diff --git a/Dockerfile b/Dockerfile index 85d6784..028b05c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,68 +1,62 @@ # ------------------------------------------------------------------------------------ -# Keycloak image built for aarch64 and also adds a custom provider for resolving -# themes that fallsback to the default openremote theme rather than just breaking. -# See this issue for aarch64 support: -# -# https://github.com/keycloak/keycloak-containers/issues/341 +# Keycloak image built for postgresql support with theme handling customisation +# to always fallback to standard openremote theme. # ------------------------------------------------------------------------------------ -FROM registry.access.redhat.com/ubi8/openjdk-11-runtime +ARG VERSION=18.0.2 +FROM quay.io/keycloak/keycloak:${VERSION} as builder MAINTAINER support@openremote.io # Add git commit label must be specified at build time using --build-arg GIT_COMMIT=dadadadadad ARG GIT_COMMIT=unknown LABEL git-commit=$GIT_COMMIT -ENV KEYCLOAK_VERSION 16.1.1 -ENV JDBC_POSTGRES_VERSION 42.2.5 -ENV JDBC_MYSQL_VERSION 8.0.22 -ENV JDBC_MARIADB_VERSION 2.5.4 -ENV JDBC_MSSQL_VERSION 8.2.2.jre11 +# Configure build options +ENV KC_HEALTH_ENABLED=true +ENV KC_METRICS_ENABLED=true +ENV KC_FEATURES=token-exchange +ENV KC_DB=postgres +ENV KC_HTTP_RELATIVE_PATH=/auth -ENV LAUNCH_JBOSS_IN_BACKGROUND 1 -ENV JBOSS_HOME /opt/jboss/keycloak -ENV LANG en_US.UTF-8 +# Install openremote theme +ADD build/image/openremote-theme.jar /opt/keycloak/providers -ENV DB_VENDOR ${DB_VENDOR:-postgres} -ENV DB_ADDR ${DB_ADDR:-postgresql} -ENV DB_PORT ${DB_PORT:-5432} -ENV DB_DATABASE ${DB_DATABASE:-openremote} -ENV DB_USER ${DB_USER:-postgres} -ENV DB_PASSWORD ${DB_PASSWORD:-postgres} -ENV DB_SCHEMA ${DB_SCHEMA:-public} -ENV KEYCLOAK_USER ${KEYCLOAK_USER:-admin} -ENV KEYCLOAK_PASSWORD ${SETUP_ADMIN_PASSWORD:-secret} -ENV PROXY_ADDRESS_FORWARDING ${PROXY_ADDRESS_FORWARDING:-true} -ENV HTTP_ENABLED ${HTTP_ENABLED:-true} -ENV HTTPS_ENABLED ${HTTPS_ENABLED:-false} -ENV KEYCLOAK_FRONTEND_URL ${KEYCLOAK_FRONTEND_URL:-} -ENV TZ ${TZ:-Europe/Amsterdam} +# Install keycloak metrics provider +RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar -ARG GIT_REPO -ARG GIT_BRANCH -ARG KEYCLOAK_DIST=https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz +# Build custom image and copy into this new image +RUN /opt/keycloak/bin/kc.sh build +FROM quay.io/keycloak/keycloak:${VERSION} +COPY --from=builder /opt/keycloak/ /opt/keycloak/ -USER root - -RUN chown jboss:jboss /home/jboss -RUN microdnf update -y && microdnf install -y glibc-langpack-en gzip hostname openssl tar which && microdnf clean all - -ADD tools /opt/jboss/tools -RUN chmod -R +x /opt/jboss/tools -RUN /opt/jboss/tools/build-keycloak.sh - -RUN mkdir -p /opt/jboss/keycloak/providers +# Create standard deployment path and symlink themes (cannot --spi-theme-dir=/deployment/keycloak/themes) +USER 0 +RUN rm -r /opt/keycloak/themes RUN mkdir -p /deployment/keycloak/themes -ADD themes /opt/jboss/keycloak/themes -ADD module.xml /opt/jboss/keycloak/providers -ADD build/image/openremote-keycloak.jar /opt/jboss/keycloak/providers +RUN ln -s /deployment/keycloak/themes /opt/keycloak +USER 1000 -HEALTHCHECK --interval=3s --timeout=3s --start-period=30s --retries=120 CMD curl --fail --silent http://localhost:8080/auth || exit 1 +WORKDIR /opt/keycloak + +# Configure runtime options +ENV TZ=Europe/Amsterdam +ENV KC_DB_URL_HOST=postgresql +ENV KC_DB_URL_PORT=5432 +ENV KC_DB_URL_DATABASE=openremote +ENV KC_DB_SCHEMA=public +ENV KC_DB_USERNAME=postgres +ENV KC_DB_PASSWORD=postgres +ENV KC_HOSTNAME=localhost +ENV KC_PROXY=edge +ENV KEYCLOAK_ADMIN=admin +ENV KEYCLOAK_ADMIN_PASSWORD=secret +ENV KC_LOG_LEVEL=info +ENV KEYCLOAK_DEFAULT_THEME=openremote +ENV KEYCLOAK_ACCOUNT_THEME=openremote +ENV KEYCLOAK_WELCOME_THEME=keycloak +ENV KEYCLOAK_START_COMMAND=start -USER 1000 +HEALTHCHECK --interval=3s --timeout=3s --start-period=30s --retries=120 CMD curl --fail --silent http://localhost:8080/auth || exit 1 EXPOSE 8080 -EXPOSE 8443 - -ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ] -CMD ["-b", "0.0.0.0"] +ENTRYPOINT /opt/keycloak/bin/kc.sh ${KEYCLOAK_START_COMMAND:-start} --spi-theme-default=${KEYCLOAK_DEFAULT_THEME:-openremote} --spi-theme-account-theme=${KEYCLOAK_ACCOUNT_THEME:-openremote} --spi-theme-welcome-theme=${KEYCLOAK_WELCOME_THEME:-keycloak} ${KEYCLOAK_START_OPTS:-} diff --git a/README.md b/README.md index 1eac7e5..2c95d7a 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,19 @@ -# keycloak +# Keycloak [![Docker Image](https://github.com/openremote/keycloak/actions/workflows/keycloak.yml/badge.svg)](https://github.com/openremote/keycloak/actions/workflows/keycloak.yml) -Keycloak docker image with openremote theme and env variables that supports `amd64` and `arm64`. +Keycloak docker image built for `postgres` with openremote theme embedded and set as default and also sets the request path to `/auth` (like older versions of Keycloak to simplify usage behind a reverse proxy). -This image doesn't use the `jboss/keycloak` image as a base as at the time of writing this it doesn't support `arm64`, a feature request has been created on the `keycloak` issue tracker: +## Working on the OpenRemote theme +The openremote theme template files are located in `src/main/resources/theme/openremote`; to work on the OpenRemote theme use: -https://issues.redhat.com/browse/KEYCLOAK-17359 +```shell +docker run --rm -p 8081:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=secret -e KEYCLOAK_DEFAULT_THEME=dev -e KC_HOSTNAME_PORT=8081 -e KEYCLOAK_START_COMMAND=start-dev -e KEYCLOAK_START_OPTS="--spi-theme-static-max-age=-1 --spi-theme-cache-themes=false --spi-theme-cache-templates=false" --mount type=bind,src=$PWD/src/main/resources/theme/openremote,dst=/deployment/keycloak/themes/dev openremote/keycloak:latest +``` +Then access http://localhost:8081/ and any changes made to the template files can be reloaded in realtime by just refreshing the window. +To get the standard themes for reference use the following (replace `${VERSION}` with actual keycloak version used): +```shell +docker cp ID:/opt/keycloak/lib/lib/main/org.keycloak.keycloak-themes-${VERSION}.jar ./ +``` diff --git a/build.gradle b/build.gradle index 4355a52..75bca9d 100644 --- a/build.gradle +++ b/build.gradle @@ -1,19 +1,8 @@ apply plugin: "java" version = "" -repositories { - mavenCentral() -} - -dependencies { - compile "org.keycloak:keycloak-core:12.0.1" - compile "org.keycloak:keycloak-services:12.0.1" - compile "org.keycloak:keycloak-server-spi:12.0.1" - compile "org.keycloak:keycloak-server-spi-private:12.0.1" -} - jar { - archivesBaseName = "openremote-${project.name}" + archivesBaseName = "openremote-theme" } task installDist(type: Copy) { diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index e708b1c..457aad0 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 442d913..84d1f85 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.1-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 4f906e0..af6708f 100644 --- a/gradlew +++ b/gradlew @@ -1,21 +1,5 @@ #!/usr/bin/env sh -# -# Copyright 2015 the original author or authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ############################################################################## ## ## Gradle start up script for UN*X @@ -44,7 +28,7 @@ APP_NAME="Gradle" APP_BASE_NAME=`basename "$0"` # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' +DEFAULT_JVM_OPTS='"-Xmx64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD="maximum" @@ -82,7 +66,6 @@ esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar - # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then @@ -126,11 +109,10 @@ if $darwin; then GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" fi -# For Cygwin or MSYS, switch paths to Windows format before running java -if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then APP_HOME=`cygpath --path --mixed "$APP_HOME"` CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - JAVACMD=`cygpath --unix "$JAVACMD"` # We build the pattern for arguments to be converted via cygpath @@ -156,19 +138,19 @@ if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then else eval `echo args$i`="\"$arg\"" fi - i=`expr $i + 1` + i=$((i+1)) done case $i in - 0) set -- ;; - 1) set -- "$args0" ;; - 2) set -- "$args0" "$args1" ;; - 3) set -- "$args0" "$args1" "$args2" ;; - 4) set -- "$args0" "$args1" "$args2" "$args3" ;; - 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; esac fi @@ -177,9 +159,14 @@ save () { for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done echo " " } -APP_ARGS=`save "$@"` +APP_ARGS=$(save "$@") # Collect all arguments for the java command, following the shell quoting and substitution rules eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" +# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong +if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then + cd "$(dirname "$0")" +fi + exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat index 107acd3..6d57edc 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -1,19 +1,3 @@ -@rem -@rem Copyright 2015 the original author or authors. -@rem -@rem Licensed under the Apache License, Version 2.0 (the "License"); -@rem you may not use this file except in compliance with the License. -@rem You may obtain a copy of the License at -@rem -@rem https://www.apache.org/licenses/LICENSE-2.0 -@rem -@rem Unless required by applicable law or agreed to in writing, software -@rem distributed under the License is distributed on an "AS IS" BASIS, -@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -@rem See the License for the specific language governing permissions and -@rem limitations under the License. -@rem - @if "%DEBUG%" == "" @echo off @rem ########################################################################## @rem @@ -29,18 +13,15 @@ if "%DIRNAME%" == "" set DIRNAME=. set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% -@rem Resolve any "." and ".." in APP_HOME to make it shorter. -for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi - @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" +set DEFAULT_JVM_OPTS="-Xmx64m" @rem Find java.exe if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto execute +if "%ERRORLEVEL%" == "0" goto init echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -54,7 +35,7 @@ goto fail set JAVA_HOME=%JAVA_HOME:"=% set JAVA_EXE=%JAVA_HOME%/bin/java.exe -if exist "%JAVA_EXE%" goto execute +if exist "%JAVA_EXE%" goto init echo. echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% @@ -64,14 +45,28 @@ echo location of your Java installation. goto fail +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + :execute @rem Setup the command line set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar - @rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% :end @rem End local scope for the variables with windows NT shell diff --git a/module.xml b/module.xml deleted file mode 100644 index 7107dfa..0000000 --- a/module.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/scripts/disable-theme-cache.cli b/scripts/disable-theme-cache.cli deleted file mode 100644 index fde02b1..0000000 --- a/scripts/disable-theme-cache.cli +++ /dev/null @@ -1,5 +0,0 @@ -embed-server --std-out=echo --server-config=standalone-ha.xml -/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false) -/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false) -/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1) -stop-embedded-server diff --git a/src/main/java/org/openremote/keycloak/theme/CustomThemeProvider.java b/src/main/java/org/openremote/keycloak/theme/CustomThemeProvider.java deleted file mode 100644 index bd39322..0000000 --- a/src/main/java/org/openremote/keycloak/theme/CustomThemeProvider.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright 2021, OpenRemote Inc. - * - * See the CONTRIBUTORS.txt file in the distribution for a - * full listing of individual contributors. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package org.openremote.keycloak.theme; - -import org.keycloak.theme.FolderThemeProvider; -import org.keycloak.theme.Theme; - -import java.io.File; -import java.io.IOException; - -/** - * This theme provider will fallback to the openremote theme in the fallback dir if the custom theme cannot be found - */ -public class CustomThemeProvider extends FolderThemeProvider { - - FolderThemeProvider fallbackProvider = null; - - public CustomThemeProvider(File themesDir) { - super(themesDir); - } - - @Override - public int getProviderPriority() { - return super.getProviderPriority() - 10; - } - - @Override - public Theme getTheme(String name, Theme.Type type) throws IOException { - if (!super.hasTheme(name, type) && fallbackProvider != null) { - return fallbackProvider.getTheme("openremote", type); - } - - return super.getTheme(name, type); - } - - @Override - public boolean hasTheme(String name, Theme.Type type) { - if (!super.hasTheme(name, type) && fallbackProvider != null) { - return fallbackProvider.hasTheme("openremote", type); - } - - return true; - } -} diff --git a/src/main/java/org/openremote/keycloak/theme/CustomThemeProviderFactory.java b/src/main/java/org/openremote/keycloak/theme/CustomThemeProviderFactory.java deleted file mode 100644 index 29dcb02..0000000 --- a/src/main/java/org/openremote/keycloak/theme/CustomThemeProviderFactory.java +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright 2021, OpenRemote Inc. - * - * See the CONTRIBUTORS.txt file in the distribution for a - * full listing of individual contributors. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package org.openremote.keycloak.theme; - -import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.theme.FolderThemeProvider; -import org.keycloak.theme.ThemeProvider; -import org.keycloak.theme.ThemeProviderFactory; - -import java.io.File; - -/** - * A theme provider to load custom themes from the deployment directory, the openremote theme is baked - * into the standard theme directory. - */ -public class CustomThemeProviderFactory implements ThemeProviderFactory { - - protected CustomThemeProvider themeProvider; - - @Override - public ThemeProvider create(KeycloakSession session) { - if (themeProvider.fallbackProvider == null) { - themeProvider.fallbackProvider = (FolderThemeProvider) session.getProvider(ThemeProvider.class, "folder"); - } - return themeProvider; - } - - @Override - public void init(Config.Scope config) { - File rootDir = new File("/deployment/keycloak/themes"); - themeProvider = new CustomThemeProvider(rootDir); - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - - @Override - public String getId() { - return "openremote-custom-folder"; - } -} diff --git a/src/main/resources/META-INF/keycloak-themes.json b/src/main/resources/META-INF/keycloak-themes.json new file mode 100644 index 0000000..3d4887b --- /dev/null +++ b/src/main/resources/META-INF/keycloak-themes.json @@ -0,0 +1,6 @@ +{ + "themes": [{ + "name" : "openremote", + "types": [ "login", "email", "account" ] + }] +} diff --git a/src/main/resources/META-INF/services/org.keycloak.theme.ThemeProviderFactory b/src/main/resources/META-INF/services/org.keycloak.theme.ThemeProviderFactory deleted file mode 100644 index 52f404d..0000000 --- a/src/main/resources/META-INF/services/org.keycloak.theme.ThemeProviderFactory +++ /dev/null @@ -1 +0,0 @@ -org.openremote.keycloak.theme.CustomThemeProviderFactory diff --git a/themes/openremote/account/account.ftl b/src/main/resources/theme/openremote/account/account.ftl similarity index 100% rename from themes/openremote/account/account.ftl rename to src/main/resources/theme/openremote/account/account.ftl diff --git a/themes/openremote/account/applications.ftl b/src/main/resources/theme/openremote/account/applications.ftl similarity index 100% rename from themes/openremote/account/applications.ftl rename to src/main/resources/theme/openremote/account/applications.ftl diff --git a/themes/openremote/account/federatedIdentity.ftl b/src/main/resources/theme/openremote/account/federatedIdentity.ftl similarity index 100% rename from themes/openremote/account/federatedIdentity.ftl rename to src/main/resources/theme/openremote/account/federatedIdentity.ftl diff --git a/themes/openremote/account/log.ftl b/src/main/resources/theme/openremote/account/log.ftl similarity index 100% rename from themes/openremote/account/log.ftl rename to src/main/resources/theme/openremote/account/log.ftl diff --git a/themes/openremote/account/password.ftl b/src/main/resources/theme/openremote/account/password.ftl similarity index 100% rename from themes/openremote/account/password.ftl rename to src/main/resources/theme/openremote/account/password.ftl diff --git a/themes/openremote/account/resources/css/MaterialIcons-Regular.eot b/src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.eot similarity index 100% rename from themes/openremote/account/resources/css/MaterialIcons-Regular.eot rename to src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.eot diff --git a/themes/openremote/account/resources/css/MaterialIcons-Regular.ijmap b/src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.ijmap similarity index 100% rename from themes/openremote/account/resources/css/MaterialIcons-Regular.ijmap rename to src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.ijmap diff --git a/themes/openremote/account/resources/css/MaterialIcons-Regular.svg b/src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.svg similarity index 100% rename from themes/openremote/account/resources/css/MaterialIcons-Regular.svg rename to src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.svg diff --git a/themes/openremote/account/resources/css/MaterialIcons-Regular.ttf b/src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.ttf similarity index 100% rename from themes/openremote/account/resources/css/MaterialIcons-Regular.ttf rename to src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.ttf diff --git a/themes/openremote/account/resources/css/MaterialIcons-Regular.woff b/src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.woff similarity index 100% rename from themes/openremote/account/resources/css/MaterialIcons-Regular.woff rename to src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.woff diff --git a/themes/openremote/account/resources/css/MaterialIcons-Regular.woff2 b/src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.woff2 similarity index 100% rename from themes/openremote/account/resources/css/MaterialIcons-Regular.woff2 rename to src/main/resources/theme/openremote/account/resources/css/MaterialIcons-Regular.woff2 diff --git a/themes/openremote/account/resources/css/materialize.min.css b/src/main/resources/theme/openremote/account/resources/css/materialize.min.css similarity index 100% rename from themes/openremote/account/resources/css/materialize.min.css rename to src/main/resources/theme/openremote/account/resources/css/materialize.min.css diff --git a/themes/openremote/account/resources/css/styles.css b/src/main/resources/theme/openremote/account/resources/css/styles.css similarity index 100% rename from themes/openremote/account/resources/css/styles.css rename to src/main/resources/theme/openremote/account/resources/css/styles.css diff --git a/themes/openremote/account/resources/img/favicon.png b/src/main/resources/theme/openremote/account/resources/img/favicon.png similarity index 100% rename from themes/openremote/account/resources/img/favicon.png rename to src/main/resources/theme/openremote/account/resources/img/favicon.png diff --git a/themes/openremote/account/resources/js/materialize.min.js b/src/main/resources/theme/openremote/account/resources/js/materialize.min.js similarity index 100% rename from themes/openremote/account/resources/js/materialize.min.js rename to src/main/resources/theme/openremote/account/resources/js/materialize.min.js diff --git a/themes/openremote/account/sessions.ftl b/src/main/resources/theme/openremote/account/sessions.ftl similarity index 100% rename from themes/openremote/account/sessions.ftl rename to src/main/resources/theme/openremote/account/sessions.ftl diff --git a/themes/openremote/account/template.ftl b/src/main/resources/theme/openremote/account/template.ftl similarity index 100% rename from themes/openremote/account/template.ftl rename to src/main/resources/theme/openremote/account/template.ftl diff --git a/themes/openremote/account/theme.properties b/src/main/resources/theme/openremote/account/theme.properties similarity index 100% rename from themes/openremote/account/theme.properties rename to src/main/resources/theme/openremote/account/theme.properties diff --git a/themes/openremote/account/totp.ftl b/src/main/resources/theme/openremote/account/totp.ftl similarity index 100% rename from themes/openremote/account/totp.ftl rename to src/main/resources/theme/openremote/account/totp.ftl diff --git a/themes/openremote/email/html/password-reset.ftl b/src/main/resources/theme/openremote/email/html/password-reset.ftl similarity index 100% rename from themes/openremote/email/html/password-reset.ftl rename to src/main/resources/theme/openremote/email/html/password-reset.ftl diff --git a/themes/openremote/email/theme.properties b/src/main/resources/theme/openremote/email/theme.properties similarity index 100% rename from themes/openremote/email/theme.properties rename to src/main/resources/theme/openremote/email/theme.properties diff --git a/themes/openremote/login/error.ftl b/src/main/resources/theme/openremote/login/error.ftl similarity index 100% rename from themes/openremote/login/error.ftl rename to src/main/resources/theme/openremote/login/error.ftl diff --git a/themes/openremote/login/login-reset-password.ftl b/src/main/resources/theme/openremote/login/login-reset-password.ftl similarity index 57% rename from themes/openremote/login/login-reset-password.ftl rename to src/main/resources/theme/openremote/login/login-reset-password.ftl index 01b1c97..fcb1581 100644 --- a/themes/openremote/login/login-reset-password.ftl +++ b/src/main/resources/theme/openremote/login/login-reset-password.ftl @@ -9,29 +9,27 @@
<#if auth?has_content && auth.showUsername()> - + <#else> - + + <#if messagesPerField.existsError('username')> - - ${kcSanitize(messagesPerField.get('username'))?no_esc} - + - -
+
+
+ +
-
- -
- -
-

${msg("backToLogin")}

+
+

${msg("backToLogin")}

+
<#elseif section = "info" > diff --git a/src/main/resources/theme/openremote/login/login-update-password.ftl b/src/main/resources/theme/openremote/login/login-update-password.ftl new file mode 100644 index 0000000..7c1ceec --- /dev/null +++ b/src/main/resources/theme/openremote/login/login-update-password.ftl @@ -0,0 +1,72 @@ +<#import "template.ftl" as layout> +<@layout.registrationLayout displayMessage=!messagesPerField.existsError('password','password-confirm'); section> + <#if section = "header"> + ${msg("updatePasswordTitle")} + <#elseif section = "form"> +
+
+ + + +
+ + + <#if messagesPerField.existsError('password-confirm','password-confirm')> + + +
+ +
+ + + <#if messagesPerField.existsError('password-confirm','password-confirm')> + + +
+
+ +
+
+
+
+ <#if isAppInitiatedAction??> +
+ +
+ +
+
+ +
+ <#if isAppInitiatedAction??> + + + + + + <#else> + + +
+
+
+
+ + diff --git a/themes/openremote/login/login.ftl b/src/main/resources/theme/openremote/login/login.ftl similarity index 76% rename from themes/openremote/login/login.ftl rename to src/main/resources/theme/openremote/login/login.ftl index 6eb060d..7a47532 100644 --- a/themes/openremote/login/login.ftl +++ b/src/main/resources/theme/openremote/login/login.ftl @@ -3,7 +3,7 @@ <#if section = "title"> ${msg("loginTitle",(realm.displayName!''))} <#elseif section = "header"> - ${msg("loginTitleHtml",(realm.displayNameHtml!''))} + ${kcSanitize(msg("loginTitleHtml",(realm.displayNameHtml!'')))?no_esc} <#elseif section = "form"> <#if realm.password>
@@ -18,18 +18,33 @@ <#else> + <#if messagesPerField.existsError('username','password')> + +
- + + <#if messagesPerField.existsError('username','password')> + +
<#if realm.rememberMe && !usernameEditDisabled??> diff --git a/themes/openremote/login/messages/messages_en.properties b/src/main/resources/theme/openremote/login/messages/messages_en.properties similarity index 100% rename from themes/openremote/login/messages/messages_en.properties rename to src/main/resources/theme/openremote/login/messages/messages_en.properties diff --git a/themes/openremote/login/register.ftl b/src/main/resources/theme/openremote/login/register.ftl similarity index 100% rename from themes/openremote/login/register.ftl rename to src/main/resources/theme/openremote/login/register.ftl diff --git a/themes/openremote/login/resources/css/MaterialIcons-Regular.eot b/src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.eot similarity index 100% rename from themes/openremote/login/resources/css/MaterialIcons-Regular.eot rename to src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.eot diff --git a/themes/openremote/login/resources/css/MaterialIcons-Regular.ijmap b/src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.ijmap similarity index 100% rename from themes/openremote/login/resources/css/MaterialIcons-Regular.ijmap rename to src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.ijmap diff --git a/themes/openremote/login/resources/css/MaterialIcons-Regular.svg b/src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.svg similarity index 100% rename from themes/openremote/login/resources/css/MaterialIcons-Regular.svg rename to src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.svg diff --git a/themes/openremote/login/resources/css/MaterialIcons-Regular.ttf b/src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.ttf similarity index 100% rename from themes/openremote/login/resources/css/MaterialIcons-Regular.ttf rename to src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.ttf diff --git a/themes/openremote/login/resources/css/MaterialIcons-Regular.woff b/src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.woff similarity index 100% rename from themes/openremote/login/resources/css/MaterialIcons-Regular.woff rename to src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.woff diff --git a/themes/openremote/login/resources/css/MaterialIcons-Regular.woff2 b/src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.woff2 similarity index 100% rename from themes/openremote/login/resources/css/MaterialIcons-Regular.woff2 rename to src/main/resources/theme/openremote/login/resources/css/MaterialIcons-Regular.woff2 diff --git a/themes/openremote/login/resources/css/materialize.min.css b/src/main/resources/theme/openremote/login/resources/css/materialize.min.css similarity index 100% rename from themes/openremote/login/resources/css/materialize.min.css rename to src/main/resources/theme/openremote/login/resources/css/materialize.min.css diff --git a/themes/openremote/login/resources/css/styles.css b/src/main/resources/theme/openremote/login/resources/css/styles.css similarity index 100% rename from themes/openremote/login/resources/css/styles.css rename to src/main/resources/theme/openremote/login/resources/css/styles.css diff --git a/themes/openremote/login/resources/img/favicon.png b/src/main/resources/theme/openremote/login/resources/img/favicon.png similarity index 100% rename from themes/openremote/login/resources/img/favicon.png rename to src/main/resources/theme/openremote/login/resources/img/favicon.png diff --git a/themes/openremote/login/resources/js/materialize.min.js b/src/main/resources/theme/openremote/login/resources/js/materialize.min.js similarity index 100% rename from themes/openremote/login/resources/js/materialize.min.js rename to src/main/resources/theme/openremote/login/resources/js/materialize.min.js diff --git a/themes/openremote/login/template.ftl b/src/main/resources/theme/openremote/login/template.ftl similarity index 90% rename from themes/openremote/login/template.ftl rename to src/main/resources/theme/openremote/login/template.ftl index 3b76c06..5bd2e06 100644 --- a/themes/openremote/login/template.ftl +++ b/src/main/resources/theme/openremote/login/template.ftl @@ -1,9 +1,8 @@ -<#macro registrationLayout displayInfo=false displayMessage=true> +<#macro registrationLayout bodyClass="" displayInfo=false displayMessage=true displayRequiredFields=false> - + - ${msg("applicationName")} - + @@ -13,11 +12,11 @@ - + ${msg("applicationName")} - + @@ -48,7 +47,7 @@ - <#if realm.internationalizationEnabled> + <#if realm.internationalizationEnabled && locale.supported?size gt 1>
${locale.current} @@ -61,7 +60,7 @@
- <#if displayMessage && message?has_content> + <#if displayMessage && message?has_content && (message.type != 'warning' || !isAppInitiatedAction??)>
<#if message.type=='success' >check_circle
- diff --git a/themes/openremote/login/theme.properties b/src/main/resources/theme/openremote/login/theme.properties similarity index 100% rename from themes/openremote/login/theme.properties rename to src/main/resources/theme/openremote/login/theme.properties diff --git a/themes/openremote/login/login-update-password.ftl b/themes/openremote/login/login-update-password.ftl deleted file mode 100644 index 382feab..0000000 --- a/themes/openremote/login/login-update-password.ftl +++ /dev/null @@ -1,75 +0,0 @@ -<#import "template.ftl" as layout> -<@layout.registrationLayout displayMessage=!messagesPerField.existsError('password','password-confirm'); section> - <#if section = "header"> - ${msg("updatePasswordTitle")} - <#elseif section = "form"> - - - - -
-
- -
-
- - - <#if messagesPerField.existsError('password')> - - ${kcSanitize(messagesPerField.get('password'))?no_esc} - - -
-
- -
-
- -
-
- - - <#if messagesPerField.existsError('password-confirm')> - - ${kcSanitize(messagesPerField.get('password-confirm'))?no_esc} - - - -
-
- -
-
-
- <#if isAppInitiatedAction??> -
- -
- -
-
- -
- <#if isAppInitiatedAction??> - - - <#else> - - -
-
- - - \ No newline at end of file diff --git a/tools/autorun.sh b/tools/autorun.sh deleted file mode 100644 index c3282b1..0000000 --- a/tools/autorun.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -e -cd /opt/jboss/keycloak - -ENTRYPOINT_DIR=/opt/jboss/startup-scripts - -if [[ -d "$ENTRYPOINT_DIR" ]]; then - # First run cli autoruns - for f in "$ENTRYPOINT_DIR"/*; do - if [[ "$f" == *.cli ]]; then - echo "Executing cli script: $f" - bin/jboss-cli.sh --file="$f" - elif [[ -d "$f" ]]; then - echo "Skipping execution of directory: $f" - elif [[ -x "$f" ]]; then - echo "Executing: $f" - "$f" - else - echo "Ignoring file in $ENTRYPOINT_DIR (not *.cli or executable): $f" - fi - done -fi diff --git a/tools/build-keycloak.sh b/tools/build-keycloak.sh deleted file mode 100644 index a3598c5..0000000 --- a/tools/build-keycloak.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/bash -e - -########################### -# Build/download Keycloak # -########################### - -if [ "$GIT_REPO" != "" ]; then - if [ "$GIT_BRANCH" == "" ]; then - GIT_BRANCH="main" - fi - - # Install Git - microdnf install -y git - - # Install Maven - cd /opt/jboss - curl -s https://apache.uib.no/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.tar.gz | tar xz - mv apache-maven-3.5.4 /opt/jboss/maven - export M2_HOME=/opt/jboss/maven - - # Clone repository - git clone --depth 1 https://github.com/$GIT_REPO.git -b $GIT_BRANCH /opt/jboss/keycloak-source - - # Build - cd /opt/jboss/keycloak-source - - MAIN_HEAD=`git log -n1 --format="%H"` - echo "Keycloak from [build]: $GIT_REPO/$GIT_BRANCH/commit/$MAIN_HEAD" - - $M2_HOME/bin/mvn -Pdistribution -pl distribution/server-dist -am -Dmaven.test.skip clean install - - cd /opt/jboss - - tar xfz /opt/jboss/keycloak-source/distribution/server-dist/target/keycloak-*.tar.gz - - # Remove temporary files - rm -rf /opt/jboss/maven - rm -rf /opt/jboss/keycloak-source - rm -rf $HOME/.m2/repository - - mv /opt/jboss/keycloak-* /opt/jboss/keycloak -else - echo "Keycloak from [download]: $KEYCLOAK_DIST" - - cd /opt/jboss/ - curl -L $KEYCLOAK_DIST | tar zx - mv /opt/jboss/keycloak-* /opt/jboss/keycloak -fi - -##################### -# Create DB modules # -##################### - -mkdir -p /opt/jboss/keycloak/modules/system/layers/base/com/mysql/jdbc/main -cd /opt/jboss/keycloak/modules/system/layers/base/com/mysql/jdbc/main -curl -O https://repo1.maven.org/maven2/mysql/mysql-connector-java/$JDBC_MYSQL_VERSION/mysql-connector-java-$JDBC_MYSQL_VERSION.jar -cp /opt/jboss/tools/databases/mysql/module.xml . -sed "s/JDBC_MYSQL_VERSION/$JDBC_MYSQL_VERSION/" /opt/jboss/tools/databases/mysql/module.xml > module.xml - -mkdir -p /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main -cd /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main -curl -L https://repo1.maven.org/maven2/org/postgresql/postgresql/$JDBC_POSTGRES_VERSION/postgresql-$JDBC_POSTGRES_VERSION.jar > postgres-jdbc.jar -cp /opt/jboss/tools/databases/postgres/module.xml . - -mkdir -p /opt/jboss/keycloak/modules/system/layers/base/org/mariadb/jdbc/main -cd /opt/jboss/keycloak/modules/system/layers/base/org/mariadb/jdbc/main -curl -L https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/$JDBC_MARIADB_VERSION/mariadb-java-client-$JDBC_MARIADB_VERSION.jar > mariadb-jdbc.jar -cp /opt/jboss/tools/databases/mariadb/module.xml . - -mkdir -p /opt/jboss/keycloak/modules/system/layers/base/com/oracle/jdbc/main -cd /opt/jboss/keycloak/modules/system/layers/base/com/oracle/jdbc/main -cp /opt/jboss/tools/databases/oracle/module.xml . - -mkdir -p /opt/jboss/keycloak/modules/system/layers/keycloak/com/microsoft/sqlserver/jdbc/main -cd /opt/jboss/keycloak/modules/system/layers/keycloak/com/microsoft/sqlserver/jdbc/main -curl -L https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/$JDBC_MSSQL_VERSION/mssql-jdbc-$JDBC_MSSQL_VERSION.jar > mssql-jdbc.jar -cp /opt/jboss/tools/databases/mssql/module.xml . - -###################### -# Configure Keycloak # -###################### - -cd /opt/jboss/keycloak - -bin/jboss-cli.sh --file=/opt/jboss/tools/cli/standalone-configuration.cli -rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history - -bin/jboss-cli.sh --file=/opt/jboss/tools/cli/standalone-ha-configuration.cli -rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history - -########### -# Garbage # -########### - -rm -rf /opt/jboss/keycloak/standalone/tmp/auth -rm -rf /opt/jboss/keycloak/domain/tmp/auth - -################### -# Set permissions # -################### - -echo "jboss:x:0:root" >> /etc/group -echo "jboss:x:1000:0:JBoss user:/opt/jboss:/sbin/nologin" >> /etc/passwd -chown -R jboss:root /opt/jboss -chmod -R g+rwX /opt/jboss \ No newline at end of file diff --git a/tools/cli/databases/h2/change-database.cli b/tools/cli/databases/h2/change-database.cli deleted file mode 100644 index 21809d7..0000000 --- a/tools/cli/databases/h2/change-database.cli +++ /dev/null @@ -1,9 +0,0 @@ -/subsystem=datasources/data-source=KeycloakDS: remove() -/subsystem=datasources/data-source=KeycloakDS: add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,use-ccm=true, connection-url=jdbc:h2:tcp://${env.DB_ADDR:h2}:${env.DB_PORT:9092}/${env.DB_DATABASE:keycloak};schema\=${env.DB_SCHEMA:public}${env.JDBC_PARAMS:}, driver-name=h2tcp) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=user-name, value=${env.DB_USER:keycloak}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=password, value=${env.DB_PASSWORD:password}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=check-valid-connection-sql, value="SELECT 1") -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=flush-strategy, value=IdleConnections) -/subsystem=datasources/jdbc-driver=h2tcp:add(driver-name=h2tcp, driver-module-name=com.h2database.h2, driver-xa-datasource-class-name=org.h2.jdbcx.JdbcDataSource) diff --git a/tools/cli/databases/h2/standalone-configuration.cli b/tools/cli/databases/h2/standalone-configuration.cli deleted file mode 100644 index d47881c..0000000 --- a/tools/cli/databases/h2/standalone-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/h2/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/h2/standalone-ha-configuration.cli b/tools/cli/databases/h2/standalone-ha-configuration.cli deleted file mode 100644 index 55ea4e2..0000000 --- a/tools/cli/databases/h2/standalone-ha-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/h2/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/mariadb/change-database.cli b/tools/cli/databases/mariadb/change-database.cli deleted file mode 100644 index 2f099f2..0000000 --- a/tools/cli/databases/mariadb/change-database.cli +++ /dev/null @@ -1,9 +0,0 @@ -/subsystem=datasources/data-source=KeycloakDS: remove() -/subsystem=datasources/data-source=KeycloakDS: add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,use-ccm=true, connection-url=jdbc:mariadb://${env.DB_ADDR:mariadb}:${env.DB_PORT:3306}/${env.DB_DATABASE:keycloak}${env.JDBC_PARAMS:}, driver-name=mariadb) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=user-name, value=${env.DB_USER:keycloak}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=password, value=${env.DB_PASSWORD:password}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=check-valid-connection-sql, value="SELECT 1") -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=flush-strategy, value=IdleConnections) -/subsystem=datasources/jdbc-driver=mariadb:add(driver-name=mariadb, driver-module-name=org.mariadb.jdbc, driver-xa-datasource-class-name=org.mariadb.jdbc.MySQLDataSource) diff --git a/tools/cli/databases/mariadb/standalone-configuration.cli b/tools/cli/databases/mariadb/standalone-configuration.cli deleted file mode 100644 index 60c0453..0000000 --- a/tools/cli/databases/mariadb/standalone-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/mariadb/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/mariadb/standalone-ha-configuration.cli b/tools/cli/databases/mariadb/standalone-ha-configuration.cli deleted file mode 100644 index de59136..0000000 --- a/tools/cli/databases/mariadb/standalone-ha-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/mariadb/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/mssql/change-database.cli b/tools/cli/databases/mssql/change-database.cli deleted file mode 100644 index bdb87fc..0000000 --- a/tools/cli/databases/mssql/change-database.cli +++ /dev/null @@ -1,11 +0,0 @@ -/subsystem=datasources/data-source=KeycloakDS: remove() -/subsystem=datasources/data-source=KeycloakDS: add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,use-ccm=true, connection-url="jdbc:sqlserver://${env.DB_ADDR:mssql}:${env.DB_PORT:1433};databaseName=${env.DB_DATABASE:keycloak};sendStringParametersAsUnicode=false;${env.JDBC_PARAMS:}", driver-name=sqlserver) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=user-name, value=${env.DB_USER:keycloak}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=password, value=${env.DB_PASSWORD:password}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=check-valid-connection-sql, value="SELECT 1") -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=flush-strategy, value=IdleConnections) -/subsystem=datasources/jdbc-driver=sqlserver:add(driver-name=sqlserver,driver-module-name=com.microsoft.sqlserver.jdbc,driver-xa-datasource-class-name=com.microsoft.sqlserver.jdbc.SQLServerXADataSource) - -/subsystem=keycloak-server/spi=connectionsJpa/provider=default:write-attribute(name=properties.schema,value=${env.DB_SCHEMA:dbo}) \ No newline at end of file diff --git a/tools/cli/databases/mssql/standalone-configuration.cli b/tools/cli/databases/mssql/standalone-configuration.cli deleted file mode 100644 index 8a616ca..0000000 --- a/tools/cli/databases/mssql/standalone-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/mssql/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/mssql/standalone-ha-configuration.cli b/tools/cli/databases/mssql/standalone-ha-configuration.cli deleted file mode 100644 index 5057630..0000000 --- a/tools/cli/databases/mssql/standalone-ha-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/mssql/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/mysql/change-database.cli b/tools/cli/databases/mysql/change-database.cli deleted file mode 100644 index e709697..0000000 --- a/tools/cli/databases/mysql/change-database.cli +++ /dev/null @@ -1,9 +0,0 @@ -/subsystem=datasources/data-source=KeycloakDS: remove() -/subsystem=datasources/data-source=KeycloakDS: add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,use-ccm=true, connection-url=jdbc:mysql://${env.DB_ADDR:mysql}:${env.DB_PORT:3306}/${env.DB_DATABASE:keycloak}${env.JDBC_PARAMS:}, driver-name=mysql) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=user-name, value=${env.DB_USER:keycloak}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=password, value=${env.DB_PASSWORD:password}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=check-valid-connection-sql, value="SELECT 1") -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=flush-strategy, value=IdleConnections) -/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql, driver-module-name=com.mysql.jdbc, driver-xa-datasource-class-name=com.mysql.cj.jdbc.MysqlXADataSource) diff --git a/tools/cli/databases/mysql/standalone-configuration.cli b/tools/cli/databases/mysql/standalone-configuration.cli deleted file mode 100644 index 00370f6..0000000 --- a/tools/cli/databases/mysql/standalone-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/mysql/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/mysql/standalone-ha-configuration.cli b/tools/cli/databases/mysql/standalone-ha-configuration.cli deleted file mode 100644 index 5787e8a..0000000 --- a/tools/cli/databases/mysql/standalone-ha-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/mysql/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/oracle/change-database.cli b/tools/cli/databases/oracle/change-database.cli deleted file mode 100644 index 3ea85bf..0000000 --- a/tools/cli/databases/oracle/change-database.cli +++ /dev/null @@ -1,9 +0,0 @@ -/subsystem=datasources/data-source=KeycloakDS: remove() -/subsystem=datasources/data-source=KeycloakDS: add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,use-ccm=true, connection-url=jdbc:oracle:thin:@${env.DB_ADDR:oracle}:${env.DB_PORT:1521}:${env.DB_DATABASE:XE}${env.JDBC_PARAMS:}, driver-name=oracle) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=user-name, value=${env.DB_USER:SYSTEM}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=password, value=${env.DB_PASSWORD:oracle}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=check-valid-connection-sql, value="SELECT 1 FROM dual") -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=flush-strategy, value=IdleConnections) -/subsystem=datasources/jdbc-driver=oracle:add(driver-name=oracle, driver-module-name=com.oracle.jdbc, driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource) diff --git a/tools/cli/databases/oracle/standalone-configuration.cli b/tools/cli/databases/oracle/standalone-configuration.cli deleted file mode 100644 index 4f1f3dc..0000000 --- a/tools/cli/databases/oracle/standalone-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/oracle/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/oracle/standalone-ha-configuration.cli b/tools/cli/databases/oracle/standalone-ha-configuration.cli deleted file mode 100644 index 57762b8..0000000 --- a/tools/cli/databases/oracle/standalone-ha-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/oracle/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/postgres/change-database.cli b/tools/cli/databases/postgres/change-database.cli deleted file mode 100644 index f6b7042..0000000 --- a/tools/cli/databases/postgres/change-database.cli +++ /dev/null @@ -1,11 +0,0 @@ -/subsystem=datasources/data-source=KeycloakDS: remove() -/subsystem=datasources/data-source=KeycloakDS: add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,use-ccm=true, connection-url=jdbc:postgresql://${env.DB_ADDR:postgres}/${env.DB_DATABASE:keycloak}${env.JDBC_PARAMS:}, driver-name=postgresql) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=user-name, value=${env.DB_USER:keycloak}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=password, value=${env.DB_PASSWORD:password}) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=check-valid-connection-sql, value="SELECT 1") -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS: write-attribute(name=flush-strategy, value=IdleConnections) -/subsystem=datasources/jdbc-driver=postgresql:add(driver-name=postgresql, driver-module-name=org.postgresql.jdbc, driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource) - -/subsystem=keycloak-server/spi=connectionsJpa/provider=default:write-attribute(name=properties.schema,value=${env.DB_SCHEMA:public}) diff --git a/tools/cli/databases/postgres/standalone-configuration.cli b/tools/cli/databases/postgres/standalone-configuration.cli deleted file mode 100644 index e10ff84..0000000 --- a/tools/cli/databases/postgres/standalone-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/postgres/change-database.cli -stop-embedded-server diff --git a/tools/cli/databases/postgres/standalone-ha-configuration.cli b/tools/cli/databases/postgres/standalone-ha-configuration.cli deleted file mode 100644 index e95f344..0000000 --- a/tools/cli/databases/postgres/standalone-ha-configuration.cli +++ /dev/null @@ -1,3 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/databases/postgres/change-database.cli -stop-embedded-server diff --git a/tools/cli/files-plaintext-vault.cli b/tools/cli/files-plaintext-vault.cli deleted file mode 100644 index 1b076c2..0000000 --- a/tools/cli/files-plaintext-vault.cli +++ /dev/null @@ -1,7 +0,0 @@ -embed-server --server-config=$configuration_file --std-out=discard -echo ** Adding vault spi ** -/subsystem=keycloak-server/spi=vault/:add -/subsystem=keycloak-server/spi=vault/provider=files-plaintext/:add(enabled=true,properties={dir => $plaintext_vault_provider_dir}) -/subsystem=keycloak-server/spi=vault:write-attribute(name=default-provider,value=files-plaintext) -stop-embedded-server - diff --git a/tools/cli/hostname.cli b/tools/cli/hostname.cli deleted file mode 100644 index c9e82e1..0000000 --- a/tools/cli/hostname.cli +++ /dev/null @@ -1,2 +0,0 @@ -/subsystem=keycloak-server/spi=hostname:write-attribute(name=default-provider, value="${keycloak.hostname.provider:default}") -/subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "${keycloak.hostname.fixed.hostname:localhost}",httpPort => "${keycloak.hostname.fixed.httpPort:-1}",httpsPort => "${keycloak.hostname.fixed.httpsPort:-1}",alwaysHttps => "${keycloak.hostname.fixed.alwaysHttps:false}"},enabled=true) diff --git a/tools/cli/infinispan/cache-owners.cli b/tools/cli/infinispan/cache-owners.cli deleted file mode 100644 index dc207e7..0000000 --- a/tools/cli/infinispan/cache-owners.cli +++ /dev/null @@ -1,11 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -batch -/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions: write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:1}) -/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions: write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:1}) -/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures: write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:1}) -/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions: write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:1}) -/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions: write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:1}) -/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens: write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:1}) -/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions: write-attribute(name=owners, value=${env.CACHE_OWNERS_AUTH_SESSIONS_COUNT:1}) -run-batch -stop-embedded-server \ No newline at end of file diff --git a/tools/cli/jgroups/discovery/JDBC_PING.cli b/tools/cli/jgroups/discovery/JDBC_PING.cli deleted file mode 100644 index bd4c8ee..0000000 --- a/tools/cli/jgroups/discovery/JDBC_PING.cli +++ /dev/null @@ -1,11 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -batch -/subsystem=jgroups/stack=udp/protocol=PING:remove() -/subsystem=jgroups/stack=udp/protocol=JDBC_PING:add(add-index=0, data-source=KeycloakDS, properties=$keycloak_jgroups_discovery_protocol_properties) - -/subsystem=jgroups/stack=tcp/protocol=MPING:remove() -/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:add(add-index=0, data-source=KeycloakDS, properties=$keycloak_jgroups_discovery_protocol_properties) - -/subsystem=jgroups/channel=ee:write-attribute(name="stack", value=$keycloak_jgroups_transport_stack) -run-batch -stop-embedded-server diff --git a/tools/cli/jgroups/discovery/default.cli b/tools/cli/jgroups/discovery/default.cli deleted file mode 100644 index 68da05a..0000000 --- a/tools/cli/jgroups/discovery/default.cli +++ /dev/null @@ -1,11 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -batch -/subsystem=jgroups/stack=udp/protocol=PING:remove() -/subsystem=jgroups/stack=udp/protocol=$keycloak_jgroups_discovery_protocol:add(add-index=0, properties=$keycloak_jgroups_discovery_protocol_properties) - -/subsystem=jgroups/stack=tcp/protocol=MPING:remove() -/subsystem=jgroups/stack=tcp/protocol=$keycloak_jgroups_discovery_protocol:add(add-index=0, properties=$keycloak_jgroups_discovery_protocol_properties) - -/subsystem=jgroups/channel=ee:write-attribute(name="stack", value=$keycloak_jgroups_transport_stack) -run-batch -stop-embedded-server diff --git a/tools/cli/loglevel.cli b/tools/cli/loglevel.cli deleted file mode 100644 index c6adb88..0000000 --- a/tools/cli/loglevel.cli +++ /dev/null @@ -1,9 +0,0 @@ -/subsystem=logging/logger=org.keycloak:add -/subsystem=logging/logger=org.keycloak:write-attribute(name=level,value=${env.KEYCLOAK_LOGLEVEL:INFO}) - -/subsystem=logging/root-logger=ROOT:change-root-log-level(level=${env.ROOT_LOGLEVEL:INFO}) - -/subsystem=logging/root-logger=ROOT:remove-handler(name="FILE") -/subsystem=logging/periodic-rotating-file-handler=FILE:remove - -/subsystem=logging/console-handler=CONSOLE:undefine-attribute(name=level) diff --git a/tools/cli/metrics/db.cli b/tools/cli/metrics/db.cli deleted file mode 100644 index 7524657..0000000 --- a/tools/cli/metrics/db.cli +++ /dev/null @@ -1,5 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -batch -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=statistics-enabled, value=true) -run-batch -stop-embedded-server \ No newline at end of file diff --git a/tools/cli/metrics/http.cli b/tools/cli/metrics/http.cli deleted file mode 100644 index 322c7db..0000000 --- a/tools/cli/metrics/http.cli +++ /dev/null @@ -1,5 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -batch -/subsystem=undertow:write-attribute(name=statistics-enabled,value=true) -run-batch -stop-embedded-server \ No newline at end of file diff --git a/tools/cli/metrics/jgroups.cli b/tools/cli/metrics/jgroups.cli deleted file mode 100644 index dac4cb5..0000000 --- a/tools/cli/metrics/jgroups.cli +++ /dev/null @@ -1,5 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -batch -/subsystem=jgroups/channel=ee:write-attribute(name=statistics-enabled, value=true) -run-batch -stop-embedded-server \ No newline at end of file diff --git a/tools/cli/proxy.cli b/tools/cli/proxy.cli deleted file mode 100644 index 3c1984b..0000000 --- a/tools/cli/proxy.cli +++ /dev/null @@ -1,2 +0,0 @@ -/subsystem=undertow/server=default-server/http-listener=default: write-attribute(name=proxy-address-forwarding, value=${env.PROXY_ADDRESS_FORWARDING:false}) -/subsystem=undertow/server=default-server/https-listener=https: write-attribute(name=proxy-address-forwarding, value=${env.PROXY_ADDRESS_FORWARDING:false}) diff --git a/tools/cli/standalone-configuration.cli b/tools/cli/standalone-configuration.cli deleted file mode 100644 index 6e47c46..0000000 --- a/tools/cli/standalone-configuration.cli +++ /dev/null @@ -1,6 +0,0 @@ -embed-server --server-config=standalone.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/loglevel.cli -run-batch --file=/opt/jboss/tools/cli/proxy.cli -run-batch --file=/opt/jboss/tools/cli/hostname.cli -run-batch --file=/opt/jboss/tools/cli/theme.cli -stop-embedded-server diff --git a/tools/cli/standalone-ha-configuration.cli b/tools/cli/standalone-ha-configuration.cli deleted file mode 100644 index 33e1440..0000000 --- a/tools/cli/standalone-ha-configuration.cli +++ /dev/null @@ -1,6 +0,0 @@ -embed-server --server-config=standalone-ha.xml --std-out=echo -run-batch --file=/opt/jboss/tools/cli/loglevel.cli -run-batch --file=/opt/jboss/tools/cli/proxy.cli -run-batch --file=/opt/jboss/tools/cli/hostname.cli -run-batch --file=/opt/jboss/tools/cli/theme.cli -stop-embedded-server diff --git a/tools/cli/theme.cli b/tools/cli/theme.cli deleted file mode 100644 index dba1937..0000000 --- a/tools/cli/theme.cli +++ /dev/null @@ -1,2 +0,0 @@ -/subsystem=keycloak-server/theme=defaults:write-attribute(name=welcomeTheme,value=${env.KEYCLOAK_WELCOME_THEME:keycloak}) -/subsystem=keycloak-server/theme=defaults:write-attribute(name=default,value=${env.KEYCLOAK_DEFAULT_THEME:keycloak}) diff --git a/tools/cli/x509-keystore.cli b/tools/cli/x509-keystore.cli deleted file mode 100644 index 270a700..0000000 --- a/tools/cli/x509-keystore.cli +++ /dev/null @@ -1,9 +0,0 @@ -embed-server --server-config=$configuration_file --std-out=discard -/subsystem=elytron/key-store=kcKeyStore:add(path=$keycloak_tls_keystore_file,type=JKS,credential-reference={clear-text=$keycloak_tls_keystore_password}) -/subsystem=elytron/key-manager=kcKeyManager:add(key-store=kcKeyStore,credential-reference={clear-text=$keycloak_tls_keystore_password}) -/subsystem=elytron/server-ssl-context=kcSSLContext:add(key-manager=kcKeyManager) -batch -/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm) -/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=kcSSLContext) -run-batch -stop-embedded-server diff --git a/tools/cli/x509-truststore.cli b/tools/cli/x509-truststore.cli deleted file mode 100644 index 79f94db..0000000 --- a/tools/cli/x509-truststore.cli +++ /dev/null @@ -1,25 +0,0 @@ -embed-server --server-config=$configuration_file --std-out=discard -/subsystem=elytron/key-store=kcTrustStore:add(path=$keycloak_tls_truststore_file,type=JKS,credential-reference={clear-text=$keycloak_tls_truststore_password}) -/subsystem=elytron/trust-manager=kcTrustManager:add(key-store=kcTrustStore) -if (outcome != success) of /subsystem=elytron/server-ssl-context=kcSSLContext:read-resource - # Since WF requires a Key Manager for creating /subsystem=elytron/server-ssl-context, there's nothing we can do at this point. - # We can not automatically generate a self-signed key (Elytron doesn't support this, see https://docs.wildfly.org/13/WildFly_Elytron_Security.html#configure-ssltls), - # and we don't have anything else at hand. - # However, there is no big harm here - the Trust Store is more needed by Keycloak Truststore SPI. - echo "WARNING! There is no Key Manager (No Key Store specified). Skipping HTTPS Listener configuration..." -else - # The SSL Context has been added by keystore, not much to do - just append trust store and we are done. - /subsystem=elytron/server-ssl-context=kcSSLContext:write-attribute(name=trust-manager, value=kcTrustManager) - /subsystem=elytron/server-ssl-context=kcSSLContext:write-attribute(name=want-client-auth, value=true) -end-if - -if (outcome != success) of /subsystem=keycloak-server/spi=truststore:read-resource - /subsystem=keycloak-server/spi=truststore/:add -end-if -/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true,properties={ \ - file => $keycloak_tls_truststore_file, \ - password => $keycloak_tls_truststore_password, \ - hostname-verification-policy => "WILDCARD", \ -disabled => "false"}) - -stop-embedded-server \ No newline at end of file diff --git a/tools/databases/change-database.sh b/tools/databases/change-database.sh deleted file mode 100644 index 55a4a8e..0000000 --- a/tools/databases/change-database.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -e - -DB_VENDOR=$1 - -cd /opt/jboss/keycloak - -bin/jboss-cli.sh --file=/opt/jboss/tools/cli/databases/$DB_VENDOR/standalone-configuration.cli -rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history - -bin/jboss-cli.sh --file=/opt/jboss/tools/cli/databases/$DB_VENDOR/standalone-ha-configuration.cli -rm -rf standalone/configuration/standalone_xml_history/current/* \ No newline at end of file diff --git a/tools/databases/mariadb/module.xml b/tools/databases/mariadb/module.xml deleted file mode 100644 index a3f6f96..0000000 --- a/tools/databases/mariadb/module.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - diff --git a/tools/databases/mssql/module.xml b/tools/databases/mssql/module.xml deleted file mode 100644 index 23574b8..0000000 --- a/tools/databases/mssql/module.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - - - - diff --git a/tools/databases/mysql/module.xml b/tools/databases/mysql/module.xml deleted file mode 100644 index 600bded..0000000 --- a/tools/databases/mysql/module.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - diff --git a/tools/databases/oracle/module.xml b/tools/databases/oracle/module.xml deleted file mode 100644 index 8720a08..0000000 --- a/tools/databases/oracle/module.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - diff --git a/tools/databases/postgres/module.xml b/tools/databases/postgres/module.xml deleted file mode 100644 index 2180e59..0000000 --- a/tools/databases/postgres/module.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - diff --git a/tools/docker-entrypoint.sh b/tools/docker-entrypoint.sh deleted file mode 100644 index 6633743..0000000 --- a/tools/docker-entrypoint.sh +++ /dev/null @@ -1,257 +0,0 @@ -#!/bin/bash -set -eou pipefail - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [[ ${!var:-} && ${!fileVar:-} ]]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [[ ${!var:-} ]]; then - val="${!var}" - elif [[ ${!fileVar:-} ]]; then - val="$(< "${!fileVar}")" - fi - - if [[ -n $val ]]; then - export "$var"="$val" - fi - - unset "$fileVar" -} - -SYS_PROPS="" - -################## -# Add admin user # -################## - -file_env 'KEYCLOAK_USER' -file_env 'KEYCLOAK_PASSWORD' - -if [[ -n ${KEYCLOAK_USER:-} && -n ${KEYCLOAK_PASSWORD:-} ]]; then - /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "$KEYCLOAK_USER" --password "$KEYCLOAK_PASSWORD" -fi - -############ -# Hostname # -############ - -if [[ -n ${KEYCLOAK_FRONTEND_URL:-} ]]; then - SYS_PROPS+="-Dkeycloak.frontendUrl=$KEYCLOAK_FRONTEND_URL" -fi - -if [[ -n ${KEYCLOAK_HOSTNAME:-} ]]; then - SYS_PROPS+=" -Dkeycloak.hostname.provider=fixed -Dkeycloak.hostname.fixed.hostname=$KEYCLOAK_HOSTNAME" - - if [[ -n ${KEYCLOAK_HTTP_PORT:-} ]]; then - SYS_PROPS+=" -Dkeycloak.hostname.fixed.httpPort=$KEYCLOAK_HTTP_PORT" - fi - - if [[ -n ${KEYCLOAK_HTTPS_PORT:-} ]]; then - SYS_PROPS+=" -Dkeycloak.hostname.fixed.httpsPort=$KEYCLOAK_HTTPS_PORT" - fi - - if [[ -n ${KEYCLOAK_ALWAYS_HTTPS:-} ]]; then - SYS_PROPS+=" -Dkeycloak.hostname.fixed.alwaysHttps=$KEYCLOAK_ALWAYS_HTTPS" - fi -fi - -################ -# Realm import # -################ - -if [[ -n ${KEYCLOAK_IMPORT:-} ]]; then - SYS_PROPS+=" -Dkeycloak.import=$KEYCLOAK_IMPORT" -fi - -######################## -# JGroups bind options # -######################## - -if [[ -z ${BIND:-} ]]; then - BIND=$(hostname --all-ip-addresses) -fi -if [[ -z ${BIND_OPTS:-} ]]; then - for BIND_IP in $BIND - do - BIND_OPTS+=" -Djboss.bind.address=$BIND_IP -Djboss.bind.address.private=$BIND_IP " - done -fi -SYS_PROPS+=" $BIND_OPTS" - -######################################### -# Expose management console for metrics # -######################################### - -if [[ -n ${KEYCLOAK_STATISTICS:-} ]] ; then - SYS_PROPS+=" -Djboss.bind.address.management=0.0.0.0" -fi - -################# -# Configuration # -################# - -# If the server configuration parameter is not present, append the HA profile. -if echo "$@" | grep -E -v -- '-c |-c=|--server-config |--server-config='; then - SYS_PROPS+=" -c=standalone-ha.xml" -fi - -# Adding support for JAVA_OPTS_APPEND -sed -i '$a\\n# Append to JAVA_OPTS. Necessary to prevent some values being omitted if JAVA_OPTS is defined directly\nJAVA_OPTS=\"\$JAVA_OPTS \$JAVA_OPTS_APPEND\"' /opt/jboss/keycloak/bin/standalone.conf - -############ -# DB setup # -############ - -file_env 'DB_USER' -file_env 'DB_PASSWORD' -# Lower case DB_VENDOR -if [[ -n ${DB_VENDOR:-} ]]; then - DB_VENDOR=$(echo "$DB_VENDOR" | tr "[:upper:]" "[:lower:]") -fi - -# Detect DB vendor from default host names -if [[ -z ${DB_VENDOR:-} ]]; then - if (getent hosts postgres &>/dev/null); then - export DB_VENDOR="postgres" - elif (getent hosts mysql &>/dev/null); then - export DB_VENDOR="mysql" - elif (getent hosts mariadb &>/dev/null); then - export DB_VENDOR="mariadb" - elif (getent hosts oracle &>/dev/null); then - export DB_VENDOR="oracle" - elif (getent hosts mssql &>/dev/null); then - export DB_VENDOR="mssql" - elif (getent hosts h2 &>/dev/null); then - export DB_VENDOR="h2" - export DB_ADDR="h2" - fi -fi - -# Detect DB vendor from legacy `*_ADDR` environment variables -if [[ -z ${DB_VENDOR:-} ]]; then - if (printenv | grep '^POSTGRES_ADDR=' &>/dev/null); then - export DB_VENDOR="postgres" - elif (printenv | grep '^MYSQL_ADDR=' &>/dev/null); then - export DB_VENDOR="mysql" - elif (printenv | grep '^MARIADB_ADDR=' &>/dev/null); then - export DB_VENDOR="mariadb" - elif (printenv | grep '^ORACLE_ADDR=' &>/dev/null); then - export DB_VENDOR="oracle" - elif (printenv | grep '^MSSQL_ADDR=' &>/dev/null); then - export DB_VENDOR="mssql" - elif (printenv | grep '^H2_ADDR=' &>/dev/null); then - export DB_VENDOR="h2" - export DB_ADDR="h2" - fi -fi - -# Default to H2 if DB type not detected -if [[ -z ${DB_VENDOR:-} ]]; then - export DB_VENDOR="h2" -fi - -# if the DB_VENDOR is postgres then append port to the DB_ADDR -function append_port_db_addr() { - local db_host_regex='^[a-zA-Z0-9]([a-zA-Z0-9]|-|.)*:[0-9]{4,5}$' - IFS=',' read -ra addresses <<< "$DB_ADDR" - DB_ADDR="" - for i in "${addresses[@]}"; do - if [[ $i =~ $db_host_regex ]]; then - DB_ADDR+=$i; - else - DB_ADDR+="${i}:${DB_PORT}"; - fi - DB_ADDR+="," - done - DB_ADDR=$(echo $DB_ADDR | sed 's/.$//') # remove the last comma -} -# Set DB name -case "$DB_VENDOR" in - postgres) - DB_NAME="PostgreSQL" - if [[ -z ${DB_PORT:-} ]] ; then - DB_PORT="5432" - fi - append_port_db_addr - ;; - mysql) - DB_NAME="MySQL";; - mariadb) - DB_NAME="MariaDB";; - mssql) - DB_NAME="Microsoft SQL Server";; - oracle) - DB_NAME="Oracle";; - h2) - if [[ -z ${DB_ADDR:-} ]] ; then - DB_NAME="Embedded H2" - else - DB_NAME="H2" - fi;; - *) - echo "Unknown DB vendor $DB_VENDOR" - exit 1 -esac - -if [ "$DB_VENDOR" != "mssql" ] && [ "$DB_VENDOR" != "h2" ]; then - # Append '?' in the beginning of the string if JDBC_PARAMS value isn't empty - JDBC_PARAMS=$(echo "${JDBC_PARAMS:-}" | sed '/^$/! s/^/?/') -else - JDBC_PARAMS=${JDBC_PARAMS:-} -fi - -export JDBC_PARAMS - -# Convert deprecated DB specific variables -function set_legacy_vars() { - local suffixes=(ADDR DATABASE USER PASSWORD PORT) - for suffix in "${suffixes[@]}"; do - local varname="$1_$suffix" - if [[ -n ${!varname:-} ]]; then - echo WARNING: "$varname" variable name is DEPRECATED replace with DB_"$suffix" - export DB_"$suffix=${!varname}" - fi - done -} -set_legacy_vars "$(echo "$DB_VENDOR" | tr "[:upper:]" "[:lower:]")" - -# Configure DB - -echo "=========================================================================" -echo "" -echo " Using $DB_NAME database" -echo "" -echo "=========================================================================" -echo "" - -configured_file="/opt/jboss/configured" -if [ ! -e "$configured_file" ]; then - touch "$configured_file" - - if [ "$DB_NAME" != "Embedded H2" ]; then - /bin/sh /opt/jboss/tools/databases/change-database.sh $DB_VENDOR - fi - - /opt/jboss/tools/x509.sh - /opt/jboss/tools/jgroups.sh - /opt/jboss/tools/infinispan.sh - /opt/jboss/tools/statistics.sh - /opt/jboss/tools/vault.sh - /opt/jboss/tools/autorun.sh -fi - -################## -# Start Keycloak # -################## - -exec /opt/jboss/keycloak/bin/standalone.sh $SYS_PROPS $@ -exit $? diff --git a/tools/infinispan.sh b/tools/infinispan.sh deleted file mode 100644 index be15edf..0000000 --- a/tools/infinispan.sh +++ /dev/null @@ -1,14 +0,0 @@ -# How many owners / replicas should our distributed caches have. If <2 any node that is removed from the cluster will cause a data-loss! -# As it is only sensible to replicate AuthenticationSessions for certain cases, their replication factor can be configured independently - -if [ -n "$CACHE_OWNERS_COUNT" ]; then - echo "Setting cache owners to $CACHE_OWNERS_COUNT replicas" - - # Check and log the replication factor of AuthenticationSessions, otherwise this is set to 1 by default - if [ -n "$CACHE_OWNERS_AUTH_SESSIONS_COUNT" ]; then - echo "Enabling replication of AuthenticationSessions with ${CACHE_OWNERS_AUTH_SESSIONS_COUNT} replicas" - else - echo "AuthenticationSessions will NOT be replicated, set CACHE_OWNERS_AUTH_SESSIONS_COUNT to configure this" - fi -$JBOSS_HOME/bin/jboss-cli.sh --file="/opt/jboss/tools/cli/infinispan/cache-owners.cli" >& /dev/null -fi diff --git a/tools/jgroups.sh b/tools/jgroups.sh deleted file mode 100644 index 36f34a5..0000000 --- a/tools/jgroups.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# If JGROUPS_DISCOVERY_PROPERTIES is set, it must be in the following format: PROP1=FOO,PROP2=BAR -# If JGROUPS_DISCOVERY_PROPERTIES_DIRECT is set, it must be in the following format: {PROP1=>FOO,PROP2=>BAR} -# It's a configuration error to set both of these variables - -if [ -n "$JGROUPS_DISCOVERY_PROTOCOL" ]; then - if [ -n "$JGROUPS_DISCOVERY_PROPERTIES" ] && [ -n "$JGROUPS_DISCOVERY_PROPERTIES_DIRECT" ]; then - echo >&2 "error: both JGROUPS_DISCOVERY_PROPERTIES and JGROUPS_DISCOVERY_PROPERTIES_DIRECT are set (but are exclusive)" - exit 1 - fi - - if [ -n "$JGROUPS_DISCOVERY_PROPERTIES_DIRECT" ]; then - JGROUPS_DISCOVERY_PROPERTIES_PARSED="$JGROUPS_DISCOVERY_PROPERTIES_DIRECT" - else - JGROUPS_DISCOVERY_PROPERTIES_PARSED=`echo $JGROUPS_DISCOVERY_PROPERTIES | sed "s/=/=>/g"` - JGROUPS_DISCOVERY_PROPERTIES_PARSED="{$JGROUPS_DISCOVERY_PROPERTIES_PARSED}" - fi - - echo "Setting JGroups discovery to $JGROUPS_DISCOVERY_PROTOCOL with properties $JGROUPS_DISCOVERY_PROPERTIES_PARSED" - echo "set keycloak_jgroups_discovery_protocol=${JGROUPS_DISCOVERY_PROTOCOL}" >> "$JBOSS_HOME/bin/.jbossclirc" - echo "set keycloak_jgroups_discovery_protocol_properties=${JGROUPS_DISCOVERY_PROPERTIES_PARSED}" >> "$JBOSS_HOME/bin/.jbossclirc" - echo "set keycloak_jgroups_transport_stack=${JGROUPS_TRANSPORT_STACK:-tcp}" >> "$JBOSS_HOME/bin/.jbossclirc" - # If there's a specific CLI file for given protocol - execute it. If not, we should be good with the default one. - if [ -f "/opt/jboss/tools/cli/jgroups/discovery/$JGROUPS_DISCOVERY_PROTOCOL.cli" ]; then - $JBOSS_HOME/bin/jboss-cli.sh --file="/opt/jboss/tools/cli/jgroups/discovery/$JGROUPS_DISCOVERY_PROTOCOL.cli" >& /dev/null - else - $JBOSS_HOME/bin/jboss-cli.sh --file="/opt/jboss/tools/cli/jgroups/discovery/default.cli" >& /dev/null - fi -fi diff --git a/tools/statistics.sh b/tools/statistics.sh deleted file mode 100644 index 5c90f00..0000000 --- a/tools/statistics.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -if [ -n "$KEYCLOAK_STATISTICS" ]; then - IFS=',' read -ra metrics <<< "$KEYCLOAK_STATISTICS" - for file in /opt/jboss/tools/cli/metrics/*.cli; do - name=${file##*/} - base=${name%.cli} - if [[ $KEYCLOAK_STATISTICS == *"$base"* ]] || [[ $KEYCLOAK_STATISTICS == *"all"* ]]; then - $JBOSS_HOME/bin/jboss-cli.sh --file="$file" >& /dev/null - fi - done -fi diff --git a/tools/vault.sh b/tools/vault.sh deleted file mode 100644 index 77e86ee..0000000 --- a/tools/vault.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -if [ -d "$JBOSS_HOME/secrets" ]; then - echo "set plaintext_vault_provider_dir=${JBOSS_HOME}/secrets" >> "$JBOSS_HOME/bin/.jbossclirc" - - echo "set configuration_file=standalone.xml" >> "$JBOSS_HOME/bin/.jbossclirc" - $JBOSS_HOME/bin/jboss-cli.sh --file=/opt/jboss/tools/cli/files-plaintext-vault.cli - sed -i '$ d' "$JBOSS_HOME/bin/.jbossclirc" - - echo "set configuration_file=standalone-ha.xml" >> "$JBOSS_HOME/bin/.jbossclirc" - $JBOSS_HOME/bin/jboss-cli.sh --file=/opt/jboss/tools/cli/files-plaintext-vault.cli - sed -i '$ d' "$JBOSS_HOME/bin/.jbossclirc" -fi diff --git a/tools/x509.sh b/tools/x509.sh deleted file mode 100644 index e4dfde8..0000000 --- a/tools/x509.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash - -function autogenerate_keystores() { - # Keystore infix notation as used in templates to keystore name mapping - declare -A KEYSTORES=( ["https"]="HTTPS" ) - - local KEYSTORES_STORAGE="${JBOSS_HOME}/standalone/configuration/keystores" - if [ ! -d "${KEYSTORES_STORAGE}" ]; then - mkdir -p "${KEYSTORES_STORAGE}" - fi - - # Auto-generate the HTTPS keystore if volumes for OpenShift's - # serving x509 certificate secrets service were properly mounted - for KEYSTORE_TYPE in "${!KEYSTORES[@]}"; do - - local X509_KEYSTORE_DIR="/etc/x509/${KEYSTORE_TYPE}" - local X509_CRT="tls.crt" - local X509_KEY="tls.key" - local NAME="keycloak-${KEYSTORE_TYPE}-key" - local PASSWORD=$(openssl rand -base64 32 2>/dev/null) - local JKS_KEYSTORE_FILE="${KEYSTORE_TYPE}-keystore.jks" - local PKCS12_KEYSTORE_FILE="${KEYSTORE_TYPE}-keystore.pk12" - - if [ -f "${X509_KEYSTORE_DIR}/${X509_KEY}" ] && [ -f "${X509_KEYSTORE_DIR}/${X509_CRT}" ]; then - - echo "Creating ${KEYSTORES[$KEYSTORE_TYPE]} keystore via OpenShift's service serving x509 certificate secrets.." - - openssl pkcs12 -export \ - -name "${NAME}" \ - -inkey "${X509_KEYSTORE_DIR}/${X509_KEY}" \ - -in "${X509_KEYSTORE_DIR}/${X509_CRT}" \ - -out "${KEYSTORES_STORAGE}/${PKCS12_KEYSTORE_FILE}" \ - -password pass:"${PASSWORD}" >& /dev/null - - keytool -importkeystore -noprompt \ - -srcalias "${NAME}" -destalias "${NAME}" \ - -srckeystore "${KEYSTORES_STORAGE}/${PKCS12_KEYSTORE_FILE}" \ - -srcstoretype pkcs12 \ - -destkeystore "${KEYSTORES_STORAGE}/${JKS_KEYSTORE_FILE}" \ - -storepass "${PASSWORD}" -srcstorepass "${PASSWORD}" >& /dev/null - - if [ -f "${KEYSTORES_STORAGE}/${JKS_KEYSTORE_FILE}" ]; then - echo "${KEYSTORES[$KEYSTORE_TYPE]} keystore successfully created at: ${KEYSTORES_STORAGE}/${JKS_KEYSTORE_FILE}" - else - echo "${KEYSTORES[$KEYSTORE_TYPE]} keystore not created at: ${KEYSTORES_STORAGE}/${JKS_KEYSTORE_FILE} (check permissions?)" - fi - - echo "set keycloak_tls_keystore_password=${PASSWORD}" >> "$JBOSS_HOME/bin/.jbossclirc" - echo "set keycloak_tls_keystore_file=${KEYSTORES_STORAGE}/${JKS_KEYSTORE_FILE}" >> "$JBOSS_HOME/bin/.jbossclirc" - echo "set configuration_file=standalone.xml" >> "$JBOSS_HOME/bin/.jbossclirc" - $JBOSS_HOME/bin/jboss-cli.sh --file=/opt/jboss/tools/cli/x509-keystore.cli >& /dev/null - sed -i '$ d' "$JBOSS_HOME/bin/.jbossclirc" - echo "set configuration_file=standalone-ha.xml" >> "$JBOSS_HOME/bin/.jbossclirc" - $JBOSS_HOME/bin/jboss-cli.sh --file=/opt/jboss/tools/cli/x509-keystore.cli >& /dev/null - sed -i '$ d' "$JBOSS_HOME/bin/.jbossclirc" - fi - - done - - # Auto-generate the Keycloak truststore if X509_CA_BUNDLE was provided - local -r X509_CRT_DELIMITER="/-----BEGIN CERTIFICATE-----/" - local JKS_TRUSTSTORE_FILE="truststore.jks" - local JKS_TRUSTSTORE_PATH="${KEYSTORES_STORAGE}/${JKS_TRUSTSTORE_FILE}" - local PASSWORD=$(openssl rand -base64 32 2>/dev/null) - local TEMPORARY_CERTIFICATE="temporary_ca.crt" - if [ -n "${X509_CA_BUNDLE}" ]; then - pushd /tmp >& /dev/null - echo "Creating Keycloak truststore.." - # We use cat here, so that users could specify multiple CA Bundles using space or even wildcard: - # X509_CA_BUNDLE=/var/run/secrets/kubernetes.io/serviceaccount/*.crt - # Note, that there is no quotes here, that's intentional. Once can use spaces in the $X509_CA_BUNDLE like this: - # X509_CA_BUNDLE=/ca.crt /ca2.crt - cat ${X509_CA_BUNDLE} > ${TEMPORARY_CERTIFICATE} - csplit -s -z -f crt- "${TEMPORARY_CERTIFICATE}" "${X509_CRT_DELIMITER}" '{*}' - for CERT_FILE in crt-*; do - keytool -import -noprompt -keystore "${JKS_TRUSTSTORE_PATH}" -file "${CERT_FILE}" \ - -storepass "${PASSWORD}" -alias "service-${CERT_FILE}" >& /dev/null - done - - if [ -f "${JKS_TRUSTSTORE_PATH}" ]; then - echo "Keycloak truststore successfully created at: ${JKS_TRUSTSTORE_PATH}" - else - echo "Keycloak truststore not created at: ${JKS_TRUSTSTORE_PATH}" - fi - - # Import existing system CA certificates into the newly generated truststore - local SYSTEM_CACERTS=$(readlink -e $(dirname $(readlink -e $(which keytool)))"/../lib/security/cacerts") - if keytool -v -list -keystore "${SYSTEM_CACERTS}" -storepass "changeit" > /dev/null; then - echo "Importing certificates from system's Java CA certificate bundle into Keycloak truststore.." - keytool -importkeystore -noprompt \ - -srckeystore "${SYSTEM_CACERTS}" \ - -destkeystore "${JKS_TRUSTSTORE_PATH}" \ - -srcstoretype jks -deststoretype jks \ - -storepass "${PASSWORD}" -srcstorepass "changeit" >& /dev/null - if [ "$?" -eq "0" ]; then - echo "Successfully imported certificates from system's Java CA certificate bundle into Keycloak truststore at: ${JKS_TRUSTSTORE_PATH}" - else - echo "Failed to import certificates from system's Java CA certificate bundle into Keycloak truststore!" - fi - fi - - echo "set keycloak_tls_truststore_password=${PASSWORD}" >> "$JBOSS_HOME/bin/.jbossclirc" - echo "set keycloak_tls_truststore_file=${KEYSTORES_STORAGE}/${JKS_TRUSTSTORE_FILE}" >> "$JBOSS_HOME/bin/.jbossclirc" - echo "set configuration_file=standalone.xml" >> "$JBOSS_HOME/bin/.jbossclirc" - $JBOSS_HOME/bin/jboss-cli.sh --file=/opt/jboss/tools/cli/x509-truststore.cli >& /dev/null - sed -i '$ d' "$JBOSS_HOME/bin/.jbossclirc" - echo "set configuration_file=standalone-ha.xml" >> "$JBOSS_HOME/bin/.jbossclirc" - $JBOSS_HOME/bin/jboss-cli.sh --file=/opt/jboss/tools/cli/x509-truststore.cli >& /dev/null - sed -i '$ d' "$JBOSS_HOME/bin/.jbossclirc" - - popd >& /dev/null - fi -} - -autogenerate_keystores