From ef6ffd998509f9dd00c79925ea80dfa7c16ccdbf Mon Sep 17 00:00:00 2001 From: decentral1se Date: Wed, 16 Nov 2022 18:16:25 +0100 Subject: [PATCH 01/15] feat: backup labels for mysql --- compose.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/compose.yml b/compose.yml index 4faf532..28dd077 100644 --- a/compose.yml +++ b/compose.yml @@ -59,6 +59,12 @@ services: - "mariadb:/var/lib/mysql" networks: - internal + deploy: + labels: + backupbot.backup: "true" + backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" keycloak > /tmp/backup/backup.sql' + backupbot.backup.post-hook: "rm -rf /tmp/backup" + backupbot.backup.path: "/tmp/backup/" networks: internal: -- 2.40.1 From 2ac47abfcd82b98b2d0861ad8e086b68178b325f Mon Sep 17 00:00:00 2001 From: decentral1se Date: Wed, 16 Nov 2022 19:36:54 +0100 Subject: [PATCH 02/15] feat!: new 20.x release --- compose.yml | 21 +++++++++++---------- release/5.0.0+20.0.1 | 9 +++++++++ 2 files changed, 20 insertions(+), 10 deletions(-) create mode 100644 release/5.0.0+20.0.1 diff --git a/compose.yml b/compose.yml index 28dd077..c0062b6 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,9 @@ version: "3.8" services: app: - image: "jboss/keycloak:16.1.1" + image: "keycloak/keycloak:20.0.1" + entrypoint: > + bash -c "KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start" networks: - proxy - internal @@ -11,15 +13,14 @@ services: - admin_password - db_password environment: - - DB_ADDR=db - - DB_DATABASE=keycloak - - DB_PASSWORD_FILE=/run/secrets/db_password - - DB_USER=keycloak - - DB_VENDOR=mariadb - - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password - - KEYCLOAK_USER=${ADMIN_USERNAME} + - KC_DB=mariadb + - KC_DB_URL_DATABASE=keycloak + - KC_DB_URL_HOST=db + - KC_HOSTNAME=${DOMAIN} + - KC_PROXY=edge + - KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update + - KEYCLOAK_ADMIN=${ADMIN_USERNAME} - KEYCLOAK_WELCOME_THEME=${WELCOME_THEME} - - PROXY_ADDRESS_FORWARDING=true healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080"] interval: 30s @@ -43,7 +44,7 @@ services: - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=4.0.1+16.1.1" + - "coop-cloud.${STACK_NAME}.version=5.0.0+20.0.1" db: image: "mariadb:10.6" diff --git a/release/5.0.0+20.0.1 b/release/5.0.0+20.0.1 new file mode 100644 index 0000000..7bb45b6 --- /dev/null +++ b/release/5.0.0+20.0.1 @@ -0,0 +1,9 @@ +You'll need to remove `/auth/` from your app SSO URLs, e.g. + + https://foo.example.com/auth/realms/foo/protocol/openid-connect/auth + +Would become: + + https://foo.example.com/realms/foo/protocol/openid-connect/auth + +-- decentral1se @ Autonomic -- 2.40.1 From c0fab3a3a3179cb7d792cbddd9dcbcc501d73745 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Thu, 22 Dec 2022 19:20:30 -0800 Subject: [PATCH 03/15] fix: improve DB backup --- compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/compose.yml b/compose.yml index c0062b6..e0a9275 100644 --- a/compose.yml +++ b/compose.yml @@ -62,10 +62,10 @@ services: - internal deploy: labels: - backupbot.backup: "true" - backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" keycloak > /tmp/backup/backup.sql' - backupbot.backup.post-hook: "rm -rf /tmp/backup" - backupbot.backup.path: "/tmp/backup/" + backupbot.backup: "true" + backupbot.backup.path: "/tmp/dump.sql.gz" + backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz" + backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'" networks: internal: -- 2.40.1 From 5b306db9b7cc4ac40daa1938679c8612c7d5c185 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Thu, 19 Jan 2023 16:02:27 -0800 Subject: [PATCH 04/15] Update abra syntax in examples (finally) [mass update] --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fe14dcd..af5c5ee 100644 --- a/README.md +++ b/README.md @@ -21,9 +21,9 @@ 2. Deploy [`coop-cloud/traefik`][cc-traefik] 3. `abra app new keycloak --secrets` (optionally with `--pass` if you'd like to save secrets in `pass`) -4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to +4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to your Docker swarm box -5. `abra app YOURAPPDOMAIN deploy` +5. `abra app deploy YOURAPPDOMAIN` ## How do I setup a custom theme? -- 2.40.1 From 04618a142b20347be8436d5654137c7eaa44c256 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Fri, 20 Jan 2023 10:27:11 -0800 Subject: [PATCH 05/15] Automatically generate catalogue on release [mass update] Re: coop-cloud/recipes-catalogue-json#4 --- .drone.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index a0396f7..1b7ff76 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,11 +23,17 @@ trigger: - master --- kind: pipeline -name: recipe release +name: generate recipe catalogue steps: - name: release a new version - image: thecoopcloud/drone-abra:latest + image: plugins/downstream settings: - command: recipe keycloak release - deploy_key: - from_secret: abra_bot_deploy_key + server: https://build.coopcloud.tech + token: + from_secret: drone_abra-bot_token + fork: true + repositories: + - coop-cloud/auto-recipes-catalogue-json + +trigger: + event: tag -- 2.40.1 From f42183601cc9e9a79909dc14d27e41410207ff8f Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Fri, 20 Jan 2023 11:58:41 -0800 Subject: [PATCH 06/15] Fix CI by adding networks: [mass update] --- .drone.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.drone.yml b/.drone.yml index 1b7ff76..1b50134 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,6 +7,8 @@ steps: settings: host: swarm-test.autonomic.zone stack: keycloak + networks: + - proxy generate_secrets: true purge: true deploy_key: -- 2.40.1 From 9bd0b2928c941af7abf5bbc7f83763c48dfd5c39 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Sat, 21 Jan 2023 11:49:56 -0800 Subject: [PATCH 07/15] Switch to self-hosted stack-ssh-deploy image [mass update] --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 1b50134..454cd63 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,7 +3,7 @@ kind: pipeline name: deploy to swarm-test.autonomic.zone steps: - name: deployment - image: decentral1se/stack-ssh-deploy:latest + image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest settings: host: swarm-test.autonomic.zone stack: keycloak -- 2.40.1 From 836abe0237776bdda78602c2bbd6a25e5a5bc388 Mon Sep 17 00:00:00 2001 From: decentral1se Date: Mon, 13 Feb 2023 08:56:00 +0100 Subject: [PATCH 08/15] chore: publish 5.0.1+20.0.3 release --- compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose.yml b/compose.yml index e0a9275..ea3f7bf 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: app: - image: "keycloak/keycloak:20.0.1" + image: "keycloak/keycloak:20.0.3" entrypoint: > bash -c "KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start" networks: @@ -44,7 +44,7 @@ services: - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=5.0.0+20.0.1" + - "coop-cloud.${STACK_NAME}.version=5.0.1+20.0.3" db: image: "mariadb:10.6" -- 2.40.1 From 6a085e0546732766f9a46730e6274766a536b051 Mon Sep 17 00:00:00 2001 From: knoflook Date: Thu, 2 Mar 2023 10:43:03 +0100 Subject: [PATCH 09/15] fix: change the themes directory --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index ea3f7bf..8ae7a55 100644 --- a/compose.yml +++ b/compose.yml @@ -28,7 +28,7 @@ services: retries: 10 start_period: 1m volumes: - - "themes:/opt/jboss/keycloak/themes" + - "themes:/opt/keycloak/themes" depends_on: - mariadb deploy: -- 2.40.1 From d432a45c21b7df7c49fc55c74a4d9fe7ff01cafa Mon Sep 17 00:00:00 2001 From: knoflook Date: Thu, 2 Mar 2023 10:44:47 +0100 Subject: [PATCH 10/15] chore: publish 5.0.2+20.0.3 release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 8ae7a55..8d4abe7 100644 --- a/compose.yml +++ b/compose.yml @@ -44,7 +44,7 @@ services: - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=5.0.1+20.0.3" + - "coop-cloud.${STACK_NAME}.version=5.0.2+20.0.3" db: image: "mariadb:10.6" -- 2.40.1 From 157d3beaab8587ca2520d4808a2817c36fecf39d Mon Sep 17 00:00:00 2001 From: knoflook Date: Sun, 5 Mar 2023 12:07:56 +0100 Subject: [PATCH 11/15] fix: put the admin password in the container, also add restore capabilities --- compose.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 8d4abe7..3adcda6 100644 --- a/compose.yml +++ b/compose.yml @@ -5,7 +5,7 @@ services: app: image: "keycloak/keycloak:20.0.3" entrypoint: > - bash -c "KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start" + bash -c "KEYCLOAK_ADMIN_PASSWORD=\"$$(cat /run/secrets/admin_password)\" KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start" networks: - proxy - internal @@ -66,6 +66,9 @@ services: backupbot.backup.path: "/tmp/dump.sql.gz" backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz" backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'" + backupbot.restore.pre-hook: "sh -c 'cd /tmp && gzip -d dump.sql.gz'" + backupbot.restore: "true" + backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak < /tmp/dump.sql && rm -f /tmp/dump.sql'" networks: internal: -- 2.40.1 From be3980d66fadac95fd87b26f583736ea8c9154a7 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Sun, 19 Mar 2023 19:22:18 -0400 Subject: [PATCH 12/15] chore: publish 5.1.0+20.0.3 release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 3adcda6..c7712a3 100644 --- a/compose.yml +++ b/compose.yml @@ -44,7 +44,7 @@ services: - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=5.0.2+20.0.3" + - "coop-cloud.${STACK_NAME}.version=5.1.0+20.0.3" db: image: "mariadb:10.6" -- 2.40.1 From b682264613048f24a58dc400d604e60d0e4fd88f Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Wed, 12 Apr 2023 17:17:24 -0400 Subject: [PATCH 13/15] chore: publish 6.0.0+21.0.2 release --- compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/compose.yml b/compose.yml index c7712a3..0cce057 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: app: - image: "keycloak/keycloak:20.0.3" + image: "keycloak/keycloak:21.0.2" entrypoint: > bash -c "KEYCLOAK_ADMIN_PASSWORD=\"$$(cat /run/secrets/admin_password)\" KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start" networks: @@ -44,10 +44,10 @@ services: - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=5.1.0+20.0.3" + - "coop-cloud.${STACK_NAME}.version=6.0.0+21.0.2" db: - image: "mariadb:10.6" + image: "mariadb:10.11" environment: - MYSQL_DATABASE=keycloak - MYSQL_USER=keycloak -- 2.40.1 From d2b9fffc46f92fdf3ab4d7163c80f8f346815c3e Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Wed, 12 Apr 2023 17:34:23 -0400 Subject: [PATCH 14/15] chore: publish 6.0.0+21.0.2 release --- compose.yml | 14 ++++++++------ release/6.0.0+21.0.2 | 2 ++ 2 files changed, 10 insertions(+), 6 deletions(-) create mode 100644 release/6.0.0+21.0.2 diff --git a/compose.yml b/compose.yml index 0cce057..3bf420c 100644 --- a/compose.yml +++ b/compose.yml @@ -21,12 +21,14 @@ services: - KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update - KEYCLOAK_ADMIN=${ADMIN_USERNAME} - KEYCLOAK_WELCOME_THEME=${WELCOME_THEME} - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8080"] - interval: 30s - timeout: 10s - retries: 10 - start_period: 1m + # NOTE(3wc): disabled due to missing curl binary, see + # https://git.coopcloud.tech/coop-cloud/keycloak/issues/15 + # healthcheck: + # test: ["CMD", "curl", "-f", "http://localhost:8080"] + # interval: 30s + # timeout: 10s + # retries: 10 + # start_period: 1m volumes: - "themes:/opt/keycloak/themes" depends_on: diff --git a/release/6.0.0+21.0.2 b/release/6.0.0+21.0.2 new file mode 100644 index 0000000..a038f21 --- /dev/null +++ b/release/6.0.0+21.0.2 @@ -0,0 +1,2 @@ +Healthchecks are disabled, see +https://git.coopcloud.tech/coop-cloud/keycloak/issues/15 -- 2.40.1 From 04b584ab4f53f88ba071af0c0efaf590a1528039 Mon Sep 17 00:00:00 2001 From: decentral1se Date: Thu, 20 Jul 2023 17:04:52 +0200 Subject: [PATCH 15/15] chore: publish 7.0.0+22.0.1 release --- compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose.yml b/compose.yml index 3bf420c..db25a1b 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: app: - image: "keycloak/keycloak:21.0.2" + image: "keycloak/keycloak:22.0.1" entrypoint: > bash -c "KEYCLOAK_ADMIN_PASSWORD=\"$$(cat /run/secrets/admin_password)\" KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start" networks: @@ -46,7 +46,7 @@ services: - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=6.0.0+21.0.2" + - "coop-cloud.${STACK_NAME}.version=7.0.0+22.0.1" db: image: "mariadb:10.11" -- 2.40.1