Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

keycloak-21 scripts #3916

Open
wants to merge 1 commit into
base: release-8.0.0
Choose a base branch
from
Open

keycloak-21 scripts #3916

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions ansible/roles/keycloak-deploy/templates/keycloak.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# Basic settings for running in production. Change accordingly before deploying the server.

# Database

# The database vendor.
db=postgres

# The username of the database user.
db-username={{keycloak_postgres_user}}

# The password of the database user.
db-password={{keycloak_postgres_password}}

# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
db-url=jdbc:postgresql://{{keycloak_postgres_host}}:5432/{{keycloak_postgres_database}}?sslmode=require

# Observability

# If the server should expose healthcheck endpoints.
#health-enabled=true

# If the server should expose metrics endpoints.
#metrics-enabled=true

# HTTP

# The file path to a server certificate or certificate chain in PEM format.
#https-certificate-file=${kc.home.dir}conf/server.crt.pem

# The file path to a private key in PEM format.
#https-certificate-key-file=${kc.home.dir}conf/server.key.pem

# The proxy address forwarding mode if the server is behind a reverse proxy.
#proxy=reencrypt

# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
#spi-sticky-session-encoder-infinispan-should-attach-route=false

# Hostname for the Keycloak server.
#hostname=http://localhost:8080

#hostname-path=/auth

#http-port=8081
http-relative-path=/auth

# Logs
log=console,file
# default log path
log-file=data/log/keycloak.log
log-level=INFO,com.arjuna:WARN,io.jaegertracing.Configuration:WARN,org.jboss.as.config:DEBUG,sun.rmi:WARN,org.keycloak:INFO
log-console-color=true
# Apart from default pattern, json pattern also available
log-console-output=default
log-file-output=default
log-console-format='%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
log-file-format='%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'

49 changes: 49 additions & 0 deletions deploy/migrate-to-keycloak21.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
#!/bin/bash

set -eu -o pipefail

echo "Get the keycloak.conf template file"
curl -sS https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-7.0.0/ansible/roles/keycloak-deploy/templates/keycloak.conf --output keycloak.conf

echo "Get the current VM IP"
ip="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"

echo "Replace ansible variables with postgres details"
sed -i "s/{{keycloak_postgres_host}}/$PG_HOST/g" keycloak.conf
sed -i "s/{{keycloak_postgres_database}}/${PG_DB}7/g" keycloak.conf
sed -i "s/{{keycloak_postgres_user}}/$PG_USER/g" keycloak.conf
sed -i "s/{{keycloak_postgres_password}}/$PGPASSWORD/g" keycloak.conf
sed -i "s/{{ansible_default_ipv4.address}}/$ip/g" keycloak.conf
sed -i "s/8080/8081/g" keycloak.conf
sed -i "s/\"900\"/\"3600\"/g" keycloak.conf

echo "Get vanilla keycloak package"
wget -q https://github.com/keycloak/keycloak/releases/download/21.1.2/keycloak-21.1.2.tar.gz

echo "Extract keycloak package"
tar -xvzf keycloak-21.1.2.tar.gz

echo "Copy keycloak.conf file to keycloak package"
cp keycloak.conf keycloak-21.1.2/conf/

echo "Backup the existing keycloak db"
pg_dump -Fd -j 4 -h $PG_HOST -U $PG_USER -d $PG_DB -f ${PG_DB}

echo "Create a new db for keycloak 21"
psql -h $PG_HOST -U $PG_USER -p 5432 -d postgres -c "CREATE DATABASE ${PG_DB}21"

echo "Restore the existing keycloak 7 db to the new database"
pg_restore -O -j 4 -h $PG_HOST -U $PG_USER -d ${PG_DB}21 ${PG_DB}

echo "Clear the DB of duplicate values"
psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "delete from public.COMPOSITE_ROLE a using public.COMPOSITE_ROLE b where a=b and a.ctid < b.ctid"
psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "delete from public.REALM_EVENTS_LISTENERS a using public.REALM_EVENTS_LISTENERS b where a=b and a.ctid < b.ctid"
psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "delete from public.REDIRECT_URIS a using public.REDIRECT_URIS b where a=b and a.ctid < b.ctid"
psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "delete from public.WEB_ORIGINS a using public.WEB_ORIGINS b where a=b and a.ctid < b.ctid"
psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "truncate offline_user_session"
psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "truncate offline_client_session"
psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "truncate jgroupsping" || true

echo "Migrate the DB to keycloak 21"
cd keycloak-21.1.2
bin/kc.sh start --spi-connections-jpa-legacy-migration-strategy=update -b=$ip -bprivate=$ip
Loading