CNC Console-IAM Prerequisites

Following are the Prerequisites:

  • The operator must have mysql deployed and create database to be used by CNC Console-IAM using following command:

1. Login to the MySql Query Node with the username and the password using the command:

mysql -u <username> -p

Example: mysql -u root -p

Note:

The user is prompted to enter the mysql password. Enter the mysql password

2. Enter the command to create the user:

CREATE USER '<username>'@'%' IDENTIFIED BY '<password>';

Example: CREATE USER 'keycloak'@'%' IDENTIFIED BY 'keycloakpasswd';

3. Enter the command to create a database:

create database <dbName>

Example:create database cnccDb

4. Enter the command to grant permissions:

GRANT ALL ON <dbName>.* TO '<dbName>'@'%';

Example: GRANT ALL ON cnccDb.* TO 'keycloak'@'%';

5. Exit from MySql Query Node.

exit

  • The operator must load the database created with keycloak.sql file provided in the cncc-iampackage file.

1. Load the database with tables from keycloak.sql. Ensure keycloak.sql is in /home/admusr/directory of the MySql Query Node.

mysql -u <username> -p <databasename> < keycloak.sql

Example: mysql -u root -p cnccDb < /home/admusr/keycloak.sql

Note:

The user is prompted to enter the mysql password. Enter the mysql password

2. Verify the tables are loaded into the database using command:

use <databasename>;

show tables;

Example:use cnccDb;

show tables;

Note:

It shows a list of 93 tables related to CNCC-IAM.

3. Exit from MySql Query Node.

exit

Example Steps :

#mysql -h 127.0.0.1 -uroot -pNextGenCne

mysql>CREATE USER 'keycloak'@'%' IDENTIFIED BY 'keycloakpasswd';

mysql>create database cnccDb;

mysql>GRANT ALL ON cnccDb.* TO 'keycloak'@'%';

mysql>exit

#mysql -h 127.0.0.1 -uroot -pNextGenCne cnccDb < /home/admusr/keycloak.sql

#mysql -h 127.0.0.1 -uroot -pNextGenCne

mysql>use cnccDb;

mysql> show tables;

Tables_in_cnccDb

| ADMIN_EVENT_ENTITY |

| ASSOCIATED_POLICY |

| AUTHENTICATION_EXECUTION |

| AUTHENTICATION_FLOW |

| AUTHENTICATOR_CONFIG |

| AUTHENTICATOR_CONFIG_ENTRY |

| BROKER_LINK |

| CLIENT |

| CLIENT_ATTRIBUTES |

| CLIENT_AUTH_FLOW_BINDINGS |

| CLIENT_DEFAULT_ROLES |

| CLIENT_INITIAL_ACCESS |

| CLIENT_NODE_REGISTRATIONS |

| CLIENT_SCOPE |

| CLIENT_SCOPE_ATTRIBUTES |

| CLIENT_SCOPE_CLIENT |

| CLIENT_SCOPE_ROLE_MAPPING |

| CLIENT_SESSION |

| CLIENT_SESSION_AUTH_STATUS |

| CLIENT_SESSION_NOTE |

| CLIENT_SESSION_PROT_MAPPER |

| CLIENT_SESSION_ROLE |

| CLIENT_USER_SESSION_NOTE |

| COMPONENT |

| COMPONENT_CONFIG |

| COMPOSITE_ROLE |

| CREDENTIAL |

| DATABASECHANGELOG |

| DATABASECHANGELOGLOCK |

| DEFAULT_CLIENT_SCOPE |

| EVENT_ENTITY |

| FEDERATED_IDENTITY |

| FEDERATED_USER |

| FED_USER_ATTRIBUTE |

| FED_USER_CONSENT |

| FED_USER_CONSENT_CL_SCOPE |

| FED_USER_CREDENTIAL |

| FED_USER_GROUP_MEMBERSHIP |

| FED_USER_REQUIRED_ACTION |

| FED_USER_ROLE_MAPPING |

| GROUP_ATTRIBUTE |

| GROUP_ROLE_MAPPING |

| IDENTITY_PROVIDER |

| IDENTITY_PROVIDER_CONFIG |

| IDENTITY_PROVIDER_MAPPER |

| IDP_MAPPER_CONFIG |

| KEYCLOAK_GROUP |

| KEYCLOAK_ROLE |

| MIGRATION_MODEL |

| OFFLINE_CLIENT_SESSION |

| OFFLINE_USER_SESSION |

| POLICY_CONFIG |

| PROTOCOL_MAPPER |

| PROTOCOL_MAPPER_CONFIG |

| REALM |

| REALM_ATTRIBUTE |

| REALM_DEFAULT_GROUPS |

| REALM_DEFAULT_ROLES |

| REALM_ENABLED_EVENT_TYPES |

| REALM_EVENTS_LISTENERS |

| REALM_REQUIRED_CREDENTIAL |

| REALM_SMTP_CONFIG |

| REALM_SUPPORTED_LOCALES |

| REDIRECT_URIS |

| REQUIRED_ACTION_CONFIG |

| REQUIRED_ACTION_PROVIDER |

| RESOURCE_ATTRIBUTE |

| RESOURCE_POLICY |

| RESOURCE_SCOPE |

| RESOURCE_SERVER |

| RESOURCE_SERVER_PERM_TICKET |

| RESOURCE_SERVER_POLICY |

| RESOURCE_SERVER_RESOURCE |

| RESOURCE_SERVER_SCOPE |

| RESOURCE_URIS |

| ROLE_ATTRIBUTE |

| SCOPE_MAPPING |

| SCOPE_POLICY |

| USERNAME_LOGIN_FAILURE |

| USER_ATTRIBUTE |

| USER_CONSENT |

| USER_CONSENT_CLIENT_SCOPE |

| USER_ENTITY |

| USER_FEDERATION_CONFIG |

| USER_FEDERATION_MAPPER |

| USER_FEDERATION_MAPPER_CONFIG |

| USER_FEDERATION_PROVIDER |

| USER_GROUP_MEMBERSHIP |

| USER_REQUIRED_ACTION |

| USER_ROLE_MAPPING |

| USER_SESSION |

| USER_SESSION_NOTE |

| WEB_ORIGINS |

93 rows in set (0.00sec)

  • The details of the database must be provided in custom-cncc-iam_values_<version>.yaml file. One Kubernetes secret must be created in the same namespace where cncc-iam is deployed using following command:

kubectl create secret generic <secret-name> --from-literal=password=<password> --from-literal=user=<user> --namespace <namespace>

Example: kubectl create secret generic cncc-db-secret --from-literal=password='keycloakpasswd' --from-literal=user='keycloak' --namespace cncc

  • For the default admin of cncc-iam, password is taken as a Kubernetes secret, user name is by default set as "admin" . The operator must create Kubernetes secret in the same namespace where cncc-iam is deployed using below command:

kubectl create secret generic <secret-name> --from-literal=password=<password> --namespace <namespace>

Example: kubectl create secret generic cncc-iam-secret --from-literal=password='password' --namespace cncc

Note:

Secret name and secret's field-names while creating secret should be same as the ones provided in the custom-cncc-iam_values_<version>.yaml file
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents