Rocky Linux, AlmaLinux, Oracle Linux, RHEL#
Important
See limitations of when using express instructions.
The list of operating systems for which the instructions for installation and their designation in this section are given:
Rocky 8: Rocky Linux 8;
Alma 8: AlmaLinux 8;
Oracle 8: Oracle Linux 8;
RHEL 8: RHEL 8;
Rocky 9: Rocky Linux 9;
Alma 9: AlmaLinux 9;
Oracle 9: Oracle Linux 9;
RHEL 9: RHEL 9.
Step 1. JDK#
Install the distribution kit:
dnf install java-11-openjdk-devel
Install the distribution kit:
dnf install java-11-openjdk-devel
Step 2. Memcached#
Install the distribution kit:
dnf install memcached
Start the service:
systemctl enable memcached && systemctl start memcached
Install the distribution kit:
dnf install memcached
Start the service:
systemctl enable memcached && systemctl start memcached
Step 3. PostgreSQL#
Install the distribution kit:
dnf install postgresql
Initialize the DBMS with the command:
postgresql-setup initdb
Add permission in /var/lib/pgsql/data/pg_hba.conf for the blitz user to connect to the database:
host blitzdb blitz 127.0.0.1/32 scram-sha-256
Specify the password encryption algorithm in /var/lib/pgsql/data/postgresql.conf:
password_encryption = scram-sha-256
Start the service:
systemctl enable postgresql && systemctl start postgresql
Connect to the DBMS and perform initial configuration
su - postgres
psql
create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;
Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/018-5.17.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/019-5.18.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/020-5.20.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/021-5.21.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/022-5.23.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/023-5.26.0.sql
Install the distribution kit:
dnf install postgresql-server
Initialize the DBMS with the command:
postgresql-setup –initdb –unit postgresql
Add permission in /var/lib/pgsql/data/pg_hba.conf for the blitz user to connect to the database:
host blitzdb blitz 127.0.0.1/32 scram-sha-256
Specify the password encryption algorithm in /var/lib/pgsql/data/postgresql.conf:
password_encryption = scram-sha-256
Start the service:
systemctl enable postgresql && systemctl start postgresql
Return to the root user shell and execute the scripts for creating and updating the blitzdb database structure:
su - postgres
psql
create database blitzdb;
create user blitz with encrypted password 'CHANGE_ME';
grant ALL PRIVILEGES ON DATABASE blitzdb to blitz;
grant ALL on ALL tables in schema public to blitz;
Execute the scripts for creating and updating the blitzdb database structure:
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/000-service-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/001-init-database.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/002-new_pp_columns.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/003-usd_id_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/004-usr_auth_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/005-usr_agt_table.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/006-usr_htp_hmc_alg.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/007-usr_atr_cfm.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/008-wak.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/009-fix_pp_column.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/010-add_usr_prp.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/011-pp_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/012-geo_to_audit.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/013-tasks.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/014-sec_ch_ua.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/015-5.12.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/016-5.13.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/017-5.15.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/018-5.17.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/019-5.18.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/020-5.20.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/021-5.21.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/022-5.23.0.sql
psql -U blitz -h 127.0.0.1 blitzdb -f ~/tmp/blitz/postgres/ddl/023-5.26.0.sql
Step 4. RabbitMQ#
Prepare a configuration file with repositories for RabbitMQ in /etc/yum.repos.d/rabbitmq.repo:
##
## Zero dependency Erlang
##
[rabbitmq_erlang]
name=rabbitmq_erlang
baseurl=https://packagecloud.io/rabbitmq/erlang/el/8/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/erlang/gpgkey
https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
##
## RabbitMQ server
##
[rabbitmq_server]
name=rabbitmq_server
baseurl=https://packagecloud.io/rabbitmq/rabbitmqserver/el/8/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey
https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
Install the distribution kit:
dnf install rabbitmq-server
Start the service:
systemctl enable rabbitmq-server && systemctl start rabbitmq-server
Prepare a queue for interaction:
rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"
Prepare a configuration file with repositories for RabbitMQ in /etc/yum.repos.d/rabbitmq.repo:
##
## Zero dependency Erlang
##
[rabbitmq_erlang]
name=rabbitmq_erlang
baseurl=https://packagecloud.io/rabbitmq/erlang/el/9/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/erlang/gpgkey
https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
##
## RabbitMQ server
##
[rabbitmq_server]
name=rabbitmq_server
baseurl=https://packagecloud.io/rabbitmq/rabbitmqserver/el/9/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
# PackageCloud's repository key and RabbitMQ package signing key
gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey
https://github.com/rabbitmq/signingkeys/releases/download/2.0/rabbitmq-release-signing-key.asc
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
Install the distribution kit:
dnf install rabbitmq-server
Start the service:
systemctl enable rabbitmq-server && systemctl start rabbitmq-server
Prepare a queue for interaction:
rabbitmqctl add_user blitz CHANGE_ME
rabbitmqctl set_permissions blitz ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
curl -vvk 127.0.0.1:15672/cli/rabbitmqadmin >rabbitmqadmin
chmod +x rabbitmqadmin
./rabbitmqadmin declare exchange name=blitz-tasks-exh type=direct
./rabbitmqadmin declare queue name=blitz-tasks durable=true
./rabbitmqadmin declare binding source="blitz-tasks-exh"
destination_type="queue" destination="blitz-tasks"
routing_key="blitz-tasks"
Step 5. 389 Directory Server#
Install the distribution kit:
dnf module enable 389-directory-server:stable
dnf install 389-ds-base
Enable automatic startup of the service:
systemctl enable dirsrv.target
Initialize the LDAP directory:
dscreate interactive
Perform the initial directory configuration:
/tmp/blitz/ldap/ldap_init.sh
Install the distribution kit:
dnf install 389-ds-base
Enable automatic startup of the service:
systemctl enable dirsrv.target
Initialize the LDAP directory:
dscreate interactive
Perform the initial directory configuration:
/tmp/blitz/ldap/ldap_init.sh
Step 6. Nginx#
Install the distribution kit:
dnf install nginx
Copy the files for use:
cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/conf.d/
cp -R /tmp/blitz/static_errors /usr/share/nginx/html
Enable automatic startup of the service:
systemctl enable nginx
Install the distribution kit:
dnf install nginx
Copy the files for use:
cp /tmp/blitz/nginx/blitz-idp.conf /etc/nginx/conf.d/
cp -R /tmp/blitz/static_errors /usr/share/nginx/html
Enable automatic startup of the service:
systemctl enable nginx
Step 7. Blitz Identity Provider#
Install the distribution kit (specify the correct version in the file name, the correct JAVA_HOME and the set of applications to install):
/tmp/blitz/blitz-5.X.X.bin -- -j <JAVA_HOME> -i "idp console recovery registration"
Create the blitz_param.txt configuration file with the following content and modify it according to your settings:
DOMAIN=testinstallation.local
MEMCACHED_SERVERS="127.0.0.1"
DB_MODE=PG
PG_HOSTNAME=127.0.0.1
PG_DB_NAME=blitzdb
PG_USERNAME=blitz
PG_PASSWORD=12ABcd45
Run Blitz Identity Provider initial setup script with the right path to the blitz_param.txt file:
/usr/share/identityblitz/blitz-console/bin/configure -f blitz_param.txt
The script will prepare the configuration files, generate and display the Blitz Identity Provider administrator login and password, and generate a password for the key container:
****************************************************************
Your instance is configured on domain: test.loc
The Administration Console available on addresses:
http://testinstallation.local:9001/blitz/console
Administration user credentials of Console:
username - admin
password - 98aAB0D3f2
Your can change user credentials at file - /usr/share/identityblitz/blitz-config/credentials
Create keystore /usr/share/identityblitz/blitz-config/blitz-keystore.bks and generate:
- JWS(RSA256) keypair - jws_rs256_rsa_default
- AES(AES128) security key - jdbc
Generated password for keystore: BeEBcd2239
****************************************************************
In case of using keys created during the installation phase, restart nginx:
systemctl restart nginx
Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:
127.0.0.1 localhost.localdomain localhost testinstallation.local
Start the services:
systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery
After successfully completing the installation and configuration of Blitz Identity Provider, it is possible to connect to the admin console using the domain name specified during the installation phase of the distribution kit, for example, https://testinstallation.local/blitz/console.
Install the distribution kit (specify the correct version in the file name, the correct JAVA_HOME and the set of applications to install):
/tmp/blitz/blitz-5.X.X.bin -- -j <JAVA_HOME> -i "idp console recovery registration"
Create the blitz_param.txt configuration file with the following content and modify it according to your settings:
DOMAIN=testinstallation.local
MEMCACHED_SERVERS="127.0.0.1"
DB_MODE=PG
PG_HOSTNAME=127.0.0.1
PG_DB_NAME=blitzdb
PG_USERNAME=blitz
PG_PASSWORD=12ABcd45
Run Blitz Identity Provider initial setup script with the right path to the blitz_param.txt file:
/usr/share/identityblitz/blitz-console/bin/configure -f blitz_param.txt
The script will prepare the configuration files, generate and display the Blitz Identity Provider administrator login and password, and generate a password for the key container:
****************************************************************
Your instance is configured on domain: test.loc
The Administration Console available on addresses:
http://testinstallation.local:9001/blitz/console
Administration user credentials of Console:
username - admin
password - 98aAB0D3f2
Your can change user credentials at file - /usr/share/identityblitz/blitz-config/credentials
Create keystore /usr/share/identityblitz/blitz-config/blitz-keystore.bks and generate:
- JWS(RSA256) keypair - jws_rs256_rsa_default
- AES(AES128) security key - jdbc
Generated password for keystore: BeEBcd2239
****************************************************************
In case of using keys created during the installation phase, restart nginx:
systemctl restart nginx
Add a mapping between the loopback interface address and the domain name specified at installation in /etc/hosts:
127.0.0.1 localhost.localdomain localhost testinstallation.local
Start the services:
systemctl enable blitz-idp && systemctl start blitz-idp
systemctl enable blitz-console && systemctl start blitz-console
systemctl enable blitz-registration && systemctl start blitz-registration
systemctl enable blitz-recovery && systemctl start blitz-recovery
After successfully completing the installation and configuration of Blitz Identity Provider, it is possible to connect to the admin console using the domain name specified during the installation phase of the distribution kit, for example, https://testinstallation.local/blitz/console.