-
Notifications
You must be signed in to change notification settings - Fork 372
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9d4add5
commit d0ed8f3
Showing
2 changed files
with
107 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| # Basic settings for running in production. Change accordingly before deploying the server. | ||
|
|
||
| # Database | ||
|
|
||
| # The database vendor. | ||
| db=postgres | ||
|
|
||
| # The username of the database user. | ||
| db-username={{keycloak_postgres_user}} | ||
|
|
||
| # The password of the database user. | ||
| db-password={{keycloak_postgres_password}} | ||
|
|
||
| # The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor. | ||
| db-url=jdbc:postgresql://{{keycloak_postgres_host}}:5432/{{keycloak_postgres_database}}?sslmode=require | ||
|
|
||
| # Observability | ||
|
|
||
| # If the server should expose healthcheck endpoints. | ||
| #health-enabled=true | ||
|
|
||
| # If the server should expose metrics endpoints. | ||
| #metrics-enabled=true | ||
|
|
||
| # HTTP | ||
|
|
||
| # The file path to a server certificate or certificate chain in PEM format. | ||
| #https-certificate-file=${kc.home.dir}conf/server.crt.pem | ||
|
|
||
| # The file path to a private key in PEM format. | ||
| #https-certificate-key-file=${kc.home.dir}conf/server.key.pem | ||
|
|
||
| # The proxy address forwarding mode if the server is behind a reverse proxy. | ||
| #proxy=reencrypt | ||
|
|
||
| # Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy | ||
| #spi-sticky-session-encoder-infinispan-should-attach-route=false | ||
|
|
||
| # Hostname for the Keycloak server. | ||
| #hostname=http://localhost:8080 | ||
|
|
||
| #hostname-path=/auth | ||
|
|
||
| #http-port=8081 | ||
| http-relative-path=/auth | ||
|
|
||
| # Logs | ||
| log=console,file | ||
| # default log path | ||
| log-file=data/log/keycloak.log | ||
| log-level=INFO,com.arjuna:WARN,io.jaegertracing.Configuration:WARN,org.jboss.as.config:DEBUG,sun.rmi:WARN,org.keycloak:INFO | ||
| log-console-color=true | ||
| # Apart from default pattern, json pattern also available | ||
| log-console-output=default | ||
| log-file-output=default | ||
| log-console-format='%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n' | ||
| log-file-format='%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n' | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| #!/bin/bash | ||
|
|
||
| set -eu -o pipefail | ||
|
|
||
| echo "Get the keycloak.conf template file" | ||
| curl -sS https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-7.0.0/ansible/roles/keycloak-deploy/templates/keycloak.conf --output keycloak.conf | ||
|
|
||
| echo "Get the current VM IP" | ||
| ip="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)" | ||
|
|
||
| echo "Replace ansible variables with postgres details" | ||
| sed -i "s/{{keycloak_postgres_host}}/$PG_HOST/g" keycloak.conf | ||
| sed -i "s/{{keycloak_postgres_database}}/${PG_DB}7/g" keycloak.conf | ||
| sed -i "s/{{keycloak_postgres_user}}/$PG_USER/g" keycloak.conf | ||
| sed -i "s/{{keycloak_postgres_password}}/$PGPASSWORD/g" keycloak.conf | ||
| sed -i "s/{{ansible_default_ipv4.address}}/$ip/g" keycloak.conf | ||
| sed -i "s/8080/8081/g" keycloak.conf | ||
| sed -i "s/\"900\"/\"3600\"/g" keycloak.conf | ||
|
|
||
| echo "Get vanilla keycloak package" | ||
| wget -q https://github.com/keycloak/keycloak/releases/download/21.1.2/keycloak-21.1.2.tar.gz | ||
|
|
||
| echo "Extract keycloak package" | ||
| tar -xvzf keycloak-21.1.2.tar.gz | ||
|
|
||
| echo "Copy keycloak.conf file to keycloak package" | ||
| cp keycloak.conf keycloak-21.1.2/conf/ | ||
|
|
||
| echo "Backup the existing keycloak db" | ||
| pg_dump -Fd -j 4 -h $PG_HOST -U $PG_USER -d $PG_DB -f ${PG_DB} | ||
|
|
||
| echo "Create a new db for keycloak 21" | ||
| psql -h $PG_HOST -U $PG_USER -p 5432 -d postgres -c "CREATE DATABASE ${PG_DB}21" | ||
|
|
||
| echo "Restore the existing keycloak 7 db to the new database" | ||
| pg_restore -O -j 4 -h $PG_HOST -U $PG_USER -d ${PG_DB}21 ${PG_DB} | ||
|
|
||
| echo "Clear the DB of duplicate values" | ||
| psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "delete from public.COMPOSITE_ROLE a using public.COMPOSITE_ROLE b where a=b and a.ctid < b.ctid" | ||
| psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "delete from public.REALM_EVENTS_LISTENERS a using public.REALM_EVENTS_LISTENERS b where a=b and a.ctid < b.ctid" | ||
| psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "delete from public.REDIRECT_URIS a using public.REDIRECT_URIS b where a=b and a.ctid < b.ctid" | ||
| psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "delete from public.WEB_ORIGINS a using public.WEB_ORIGINS b where a=b and a.ctid < b.ctid" | ||
| psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "truncate offline_user_session" | ||
| psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "truncate offline_client_session" | ||
| psql -h $PG_HOST -U $PG_USER -p 5432 -d ${PG_DB}7 -c "truncate jgroupsping" || true | ||
|
|
||
| echo "Migrate the DB to keycloak 21" | ||
| cd keycloak-21.1.2 | ||
| bin/kc.sh start --spi-connections-jpa-legacy-migration-strategy=update -b=$ip -bprivate=$ip |