Express installation instructions#

The express installation instructions cover a minimal configuration without fault tolerance, placing all components on 1 virtual machine.

The instructions are given for the case when the virtual machine is connected to the Internet. The instructions use the name testinstallation.local as the domain name for installation (it should be corrected). In the scripts used for configuration, the string CHANGE_ME is used as the password (it must be corrected). All actions are performed with the privileges of the root user.

The operating system must be updated with current patches before work can be performed.

The Blitz Identity Provider distribution files must be downloaded and extracted to the ~/tmp/blitz directory before installation on the server (check the correct version in BLITZ_REL):

export BLITZ_REL=5.14.0
mkdir -p ~/tmp/blitz
wget -q 'https://nc.reaxoft.ru/nextcloud/index.php/s/3W48EBrNXf3R3WC/download?path=%2F'$BLITZ_REL'&files=blitz-'$BLITZ_REL.bin -O ~/tmp/blitz/blitz-$BLITZ_REL.bin
wget -q 'https://nc.reaxoft.ru/nextcloud/index.php/s/3W48EBrNXf3R3WC/download?path=%2F'$BLITZ_REL'&files=resources.zip' -O ~/tmp/blitz/resources.zip
unzip ~/tmp/blitz/resources.zip -d ~/tmp/blitz
find ~/tmp/blitz -name *.sh -o -name *.bin|xargs chmod +x

Astra Linux Special Edition 1.7#

JDK Installation#

Install the Liberica JDK distribution:

apt install ./bellsoft-jdk8u292+10-linux-amd64.deb

Memcached installation#

Install the distribution:

apt install memcached

Start the service:

systemctl enable memcached && systemctl start memcached

PostgreSQL installation#

Install the distribution:

apt install postgresql-11

Add permission in /etc/postgresql/11/main/pg_hba.conf for the blitz user to connect to the DBMS:

host blitzdb blitz 127.0.0.1/32 scram-sha-256

Specify the password encryption algorithm in /etc/postgresql/11/main/postgresql.conf:

password_encryption = scram-sha-256

Restart the service:

systemctl restart postgresql@11-main

Connect to the DBMS and perform initial configuration

su - postgres
psql
create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;

Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:

psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql

RabbitMQ Installation#

Installation of the RabbitMQ queue server is optional and is required if the queue server will be used to pass events to adjacent systems (see Configuring sending events to the queue server) or as a message broker (see Configuring the use of a queue server as a message broker).

Install the distribution:

apt-get install rabbitmq-server

Start the service:

systemctl enable rabbitmq-server && systemctl start rabbitmq-server

Prepare a queue for interaction:

rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"

389 Directory Server installation#

Install the distribution:

apt-get install 389-ds-base

Enable automatic startup of the service:

systemctl enable dirsrv.target

Initialize the LDAP directory:

dscreate interactive

Perform the initial directory configuration:

/tmp/blitz/ldap/ldap_init.sh

Nginx installation#

Install the distribution:

apt-get install nginx-light

Copy the files for use:

cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/sites-enabled/
cp -R /tmp/blitz/static_errors /usr/share/nginx/html

Installing the Blitz Identity Provider#

Install the distribution (substitute the correct version in the file name):

/tmp/blitz/blitz-5.X.X.bin

In case of using keys created during the installation phase, restart nginx:

systemctl restart nginx

Make changes to /etc/blitz-config/blitz.conf configuration file - specify in the blitz.prod.local.idp.internal-store-jdbc block:

conn_url - server address, database name, user name;
db_name - database name;
enc_params.pswd - password for connecting to the DBMS (the password is specified as plain text and will be automatically encrypted when launching Blitz Identity Provider).

"internal-store-jdbc" : {
    "conn_url" : "jdbc:postgresql://127.0.0.1:5432/blitzdb?user=blitz&password=${pswd}&loggerLevel=DEBUG",
    "db_name" : "blitzdb",
    "enc_params" : {
        "pswd" : "CHANGE_ME"
    },
    "keyAlias" : "jdbc",
    "pool" : {
        "max_idle_conn" : 5,
        "max_total_conn" : 20,
        "max_wait_conn_ms" : 30000,
        "min_idle_conn" : 1
    }
}

Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:

127.0.0.1 localhost.localdomain localhost testinstallation.local

Start the services:

systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery

After successfully completing the installation and configuration of the Blitz Identity Provider, it is possible to connect to the management console using the domain name specified during the installation phase of the distribution, for example, https://testinstallation.local/blitz/console.

Alt 8 SP Server#

JDK Installation#

Install the JDK distribution:

apt-get install java-1.8.0-openjdk-devel

Memcached installation#

Install the distribution:

apt-get install memcached

Start the service:

systemctl enable memcached && systemctl start memcached

PostgreSQL installation#

Install the distribution:

apt-get install postgresql11-server

Initialize the DBMS with the command:

/etc/init.d/postgresql initdb

Add permission in /etc/postgresql/11/main/pg_hba.conf for the blitz user to connect to the DBMS:

host blitzdb blitz 127.0.0.1/32 scram-sha-256

Specify the password encryption algorithm in /etc/postgresql/11/main/postgresql.conf:

password_encryption = scram-sha-256

Start the service:

systemctl enable postgresql && systemctl start postgresql

Connect to the DBMS and perform initial configuration

psql -U postgres

create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;

Return to the shell and execute the scripts for creating and updating the blitzdb database structure:

psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql

RabbitMQ Installation#

Install the distribution:

apt-get install rabbitmq-server

Start the service:

systemctl enable rabbitmq && systemctl start rabbitmq

Prepare a queue for interaction:

rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"

389 Directory Server installation#

Install the distribution:

apt-get install 389-ds-base openldap-clients

Enable automatic startup of the service:

systemctl enable dirsrv.target

Initialize the LDAP directory:

dscreate interactive

Perform the initial directory configuration:

/tmp/blitz/ldap/ldap_init.sh

Nginx installation#

Install the distribution:

apt-get install nginx

Copy the files for use:

mkdir -p /var/www/html
cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/sites-enabled.d/
cp -R /tmp/blitz/static_errors /var/www/html

Add the directive to /etc/nginx/sites-enabled.d/blitz-idp.conf:

location /static_errors {
    root /var/www/html;
}

Enable automatic startup of the service:

systemctl enable nginx

Installing the Blitz Identity Provider#

Install the distribution (substitute the correct version in the file name):

/tmp/blitz/blitz-5.X.X.bin

If using keys created during the installation phase, start nginx:

systemctl start nginx

Make changes to /etc/blitz-config/blitz.conf configuration file - specify in the blitz.prod.local.idp.internal-store-jdbc block:

conn_url - server address, database name, user name;
db_name - database name;
enc_params.pswd - password for connecting to the DBMS (the password is specified as plain text and will be automatically encrypted when launching Blitz Identity Provider).

"internal-store-jdbc" : {
    "conn_url" : "jdbc:postgresql://127.0.0.1:5432/blitzdb?user=blitz&password=${pswd}&loggerLevel=DEBUG",
    "db_name" : "blitzdb",
    "enc_params" : {
        "pswd" : "CHANGE_ME"
    },
    "keyAlias" : "jdbc",
    "pool" : {
        "max_idle_conn" : 5,
        "max_total_conn" : 20,
        "max_wait_conn_ms" : 30000,
        "min_idle_conn" : 1
    }
}

Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:

127.0.0.1 localhost.localdomain localhost testinstallation.local

Start the services:

systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery

Alt Server 10#

JDK Installation#

Install the JDK distribution:

apt-get install java-1.8.0-openjdk-devel

Memcached installation#

Install the distribution:

apt-get install memcached

Start the service:

systemctl enable memcached && systemctl start memcached

PostgreSQL installation#

Install the distribution:

apt-get install postgresql14-server

Initialize the DBMS with the command:

/etc/init.d/postgresql initdb

Start the service:

systemctl enable postgresql && systemctl start postgresql

Connect to the DBMS and perform initial configuration

psql -U postgres

create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;

Return to the shell and execute the scripts for creating and updating the blitzdb database structure:

psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -d blitzdb -U blitz -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql

RabbitMQ Installation#

Install the distribution:

apt-get install rabbitmq-server

Start the service:

systemctl enable rabbitmq && systemctl start rabbitmq

Prepare a queue for interaction:

rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"

389 Directory Server installation#

Install the distribution:

apt-get install 389-ds-base
apt-get install openldap-clients

Enable automatic startup of the service:

systemctl enable dirsrv.target

Initialize the LDAP directory:

dscreate interactive

Perform the initial directory configuration:

/tmp/blitz/ldap/ldap_init.sh

Nginx installation#

Install the distribution:

apt-get install nginx

Create a directory to host error pages:

mkdir -p /var/www/html

Copy the files for use:

cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/sites-enabled.d/
cp -R /tmp/blitz/static_errors /var/www/html

Add the directive to /etc/nginx/sites-enabled.d/blitz-idp.conf:

location /static_errors {
    root /var/www/html;
}

Enable automatic startup of the service:

systemctl enable nginx && systemctl start nginx

Installing the Blitz Identity Provider#

Install the distribution (substitute the correct version in the file name):

/tmp/blitz/blitz-5.X.X.bin

If using keys created during the installation phase, start nginx:

systemctl start nginx

Make changes to /etc/blitz-config/blitz.conf configuration file - specify in the blitz.prod.local.idp.internal-store-jdbc block:

conn_url - server address, database name, user name;
db_name - database name;
enc_params.pswd - password for connecting to the DBMS (the password is specified as plain text and will be automatically encrypted when launching Blitz Identity Provider).

"internal-store-jdbc" : {
    "conn_url" : "jdbc:postgresql://127.0.0.1:5432/blitzdb?user=blitz&password=${pswd}&loggerLevel=DEBUG",
    "db_name" : "blitzdb",
    "enc_params" : {
        "pswd" : "CHANGE_ME"
    },
    "keyAlias" : "jdbc",
    "pool" : {
        "max_idle_conn" : 5,
        "max_total_conn" : 20,
        "max_wait_conn_ms" : 30000,
        "min_idle_conn" : 1
    }
}

Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:

127.0.0.1 localhost.localdomain localhost testinstallation.local

Start the services:

systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery

OSnova 2.5.1#

JDK Installation#

Install the Liberica JDK distribution:

apt install ./bellsoft-jdk8u292+10-linux-amd64.deb

Memcached installation#

Install the distribution:

apt install memcached

Start the service:

systemctl enable memcached && systemctl start memcached

PostgreSQL installation#

Install the distribution:

apt install postgresql-11 postgresql-client-11

Initialize the DBMS with the command:

/etc/init.d/postgresql initdb

Add permission in /etc/postgresql/11/main/pg_hba.conf for the blitz user to connect to the database:

host blitzdb blitz 127.0.0.1/32 scram-sha-256

Specify the password encryption algorithm in /etc/postgresql/11/main/postgresql.conf:

password_encryption = scram-sha-256

Restart the service:

systemctl restart postgresql

Connect to the DBMS and perform initial configuration

su - postgres
psql

create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;

Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:

psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql

RabbitMQ Installation#

Install the distribution:

apt-get install rabbitmq-server

Start the service:

systemctl enable rabbitmq && systemctl start rabbitmq

Prepare a queue for interaction:

rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"

389 Directory Server installation#

Install the distribution:

apt-get install 389-ds-base openldap-clients

Enable automatic startup of the service:

systemctl enable dirsrv.target

Initialize the LDAP directory:

dscreate interactive

Perform the initial directory configuration:

/tmp/blitz/ldap/ldap_init.sh

Nginx installation#

Install the distribution:

apt-get install nginx

Copy the files for use:

mkdir -p /var/www/html
cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/sites-enabled.d/
cp -R /tmp/blitz/static_errors /var/www/html

Add the directive to /etc/nginx/sites-enabled.d/blitz-idp.conf:

location /static_errors {
    root /var/www/html;
}

Enable automatic startup of the service:

systemctl enable nginx

Installing the Blitz Identity Provider#

Install the distribution (substitute the correct version in the file name):

/tmp/blitz/blitz-5.X.X.bin

If using keys created during the installation phase, start nginx:

systemctl start nginx

Make changes to /etc/blitz-config/blitz.conf configuration file - specify in the blitz.prod.local.idp.internal-store-jdbc block:

conn_url - server address, database name, user name;
db_name - database name;
enc_params.pswd - password for connecting to the DBMS (the password is specified as plain text and will be automatically encrypted when launching Blitz Identity Provider).

"internal-store-jdbc" : {
    "conn_url" : "jdbc:postgresql://127.0.0.1:5432/blitzdb?user=blitz&password=${pswd}&loggerLevel=DEBUG",
    "db_name" : "blitzdb",
    "enc_params" : {
        "pswd" : "CHANGE_ME"
    },
    "keyAlias" : "jdbc",
    "pool" : {
        "max_idle_conn" : 5,
        "max_total_conn" : 20,
        "max_wait_conn_ms" : 30000,
        "min_idle_conn" : 1
    }
}

Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:

127.0.0.1 localhost.localdomain localhost testinstallation.local

Start the services:

systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery

Red OS 7.3#

JDK Installation#

Install the distribution:

dnf install java-1.8.0-openjdk-devel

Memcached installation#

Install the distribution:

dnf install memcached

Start the service:

systemctl enable memcached && systemctl start memcached

PostgreSQL installation#

Install the distribution:

dnf install postgresql14-server

Initialize the DBMS with the command:

/usr/bin/postgresql-14-setup initdb

Add permission in /var/lib/pgsql/14/data/pg_hba.conf for the blitz user to connect to the database:

host blitzdb blitz 127.0.0.1/32 scram-sha-256

Specify the password encryption algorithm in /var/lib/pgsql/14/data/postgresql.conf:

password_encryption = scram-sha-256

Start the service:

systemctl enable postgresql-14 && systemctl start postgresql-14

Connect to the DBMS and perform initial configuration

su - postgres
psql

create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;

Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:

psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql

RabbitMQ Installation#

Install the distribution:

dnf install rabbitmq-server

Start the service:

systemctl enable rabbitmq-server && systemctl start rabbitmq-server

Prepare a queue for interaction:

rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"

389 Directory Server installation#

Install the distribution:

dnf install 389-ds-base

Enable automatic startup of the service:

systemctl enable dirsrv.target

Initialize the LDAP directory:

dscreate interactive

Perform the initial directory configuration:

/tmp/blitz/ldap/ldap_init.sh

Nginx installation#

Install the distribution:

dnf install nginx

Copy the files for use:

cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/sites-enabled.d/
cp -R /tmp/blitz/static_errors /usr/share/nginx/html

Enable automatic startup of the service:

systemctl enable nginx

Installing the Blitz Identity Provider#

Install the distribution (substitute the correct version in the file name):

/tmp/blitz/blitz-5.X.X.bin

If using keys created during the installation phase, start nginx:

systemctl start nginx

Make changes to /etc/blitz-config/blitz.conf configuration file - specify in the blitz.prod.local.idp.internal-store-jdbc block:

conn_url - server address, database name, user name;
db_name - database name;
enc_params.pswd - password for connecting to the DBMS (the password is specified as plain text and will be automatically encrypted when launching Blitz Identity Provider).

"internal-store-jdbc" : {
    "conn_url" : "jdbc:postgresql://127.0.0.1:5432/blitzdb?user=blitz&password=${pswd}&loggerLevel=DEBUG",
    "db_name" : "blitzdb",
    "enc_params" : {
        "pswd" : "CHANGE_ME"
    },
    "keyAlias" : "jdbc",
    "pool" : {
        "max_idle_conn" : 5,
        "max_total_conn" : 20,
        "max_wait_conn_ms" : 30000,
        "min_idle_conn" : 1
    }
}

Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:

127.0.0.1 localhost.localdomain localhost testinstallation.local

Start the services:

systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery

Rocky Linux 8#

JDK Installation#

Install the distribution:

dnf install java-1.8.0-openjdk-devel

Memcached installation#

Install the distribution:

dnf install memcached

Start the service:

systemctl enable memcached && systemctl start memcached

PostgreSQL installation#

Install the distribution:

dnf install postgresql

Initialize the DBMS with the command:

postgresql-setup initdb

Add permission in /var/lib/pgsql/data/pg_hba.conf for the blitz user to connect to the database:

host blitzdb blitz 127.0.0.1/32 scram-sha-256

Specify the password encryption algorithm in /var/lib/pgsql/data/postgresql.conf:

password_encryption = scram-sha-256

Start the service:

systemctl enable postgresql && systemctl start postgresql

Connect to the DBMS and perform initial configuration

su - postgres
psql

create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;

Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:

psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql

RabbitMQ Installation#

Prepare a configuration file with repositories for RabbitMQ in /etc/yum.repos.d/rabbitmq.repo:

##
## Zero dependency Erlang
##

[rabbitmq_erlang]
name=rabbitmq_erlang
baseurl=https://packagecloud.io/rabbitmq/erlang/el/8/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/erlang/gpgkey

https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

##
## RabbitMQ server
##

[rabbitmq_server]
name=rabbitmq_server
baseurl=https://packagecloud.io/rabbitmq/rabbitmqserver/el/8/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey

https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Install the distribution:

dnf install rabbitmq-server

Start the service:

systemctl enable rabbitmq-server && systemctl start rabbitmq-server

Prepare a queue for interaction:

rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"

389 Directory Server installation#

Install the distribution:

dnf module enable 389-directory-server:stable
dnf install 389-ds-base

Enable automatic startup of the service:

systemctl enable dirsrv.target

Initialize the LDAP directory:

dscreate interactive

Perform the initial directory configuration:

/tmp/blitz/ldap/ldap_init.sh

Nginx installation#

Install the distribution:

dnf install nginx

Copy the files for use:

cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/conf.d/
cp -R /tmp/blitz/static_errors /usr/share/nginx/html

Enable automatic startup of the service:

systemctl enable nginx

Installing the Blitz Identity Provider#

Install the distribution (substitute the correct version in the file name):

/tmp/blitz/blitz-5.X.X.bin

If using keys created during the installation phase, start nginx:

systemctl start nginx

Make changes to /etc/blitz-config/blitz.conf configuration file - specify in the blitz.prod.local.idp.internal-store-jdbc block:

conn_url - server address, database name, user name;
db_name - database name;
enc_params.pswd - password for connecting to the DBMS (the password is specified as plain text and will be automatically encrypted when launching Blitz Identity Provider).

"internal-store-jdbc" : {
    "conn_url" : "jdbc:postgresql://127.0.0.1:5432/blitzdb?user=blitz&password=${pswd}&loggerLevel=DEBUG",
    "db_name" : "blitzdb",
    "enc_params" : {
        "pswd" : "CHANGE_ME"
    },
    "keyAlias" : "jdbc",
    "pool" : {
        "max_idle_conn" : 5,
        "max_total_conn" : 20,
        "max_wait_conn_ms" : 30000,
        "min_idle_conn" : 1
    }
}

Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:

127.0.0.1 localhost.localdomain localhost testinstallation.local

Start the services:

systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery

Rocky Linux 9#

JDK Installation#

Install the distribution:

dnf install java-1.8.0-openjdk-devel

Memcached installation#

Install the distribution:

dnf install memcached

Start the service:

systemctl enable memcached && systemctl start memcached

PostgreSQL installation#

Install the distribution:

dnf install postgresql-server

Initialize the DBMS with the command:

postgresql-setup –initdb –unit postgresql

Add permission in /var/lib/pgsql/data/pg_hba.conf for the blitz user to connect to the database:

host blitzdb blitz 127.0.0.1/32 scram-sha-256

Specify the password encryption algorithm in /var/lib/pgsql/data/postgresql.conf:

password_encryption = scram-sha-256

Start the service:

systemctl enable postgresql && systemctl start postgresql

Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:

su - postgres
psql

create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;

Execute the scripts for creating and updating the blitzdb database structure:

psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql

RabbitMQ Installation#

Prepare a configuration file with repositories for RabbitMQ in /etc/yum.repos.d/rabbitmq.repo:

##
## Zero dependency Erlang
##

[rabbitmq_erlang]
name=rabbitmq_erlang
baseurl=https://packagecloud.io/rabbitmq/erlang/el/9/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/erlang/gpgkey

https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

##
## RabbitMQ server
##

[rabbitmq_server]
name=rabbitmq_server
baseurl=https://packagecloud.io/rabbitmq/rabbitmqserver/el/9/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey

https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Install the distribution:

dnf install rabbitmq-server

Start the service:

systemctl enable rabbitmq-server && systemctl start rabbitmq-server

Prepare a queue for interaction:

rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"

389 Directory Server installation#

Install the distribution:

dnf install 389-ds-base

Enable automatic startup of the service:

systemctl enable dirsrv.target

Initialize the LDAP directory:

dscreate interactive

Perform the initial directory configuration:

/tmp/blitz/ldap/ldap_init.sh

Nginx installation#

Install the distribution:

dnf install nginx

Copy the files for use:

cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/conf.d/
cp -R /tmp/blitz/static_errors /usr/share/nginx/html

Enable automatic startup of the service:

systemctl enable nginx

Installing the Blitz Identity Provider#

Install the distribution (substitute the correct version in the file name):

/tmp/blitz/blitz-5.X.X.bin

If using keys created during the installation phase, start nginx:

systemctl start nginx

Make changes to /etc/blitz-config/blitz.conf configuration file - specify in the blitz.prod.local.idp.internal-store-jdbc block:

conn_url - server address, database name, user name;
db_name - database name;
enc_params.pswd - password for connecting to the DBMS (the password is specified as plain text and will be automatically encrypted when launching Blitz Identity Provider).

"internal-store-jdbc" : {
    "conn_url" : "jdbc:postgresql://127.0.0.1:5432/blitzdb?user=blitz&password=${pswd}&loggerLevel=DEBUG",
    "db_name" : "blitzdb",
    "enc_params" : {
        "pswd" : "CHANGE_ME"
    },
    "keyAlias" : "jdbc",
    "pool" : {
        "max_idle_conn" : 5,
        "max_total_conn" : 20,
        "max_wait_conn_ms" : 30000,
        "min_idle_conn" : 1
    }
}

Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:

127.0.0.1 localhost.localdomain localhost testinstallation.local

Start the services:

systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery