diff --git a/keycloak-elabore/README.rst b/keycloak-elabore/README.rst index 7058548..986782e 100644 --- a/keycloak-elabore/README.rst +++ b/keycloak-elabore/README.rst @@ -1,8 +1,8 @@ Description =========== -Using ``keycloak`` version 17.0 - +Using ``keycloak`` version 24.0 +DEV info : https://www.keycloak.org/server/containers Usage ===== @@ -11,6 +11,8 @@ To start with ``keycloak``, just put this service in your ``compose.yml``:: keycloak: + docker-compose: + image: docker.0k.io/keycloak24.0.4-elabore:1.0.0 options: admin-password: CHANGEME relations: diff --git a/keycloak-elabore/build/Dockerfile b/keycloak-elabore/build/Dockerfile index 3c77250..2bb0490 100644 --- a/keycloak-elabore/build/Dockerfile +++ b/keycloak-elabore/build/Dockerfile @@ -1,16 +1,15 @@ -FROM keycloak/keycloak:24.0.4 as builder - -ENV KC_METRICS_ENABLED=true -ENV KC_FEATURES=token-exchange -ENV KC_DB=postgres - -WORKDIR /opt/keycloak -# for demonstration purposes only, please make sure to use proper certificates in production instead -RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore -RUN /opt/keycloak/bin/kc.sh build +#FROM keycloak/keycloak:24.0.4 as builder +# +#ENV KC_METRICS_ENABLED=true +#ENV KC_FEATURES=token-exchange +#ENV KC_DB=postgres +# +#WORKDIR /opt/keycloak +## for demonstration purposes only, please make sure to use proper certificates in production instead +#RUN /opt/keycloak/bin/kc.sh build FROM keycloak/keycloak:24.0.4 -COPY --from=builder /opt/keycloak/ /opt/keycloak/ +#COPY --from=builder /opt/keycloak/ /opt/keycloak/ WORKDIR /opt/keycloak ENV KC_LOG_LEVEL=INFO ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"] diff --git a/keycloak-elabore/hooks/web_proxy-relation-joined b/keycloak-elabore/hooks/web_proxy-relation-joined index 656909a..d1dba28 100755 --- a/keycloak-elabore/hooks/web_proxy-relation-joined +++ b/keycloak-elabore/hooks/web_proxy-relation-joined @@ -1,8 +1,13 @@ #!/bin/bash +. lib/common + DOMAIN=$(relation-get domain) || exit 1 +#IP_HOST=$(hostname -I | awk '{print $1}') set -e +keycloak:generate-key-if-not-exist "$DOMAIN" + config-add "\ services: diff --git a/keycloak-elabore/lib/common b/keycloak-elabore/lib/common new file mode 100644 index 0000000..26a9ce9 --- /dev/null +++ b/keycloak-elabore/lib/common @@ -0,0 +1,46 @@ +# -*- mode: bash -*- + +KEYCLOAK_DIR=/opt/keycloak +DATASTORE_KEYCLOAK_DIR="$SERVICE_DATASTORE$KEYCLOAK_DIR" +HOST_DATASTORE_KEYCLOAK_DIR="$HOST_DATASTORE/$SERVICE_NAME$KEYCLOAK_DIR" + +keycloak:generate-key-if-not-exist() { + local domain="$1" ip_host + + [ -d "$DATASTORE_KEYCLOAK_DIR" ] && return 0 + + ip_host=$(set -o pipefail; getent ahostsv4 "$domain" | head -n 1 | cut -f 1 -d " ") || { + err "Couldn't resolve to ipv4 domain name '$domain'." + return 1 + } + info "Resolved successfully '$domain' to ip '$ip_host'." + debug "DOCKER_BASE_IMAGE: $DOCKER_BASE_IMAGE" + debug "HOST_DATASTORE_KEYCLOAK_DIR:: $HOST_DATASTORE_KEYCLOAK_DIR" + mkdir -p "$DATASTORE_KEYCLOAK_DIR/conf" || return 0 + docker_image_export_dir "$DOCKER_BASE_IMAGE" "/opt/keycloak" "$SERVICE_DATASTORE/opt" || return 1 + uid=$(docker_get_uid "$SERVICE_NAME" "keycloak") || return 1 + chown "$uid" "$DATASTORE_KEYCLOAK_DIR" -R + debug "DATASTORE_KEYCLOAK_DIR_LS:: $(ls $DATASTORE_KEYCLOAK_DIR)" + docker run -w /opt/keycloak \ + -v "$HOST_DATASTORE_KEYCLOAK_DIR":"/opt/keycloak" \ + --entrypoint bash \ + "$DOCKER_BASE_IMAGE" -c " + export KC_METRICS_ENABLED=true + export KC_FEATURES=token-exchange + export KC_DB=postgres + keytool -genkeypair -storepass password \ + -storetype PKCS12 -keyalg RSA \ + -keysize 2048 -dname 'CN=$domain' \ + -alias server -ext 'SAN:c=DNS:$domain,IP:$ip_host' \ + -keystore conf/server.keystore || exit 1 + echo 'Generated key' + /opt/keycloak/bin/kc.sh build + + " || { + + rmdir "$DATASTORE_KEYCLOAK_DIR/conf" 2>/dev/null + rmdir "$DATASTORE_KEYCLOAK_DIR" 2>/dev/null + return 1 + } + +} diff --git a/keycloak-elabore/metadata.yml b/keycloak-elabore/metadata.yml index 9f3ad3f..ee18fcc 100644 --- a/keycloak-elabore/metadata.yml +++ b/keycloak-elabore/metadata.yml @@ -1,6 +1,6 @@ data-resources: - - /opt/keycloak/themes + - /opt/keycloak default-options: @@ -8,7 +8,7 @@ uses: web-proxy: #constraint: required | recommended | optional #auto: pair | summon | none ## default: pair - constraint: recommended + constraint: required auto: pair solves: proxy: "Public access"