switch to postgres

chore: publish 4.0.1+16.1.1 release
release: expand notes
2022-06-02 12:08:54 +02:00 · 2022-02-10 11:02:13 +01:00 · 2022-01-03 16:09:47 +01:00 · 2022-01-02 15:57:16 +01:00
3 changed files with 109 additions and 11 deletions
--- a/compose.mariadb.yml
+++ b/compose.mariadb.yml
@ -0,0 +1,81 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: "jboss/keycloak:16.1.1"
+    networks:
+      - proxy
+      - internal
+    secrets:
+      - admin_password
+      - db_password
+    environment:
+      - DB_ADDR=db
+      - JBDC_PARAMS="useSSL=false"
+      - DB_DATABASE=keycloak
+      - DB_PASSWORD_FILE=/run/secrets/db_password
+      - DB_USER=keycloak
+      - DB_VENDOR=mariadb
+      - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
+      - KEYCLOAK_USER=${ADMIN_USERNAME}
+      - PROXY_ADDRESS_FORWARDING=true
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+    volumes:
+      - "themes:/opt/jboss/keycloak/themes"
+    depends_on:
+      - mariadb
+    deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.version=4.0.1+16.1.1"
+
+  db:
+    image: "mariadb:10.8"
+    environment:
+      - MYSQL_DATABASE=keycloak
+      - MYSQL_USER=keycloak
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    secrets:
+      - db_password
+      - db_root_password
+    volumes:
+      - "mariadb:/var/lib/mysql"
+    networks:
+      - internal
+
+networks:
+  internal:
+  proxy:
+    external: true
+
+secrets:
+  admin_password:
+    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
+    external: true
+  db_password:
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+    external: true
+  db_root_password:
+    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
+    external: true
+
+volumes:
+  mariadb:
+  themes:
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: "jboss/keycloak:16.1.0"
+    image: "jboss/keycloak:16.1.1"
    networks:
      - proxy
      - internal
@ -12,10 +12,11 @@ services:
      - db_password
    environment:
      - DB_ADDR=db
+      - JBDC_PARAMS="useSSL=false"
      - DB_DATABASE=keycloak
      - DB_PASSWORD_FILE=/run/secrets/db_password
      - DB_USER=keycloak
-      - DB_VENDOR=mariadb
+      - DB_VENDOR=postgres
      - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
      - KEYCLOAK_USER=${ADMIN_USERNAME}
      - PROXY_ADDRESS_FORWARDING=true
@ -42,20 +43,23 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=4.0.0+16.1.0"
+        - "coop-cloud.${STACK_NAME}.version=4.0.1+16.1.1"
+

  db:
-    image: "mariadb:10.6"
-    environment:
-      - MYSQL_DATABASE=keycloak
-      - MYSQL_USER=keycloak
-      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
-      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    image: postgres:11
+    networks:
+      - backend
+    secrets:
+      - db_password
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    secrets:
      - db_password
-      - db_root_password
    volumes:
-      - "mariadb:/var/lib/mysql"
+      - "postgres_data:/var/lib/postgresql/data"
    networks:
      - internal

@ -78,3 +82,4 @@ secrets:
 volumes:
  mariadb:
  themes:
+  postgres_data:
--- a/release/4.0.0+16.1.0
+++ b/release/4.0.0+16.1.0
@ -0,0 +1,12 @@
+This major release comes with a blog post about a CVE:
+
+    https://www.keycloak.org/2021/12/cve.html
+
+Not all versions are affected but they're suggesting that people upgrade soon.
+
+As per usual, this upgrade didn't go too smoothly and I ended up having to
+undeploy and deploy the new versions. The healtcheck kept failing on the new
+instance when trying to deploy alongside the existing old version. Idk, some
+docker weirdness.
+
+No app data errors discovered after upgrade.
Author	SHA1	Message	Date
knoflook	c9ce66e7fa	switch to postgres Some checks failed continuous-integration/drone/push Build is failing Details	2022-06-02 12:08:54 +02:00
decentral1se	2de7006106	chore: publish 4.0.1+16.1.1 release Some checks failed continuous-integration/drone/push Build is failing Details	2022-02-10 11:02:13 +01:00
cellarspoon	0edb882a06	release: expand notes	2022-01-03 16:09:47 +01:00
cellarspoon	2c29c75398	release: add notes	2022-01-02 15:57:16 +01:00