forked from JanssenProject/jans
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstartjanssendemo.sh
264 lines (250 loc) · 8.12 KB
/
startjanssendemo.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
#!/bin/bash
set -eo pipefail
JANS_FQDN=$1
JANS_PERSISTENCE=$2
JANS_CI_CD_RUN=$3
EXT_IP=$4
INSTALL_ISTIO=$5
HELM_DEVELOPMENT_REPO=$6
if [[ ! "$JANS_FQDN" ]]; then
read -rp "Enter Hostname [demoexample.jans.io]: " JANS_FQDN
fi
if ! [[ $JANS_FQDN == *"."*"."* ]]; then
echo "[E] Hostname provided is invalid or empty.
Please enter a FQDN with the format demoexample.jans.io"
exit 1
fi
if [[ ! "$JANS_PERSISTENCE" ]]; then
read -rp "Enter persistence type [LDAP|MYSQL|PGSQL]: " JANS_PERSISTENCE
fi
if [[ $JANS_PERSISTENCE != "LDAP" ]] && [[ $JANS_PERSISTENCE != "MYSQL" ]] && [[ $JANS_PERSISTENCE != "PGSQL" ]]; then
echo "[E] Incorrect entry. Please enter either LDAP, MYSQL or PGSQL"
exit 1
fi
if [[ ! "$HELM_DEVELOPMENT_REPO" ]]; then
HELM_DEVELOPMENT_REPO=""
fi
LOG_TARGET="FILE"
LOG_LEVEL="TRACE"
if [[ -z $JANS_CI_CD_RUN ]]; then
LOG_TARGET="STDOUT"
LOG_LEVEL="INFO"
fi
if [[ -z $EXT_IP ]]; then
EXT_IP=$(curl ipinfo.io/ip)
fi
wait_for_services() {
code=404
while [[ "$code" != "200" ]]; do
echo "Waiting for https://${JANS_FQDN}/$1 to respond with 200"
code=$(curl -s -o /dev/null -w ''%{http_code}'' -k https://"${JANS_FQDN}"/"$1")
sleep 5
done
}
sudo apt-get update
sudo apt-get install openssl -y
sudo apt-get install python3-pip -y
sudo pip3 install pip --upgrade
sudo pip3 install setuptools --upgrade
sudo pip3 install pyOpenSSL --upgrade
sudo apt-get update
sudo apt-get install build-essential unzip -y
sudo pip3 install requests --upgrade
sudo pip3 install shiv
sudo snap install microk8s --classic
sudo microk8s.status --wait-ready
sudo microk8s.enable dns registry ingress hostpath-storage
sudo microk8s kubectl get daemonset.apps/nginx-ingress-microk8s-controller -n ingress -o yaml | sed -s "s@ingress-class=public@ingress-class=nginx@g" | microk8s kubectl apply -f -
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install net-tools
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
sudo microk8s config | sudo tee ~/.kube/config > /dev/null
sudo snap alias microk8s.kubectl kubectl
KUBECONFIG=~/.kube/config
sudo microk8s.kubectl create namespace jans --kubeconfig="$KUBECONFIG" || echo "namespace exists"
if [[ $INSTALL_ISTIO == "true" ]]; then
sudo microk8s.kubectl label ns jans istio-injection=enabled
sudo curl -L https://istio.io/downloadIstio | sh -
cd istio-*
export PATH=$PWD/bin:$PATH
sudo ./bin/istioctl install --set profile=demo -y
cd ..
fi
PERSISTENCE_TYPE="sql"
if [[ $JANS_PERSISTENCE == "MYSQL" ]]; then
sudo microk8s.kubectl get po --kubeconfig="$KUBECONFIG"
sudo helm install my-release --set auth.rootPassword=Test1234#,auth.database=jans -n jans oci://registry-1.docker.io/bitnamicharts/mysql --kubeconfig="$KUBECONFIG"
cat << EOF > override.yaml
config:
countryCode: US
email: [email protected]
orgName: Gluu
city: Austin
configmap:
cnSqlDbName: jans
cnSqlDbPort: 3306
cnSqlDbDialect: mysql
cnSqlDbHost: my-release-mysql.jans.svc
cnSqlDbUser: root
cnSqlDbTimezone: UTC
cnSqldbUserPassword: Test1234#
EOF
fi
if [[ $JANS_PERSISTENCE == "PGSQL" ]]; then
sudo microk8s.kubectl get po --kubeconfig="$KUBECONFIG"
sudo helm install my-release --set auth.postgresPassword=Test1234#,auth.database=jans -n jans oci://registry-1.docker.io/bitnamicharts/postgresql --kubeconfig="$KUBECONFIG"
cat << EOF > override.yaml
config:
countryCode: US
email: [email protected]
orgName: Gluu
city: Austin
configmap:
cnSqlDbName: jans
cnSqlDbPort: 5432
cnSqlDbDialect: pgsql
cnSqlDbHost: my-release-postgresql.jans.svc
cnSqlDbUser: postgres
cnSqlDbTimezone: UTC
cnSqldbUserPassword: Test1234#
EOF
fi
ENABLE_LDAP="false"
if [[ $JANS_PERSISTENCE == "LDAP" ]]; then
openssl req \
-x509 \
-newkey rsa:2048 \
-sha256 \
-days 365 \
-nodes \
-keyout opendj.key \
-out opendj.crt \
-subj "/CN=$JANS_FQDN" \
-addext 'subjectAltName=DNS:ldap,DNS:opendj'
LDAP_CERT_B64=$(base64 opendj.crt -w0)
LDAP_KEY_B64=$(base64 opendj.key -w0)
rm -f opendj.crt opendj.key
cat << EOF > override.yaml
config:
countryCode: US
email: [email protected]
orgName: Gluu
city: Austin
configmap:
cnLdapCrt: $LDAP_CERT_B64
cnLdapKey: $LDAP_KEY_B64
EOF
PERSISTENCE_TYPE="ldap"
ENABLE_LDAP="true"
fi
echo "$EXT_IP $JANS_FQDN" | sudo tee -a /etc/hosts > /dev/null
cat << EOF >> override.yaml
global:
cloud:
testEnviroment: true
istio:
enable: $INSTALL_ISTIO
cnPersistenceType: $PERSISTENCE_TYPE
auth-server-key-rotation:
enabled: true
auth-server:
appLoggers:
authLogTarget: "$LOG_TARGET"
authLogLevel: "$LOG_LEVEL"
httpLogTarget: "$LOG_TARGET"
httpLogLevel: "$LOG_LEVEL"
persistenceLogTarget: "$LOG_TARGET"
persistenceLogLevel: "$LOG_LEVEL"
persistenceDurationLogTarget: "$LOG_TARGET"
persistenceDurationLogLevel: "$LOG_LEVEL"
ldapStatsLogTarget: "$LOG_TARGET"
ldapStatsLogLevel: "$LOG_LEVEL"
scriptLogTarget: "$LOG_TARGET"
scriptLogLevel: "$LOG_LEVEL"
auditStatsLogTarget: "$LOG_TARGET"
auditStatsLogLevel: "$LOG_LEVEL"
casa:
# -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
appLoggers:
casaLogTarget: "$LOG_TARGET"
casaLogLevel: "$LOG_LEVEL"
timerLogTarget: "$LOG_TARGET"
timerLogLevel: "$LOG_LEVEL"
ingress:
casaEnabled: true
config-api:
appLoggers:
configApiLogTarget: "$LOG_TARGET"
configApiLogLevel: "$LOG_LEVEL"
fido2:
ingress:
fido2ConfigEnabled: true
appLoggers:
fido2LogTarget: "$LOG_TARGET"
fido2LogLevel: "$LOG_LEVEL"
persistenceLogTarget: "$LOG_TARGET"
persistenceLogLevel: "$LOG_LEVEL"
scim:
ingress:
scimConfigEnabled: true
scimEnabled: true
appLoggers:
scimLogTarget: "$LOG_TARGET"
scimLogLevel: "$LOG_LEVEL"
persistenceLogTarget: "$LOG_TARGET"
persistenceLogLevel: "$LOG_LEVEL"
persistenceDurationLogTarget: "$LOG_TARGET"
persistenceDurationLogLevel: "$LOG_LEVEL"
ldapStatsLogTarget: "$LOG_TARGET"
ldapStatsLogLevel: "$LOG_LEVEL"
scriptLogTarget: "$LOG_TARGET"
scriptLogLevel: "$LOG_LEVEL"
fqdn: $JANS_FQDN
lbIp: $EXT_IP
opendj:
# -- Boolean flag to enable/disable the OpenDJ chart.
enabled: $ENABLE_LDAP
# -- Nginx ingress definitions chart
nginx-ingress:
ingress:
path: /
hosts:
- $JANS_FQDN
# -- Secrets holding HTTPS CA cert and key.
tls:
- secretName: tls-certificate
hosts:
- $JANS_FQDN
auth-server:
livenessProbe:
initialDelaySeconds: 300
readinessProbe:
initialDelaySeconds: 300
EOF
sudo helm repo add janssen https://docs.jans.io/charts
sudo helm repo update
sudo helm install janssen janssen/janssen -n jans -f override.yaml --kubeconfig="$KUBECONFIG" "$HELM_DEVELOPMENT_REPO"
wait_for_services jans-config-api/api/v1/health/ready
wait_for_services jans-scim/sys/health-check
cat << EOF > testendpoints.sh
sudo microk8s config > config
KUBECONFIG="$PWD"/config
sleep 10
echo -e "Testing openid-configuration endpoint.. \n"
curl -k https://$JANS_FQDN/.well-known/openid-configuration
echo -e "Testing scim-configuration endpoint.. \n"
curl -k https://$JANS_FQDN/.well-known/scim-configuration
echo -e "Testing fido2-configuration endpoint.. \n"
curl -k https://$JANS_FQDN/.well-known/fido2-configuration
cd ..
EOF
sudo microk8s.kubectl -n jans wait --for=condition=available --timeout=300s deploy/janssen-auth-server --kubeconfig="$KUBECONFIG" || echo "Couldn't find deployment running tests anyways..."
sudo bash testendpoints.sh
echo -e "You may re-execute bash testendpoints.sh to do a quick test to check the openid-configuration endpoint."