Express guides for Rocky Linux, AlmaLinux, Oracle Linux, and RHEL#
Warning
The express installation instructions cover a minimal configuration without fault tolerance, placing all components on 1 virtual machine.
Important
The operating system must be updated with current patches before work can be performed.
The instructions are given for the case when the virtual machine is connected to the Internet. The instructions use the name testinstallation.local as the domain name for installation (it should be corrected). In the scripts used for configuration, the string CHANGE_ME is used as the password (it must be corrected). All actions are performed with the privileges of the root user.
The Blitz Identity Provider distribution files must be downloaded and extracted to the ~/tmp/blitz directory before installation on the server (check the correct version in BLITZ_REL):
export BLITZ_REL=5.18.0
mkdir -p ~/tmp/blitz
wget -q 'https://nc.reaxoft.ru/nextcloud/index.php/s/3W48EBrNXf3R3WC/download?path=%2F'$BLITZ_REL'&files=blitz-'$BLITZ_REL.bin -O ~/tmp/blitz/blitz-$BLITZ_REL.bin
wget -q 'https://nc.reaxoft.ru/nextcloud/index.php/s/3W48EBrNXf3R3WC/download?path=%2F'$BLITZ_REL'&files=resources.zip' -O ~/tmp/blitz/resources.zip
unzip ~/tmp/blitz/resources.zip -d ~/tmp/blitz
find ~/tmp/blitz -name *.sh -o -name *.bin|xargs chmod +x
The list of operating systems for which the instructions are given, and their designation sections:
Rocky 8: Rocky Linux 8;
Alma 8: AlmaLinux 8;
Oracle 8: Oracle Linux 8;
RHEL 8: RHEL 8;
Rocky 9: Rocky Linux 9;
Alma 9: AlmaLinux 9;
Oracle 9: Oracle Linux 9;
RHEL 9: RHEL 9.
JDK#
Install the distribution:
dnf install java-1.8.0-openjdk-devel
Install the distribution:
dnf install java-1.8.0-openjdk-devel
Memcached#
Install the distribution:
dnf install memcached
Start the service:
systemctl enable memcached && systemctl start memcached
Install the distribution:
dnf install memcached
Start the service:
systemctl enable memcached && systemctl start memcached
PostgreSQL#
Install the distribution:
dnf install postgresql
Initialize the DBMS with the command:
postgresql-setup initdb
Add permission in /var/lib/pgsql/data/pg_hba.conf for the blitz user to connect to the database:
host blitzdb blitz 127.0.0.1/32 scram-sha-256
Specify the password encryption algorithm in /var/lib/pgsql/data/postgresql.conf:
password_encryption = scram-sha-256
Start the service:
systemctl enable postgresql && systemctl start postgresql
Connect to the DBMS and perform initial configuration
su - postgres
psql
create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;
Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/018-5.17.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/019-5.18.0.sql
Install the distribution:
dnf install postgresql-server
Initialize the DBMS with the command:
postgresql-setup –initdb –unit postgresql
Add permission in /var/lib/pgsql/data/pg_hba.conf for the blitz user to connect to the database:
host blitzdb blitz 127.0.0.1/32 scram-sha-256
Specify the password encryption algorithm in /var/lib/pgsql/data/postgresql.conf:
password_encryption = scram-sha-256
Start the service:
systemctl enable postgresql && systemctl start postgresql
Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:
su - postgres
psql
create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;
Execute the scripts for creating and updating the blitzdb database structure:
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/018-5.17.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/019-5.18.0.sql
RabbitMQ#
Prepare a configuration file with repositories for RabbitMQ in /etc/yum.repos.d/rabbitmq.repo:
##
## Zero dependency Erlang
##
[rabbitmq_erlang]
name=rabbitmq_erlang
baseurl=https://packagecloud.io/rabbitmq/erlang/el/8/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/erlang/gpgkey
https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
##
## RabbitMQ server
##
[rabbitmq_server]
name=rabbitmq_server
baseurl=https://packagecloud.io/rabbitmq/rabbitmqserver/el/8/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey
https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
Install the distribution:
dnf install rabbitmq-server
Start the service:
systemctl enable rabbitmq-server && systemctl start rabbitmq-server
Prepare a queue for interaction:
rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"
Prepare a configuration file with repositories for RabbitMQ in /etc/yum.repos.d/rabbitmq.repo:
##
## Zero dependency Erlang
##
[rabbitmq_erlang]
name=rabbitmq_erlang
baseurl=https://packagecloud.io/rabbitmq/erlang/el/9/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/erlang/gpgkey
https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
##
## RabbitMQ server
##
[rabbitmq_server]
name=rabbitmq_server
baseurl=https://packagecloud.io/rabbitmq/rabbitmqserver/el/9/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey
https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
Install the distribution:
dnf install rabbitmq-server
Start the service:
systemctl enable rabbitmq-server && systemctl start rabbitmq-server
Prepare a queue for interaction:
rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"
389 Directory Server#
Install the distribution:
dnf module enable 389-directory-server:stable
dnf install 389-ds-base
Enable automatic startup of the service:
systemctl enable dirsrv.target
Initialize the LDAP directory:
dscreate interactive
Perform the initial directory configuration:
/tmp/blitz/ldap/ldap_init.sh
Install the distribution:
dnf install 389-ds-base
Enable automatic startup of the service:
systemctl enable dirsrv.target
Initialize the LDAP directory:
dscreate interactive
Perform the initial directory configuration:
/tmp/blitz/ldap/ldap_init.sh
Nginx#
Install the distribution:
dnf install nginx
Copy the files for use:
cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/conf.d/
cp -R /tmp/blitz/static_errors /usr/share/nginx/html
Enable automatic startup of the service:
systemctl enable nginx
Install the distribution:
dnf install nginx
Copy the files for use:
cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/conf.d/
cp -R /tmp/blitz/static_errors /usr/share/nginx/html
Enable automatic startup of the service:
systemctl enable nginx
Blitz Identity Provider services#
Install the distribution package (specify the correct version in the file name and the correct JAVA_HOME and set of applications to install):
/tmp/blitz/blitz-5.X.X.bin -- -j /usr/lib/jvm/java-1.8.0-openjdk -i "idp console recovery registration"
Create the blitz_param.txt configuration file with the following content and modify it according to your settings:
DOMAIN=testinstallation.local
MEMCACHED_SERVERS="127.0.0.1"
DB_MODE=PG
PG_HOSTNAME=127.0.0.1
PG_DB_NAME=blitzdb
PG_USER_NAME=blitz
PG_USER_PASSWORD=12ABcd45
Run the Blitz Identity Provider initial setup script with the right path to the blitz_param.txt file:
/usr/share/identityblitz/blitz-console/bin/configure -f blitz_param.txt
The script will prepare the configuration files, generate and display the Blitz Identity Provider administrator login and password, and generate a password for the key container:
****************************************************************
Your Blitz Identity Provider configured on domain: test.loc
Your Blitz Identity Provider Console available on addresses:
http://testinstallation.local:9001/blitz/console
Administration user credentials of Blitz Console:
username - admin
password - 98aAB0D3f2
Your can change user credentials at file - /usr/share/identityblitz/blitz-config/credentials
Create keystore /usr/share/identityblitz/blitz-config/blitz-keystore.bks and generate:
- JWS(RSA256) keypair - jws_rs256_rsa_default
- AES(AES128) security key - jdbc
Generated password for keystore: BeEBcd2239
****************************************************************
In case of using keys created during the installation phase, restart nginx:
systemctl restart nginx
Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:
127.0.0.1 localhost.localdomain localhost testinstallation.local
Start the services:
systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery
After successfully completing the installation and configuration of the Blitz Identity Provider, it is possible to connect to the management console using the domain name specified during the installation phase of the distribution, for example, https://testinstallation.local/blitz/console.
Install the distribution package (specify the correct version in the file name and the correct JAVA_HOME and set of applications to install):
/tmp/blitz/blitz-5.X.X.bin -- -j /usr/lib/jvm/java-1.8.0-openjdk -i "idp console recovery registration"
Create the blitz_param.txt configuration file with the following content and modify it according to your settings:
DOMAIN=testinstallation.local
MEMCACHED_SERVERS="127.0.0.1"
DB_MODE=PG
PG_HOSTNAME=127.0.0.1
PG_DB_NAME=blitzdb
PG_USER_NAME=blitz
PG_USER_PASSWORD=12ABcd45
Run the Blitz Identity Provider initial setup script with the right path to the blitz_param.txt file:
/usr/share/identityblitz/blitz-console/bin/configure -f blitz_param.txt
The script will prepare the configuration files, generate and display the Blitz Identity Provider administrator login and password, and generate a password for the key container:
****************************************************************
Your Blitz Identity Provider configured on domain: test.loc
Your Blitz Identity Provider Console available on addresses:
http://testinstallation.local:9001/blitz/console
Administration user credentials of Blitz Console:
username - admin
password - 98aAB0D3f2
Your can change user credentials at file - /usr/share/identityblitz/blitz-config/credentials
Create keystore /usr/share/identityblitz/blitz-config/blitz-keystore.bks and generate:
- JWS(RSA256) keypair - jws_rs256_rsa_default
- AES(AES128) security key - jdbc
Generated password for keystore: BeEBcd2239
****************************************************************
In case of using keys created during the installation phase, restart nginx:
systemctl restart nginx
Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:
127.0.0.1 localhost.localdomain localhost testinstallation.local
Start the services:
systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery
After successfully completing the installation and configuration of the Blitz Identity Provider, it is possible to connect to the management console using the domain name specified during the installation phase of the distribution, for example, https://testinstallation.local/blitz/console.