# AI Telemetry on OpenShift Local docs

## About the open source GPL3 license and copyright for this product

Copyright © 2024 Computate Limited Liability Company in Utah, USA

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.

ADDITIONAL TERMS

As stated in section 7. c) and e) of the GPL3 license, 
"you may supplement the terms of this License with terms," 
Computate has added the following additional terms to the license: 

  7 c) Prohibiting misrepresentation of the origin of that material, and
    requiring that modified versions of such material be marked in
    reasonable ways as different from the original version;

  7 e) Declining to grant rights under trademark law for use of some
    trade names, trademarks, or service marks;

Please do not redistribute this course until you have built your own platform with these tools, 
separate from the computate.org platform, and reconfigure your fork of this repo to deploy 
your own platform instead of the computate.org platform. 

QUESTIONS

For questions about this open source license, please contact our public mailing list at computate@group.computate.org


## Configure Dex, Group Sync Operator, and Keycloak

Configure the following environment variables to prepare to configure Dex, Group Sync Operator, and Keycloak. 

For `GITHUB_ORG`, you will need your own GitHub Organization (not `OCP-on-NERC`), where you can create teams, which will become groups in OpenShift Local, thanks to the Group Sync Operator. 
You can use the defaults for the rest of the variables. 

In [1]:
GITHUB_ORG=
CLUSTER_ADMIN_GROUP=smart-aquaculture
AUTH_REALM=SMARTAQUACULTURE
AUTH_CLIENT=smartaquaculture
SITE_NAMESPACE=smartaquaculture

### Create a GitHub OAuth app for OpenShift authentication

Run the command below to show you how to fill out the form for creating a GitHub OAuth app: 

In [None]:
echo "OAuth App registration page: https://github.com/organizations/$GITHUB_ORG/settings/applications/new"
echo "Application name: $AUTH_CLIENT-openshift-local"
echo "Homepage URL: https://console-openshift-console.apps-crc.testing"
echo "Authorization callback URL: https://oauth-openshift.apps-crc.testing/oauth2callback/github"
echo DONE

- Access the OAuth App registration page above. 
- Fill out the form with the values above, then click "Register application". 
- Click `Generate a new client secret`. 

Now create some environment variables with your new GitHub Client ID and Client Secret in the command below, then run the command. 

In [None]:
# The GitHub OAuth App Client ID. 
GITHUB_OPENSHIFT_CLIENT=
# The GitHub OAuth App Client Secret. 
GITHUB_OPENSHIFT_SECRET=
echo DONE

### Create a GitHub OAuth app for Keycloak authentication

Run the command below to show you how to fill out the form for creating a Keycloak identity provider for GitHub: 

In [None]:
echo "OAuth App registration page: https://github.com/organizations/$GITHUB_ORG/settings/applications/new"
echo "Application name: $AUTH_CLIENT-openshift-local-keycloak"
echo "Homepage URL: https://$AUTH_CLIENT.apps-crc.testing"
echo "Authorization callback URL: https://keycloak.apps-crc.testing/realms/$AUTH_REALM/broker/github/endpoint"
echo DONE

- Access the OAuth App registration page above. 
- Fill out the form with the values above, then click "Register application". 
- Click `Generate a new client secret`. 

Now create some environment variables with your new GitHub Client ID and Client Secret in the command below, then run the command. 

In [None]:
# The GitHub OAuth App Client ID. 
GITHUB_KEYCLOAK_CLIENT=
# The GitHub OAuth App Client Secret. 
GITHUB_KEYCLOAK_SECRET=
echo DONE

### Create a GitHub app for OpenShift group sync

Run the command below to show you how to fill out the form for creating a GitHub app for the Group Sync Operator: 

In [None]:
echo "GitHub App registration page: https://github.com/organizations/$GITHUB_ORG/settings/apps"
echo "GitHub App name: openshift-local-group-sync"
echo "Homepage URL: https://$AUTH_CLIENT.apps-crc.testing"
echo DONE

- Access the `GitHub App registration page` above. 
- Access the `New GitHub App`. 
- Fill out the form with the information above. 
- Click `Generate a private key`. The key will be downloaded to your computer. 
- Click `Create GitHub App`. 
- Fill in the `GITHUB_GROUP_SYNC_APP_ID` with the numeric GitHub App Id, and the path to the downloaded `GITHUB_GROUP_SYNC_APP_PRIVATE_KEY` file in the command below, and run the command. 

In [None]:
GITHUB_GROUP_SYNC_APP_ID=
GITHUB_GROUP_SYNC_APP_PRIVATE_KEY=

## Run the configure Keycloak Ansible Playbook

Run the Ansible Playbook below to configure Dex, the Group Sync Operator, and Keycloak for authentication and authorization in AI Telemetry. 

In [None]:
ansible-playbook playbooks/04-configure-keycloak.yaml