Deploy KeyCloak and Registration Authority to GWDG.de cloud
To prepare for the feasibility study we will run at the end of August (see https://gitlab.com/indie-sleep-demo/orga/-/issues/15), we need to deploy KeyCloak, the Registration Authority to the GWDG cloud.
Definition of Done:
-
Split KeyCloak and Registration Authority into their own docker-compose file -
Provision GWDG server to run docker/docker-compose and serve the applications (may already be done?) -
Configure TLS for the above applications --> see #4 (closed) -
Deploy applications -
Automate deployment, pushing configuration changes to this repository should trigger CI/CD and update the live -
Confirm the registration authority is working by testing the http endpoints. -
set up firewall --> already set up by GWDG
Hints:
-
server address:
cloud@141.5.102.110
-
server fingerprints:
root@asclepios-sleep:~# for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f "$f"; done
1024 SHA256:bjXiLKPcgiN4p1ZcYQ1BytoGKFLiCkmg26AcVAHaqNQ root@asclepios-sleep (DSA)
256 SHA256:awwQ+c/aaDFzdwmc3rYUxFJTMjv+4NSLKpZbIlP3y0k root@asclepios-sleep (ECDSA)
256 SHA256:Wt8MY2W+a6fI6d3qBBXHEwan+dQkxOC57400l0YHdjI root@asclepios-sleep (ED25519)
2048 SHA256:CX0RzkYu9oFZM5bRV/EdDIpPZpaeIDA2ACONO0GgdSA root@asclepios-sleep (RSA)
- Registration Authority documentation: Unfortunately there is none, but it should be fairly easy to work out how to test it's endpoints using the source code found here: https://gitlab.com/asclepios-project/registration-authority-cpabe/-/blob/master/app/src/main/java/eu/ubitech/asclepios/rest/AuthRestController.java
Here is a quick example using curl:
token=$(curl \
-d "client_id=calls-gateway" \
-d "username=dev" \
-d "password=password" \
-d "grant_type=password" \
"https://<KEYCLOAK_HOST>/auth/realms/snet/protocol/openid-connect/token" \
| sed 's/.*token":"\(.*\)","expires.*/\1/g'
)
curl -v --location --request POST 'https://<REGAUTH_HOST>' \
--header 'Authorization: Bearer '$token \
--header 'Content-Type: application/json' \
--data-raw \
'{"firstName":"foo","lastName":"bar","email":"foo@example.com","username":"foo","enabled":"true","keys":["at1","at2", "at3"],"values":["xaxa","yy", "zz"],"realmRoles":["admin"]}'
Edited by Ilka Schulz