wget https://downloads.jboss.org/keycloak/' + keycloak_version + '/keycloak-' + keycloak_version + '.tar.gz -O /tmp/keycloak-' + keycloak_version + '.tar.gz') |
| conn.sudo('tar -zxvf /tmp/keycloak-' + keycloak_version + '.tar.gz -C /opt/') |
| conn.sudo('ln -s /opt/keycloak-' + keycloak_version + ' /opt/keycloak') |
| conn.sudo('chown ' + args.os_user + ':' + args.os_user + ' -R /opt/keycloak-' + keycloak_version) |
| conn.sudo('/opt/keycloak/bin/add-user-keycloak.sh -r master -u ' + args.keycloak_user + ' -p ' + args.keycloak_user_password) #create initial admin user in master realm |
| conn.put(templates_dir + 'realm.json', '/tmp/' + args.keycloak_realm_name + '-realm.json') |
| conn.put(templates_dir + 'keycloak.service', '/tmp/keycloak.service') |
| conn.sudo("cp /tmp/keycloak.service /etc/systemd/system/keycloak.service") |
| conn.sudo("sed -i 's|realm-name|" + args.keycloak_realm_name + "|' /tmp/" + args.keycloak_realm_name + "-realm.json") |
| conn.sudo("sed -i 's|OS_USER|" + args.os_user + "|' /etc/systemd/system/keycloak.service") |
| conn.sudo("sed -i 's|private_ip_address|" + private_ip_address + "|' /etc/systemd/system/keycloak.service") |
| conn.sudo("sed -i 's|keycloak_realm_name|" + args.keycloak_realm_name + "|' /etc/systemd/system/keycloak.service") |
| conn.sudo("systemctl daemon-reload") |
| conn.sudo("systemctl enable keycloak") |
| conn.sudo("systemctl start keycloak") |
| |
| def configure_nginx(): |
| conn.sudo('apt install -y nginx') |
| conn.put(templates_dir + 'nginx.conf', '/tmp/nginx.conf') |
| conn.sudo("cp /tmp/nginx.conf /etc/nginx/conf.d/nginx.conf") |
| conn.sudo("sed -i 's|80|81|' /etc/nginx/sites-enabled/default") |
| conn.sudo("sed -i 's|external_port|" + external_port + "|' /etc/nginx/conf.d/nginx.conf") |
| conn.sudo("sed -i 's|internal_port|" + internal_port + "|' /etc/nginx/conf.d/nginx.conf") |
| conn.sudo("sed -i 's|private_ip_address|" + private_ip_address + "|' /etc/nginx/conf.d/nginx.conf") |
| conn.sudo("systemctl daemon-reload") |
| conn.sudo("systemctl enable nginx") |
| conn.sudo("systemctl restart nginx") |
| |
| def init_connection(hostname, username, keyfile): |
| try: |
| global conn |
| attempt = 0 |
| while attempt < 10: |
| print('connection attempt {}'.format(attempt)) |
| conn = Connection(host = hostname, user = username, connect_kwargs={'key_filename': keyfile}) |
| conn.config.run.echo = True |
| try: |
| conn.run('ls') |
| conn.config.run.echo = True |
| return conn |
| except: |
| attempt += 1 |
| time.sleep(10) |
| except: |
| traceback.print_exc() |
| sys.exit(1) |
| |
| if __name__ == "__main__": |
| #subprocess.run("sudo mkdir /logs/keycloak -p", shell=True, check=True) |
| #subprocess.run('sudo chown ' + args.os_user + ':' + args.os_user + ' -R /logs/keycloak', shell=True, check=True) |
| #local_log_filename = "keycloak_deployment_script.log" |
| #local_log_filepath = "/logs/keycloak/" + local_log_filename |
| #logging.basicConfig(format='%(levelname)-8s [%(asctime)s] %(message)s', |
| # level=logging.DEBUG, |
| # filename=local_log_filepath) |
| |
| print("Configure connections") |
| if args.public_ip_address != '': |
| hostname = args.public_ip_address |
| else: |
| hostname = private_ip_address |
| |
| conn = init_connection(hostname, args.os_user, args.keyfile) |
| |
| print("Install Java") |
| ensure_jre_jdk(args.os_user) |
| |
| try: |
| print("installing Keycloak") |
| configure_keycloak() |
| except Exception as err: |
| print("Failed keycloak install: " + str(err)) |
| sys.exit(1) |
| |
| try: |
| print("installing nginx") |
| configure_nginx() |
| except Exception as err: |
| print("Failed nginx install: " + str(err)) |
| sys.exit(1) |