From 10db421c45a1263df552cd09cf21613783417436 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Tue, 29 Jul 2025 06:26:55 -0400 Subject: [PATCH] Update keycloak script to support configuration of latest release (v26) (#6322) * Update keycloak script to support configuration of latest release (v26) * Add quotes around default credential values * fix update script Signed-off-by: CanbiZ <47820557+MickLesk@users.noreply.github.com> * spelling "restarting" Signed-off-by: CanbiZ <47820557+MickLesk@users.noreply.github.com> * remove temp file and spelling Signed-off-by: CanbiZ <47820557+MickLesk@users.noreply.github.com> --------- Signed-off-by: CanbiZ <47820557+MickLesk@users.noreply.github.com> Co-authored-by: CanbiZ <47820557+MickLesk@users.noreply.github.com> --- ct/keycloak.sh | 35 ++++++++++++--------- frontend/public/json/keycloak.json | 10 ++++-- install/keycloak-install.sh | 49 +++++++++++++++++++----------- 3 files changed, 58 insertions(+), 36 deletions(-) diff --git a/ct/keycloak.sh b/ct/keycloak.sh index 19096cb368..02fe4612af 100644 --- a/ct/keycloak.sh +++ b/ct/keycloak.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) # Copyright (c) 2021-2025 tteck -# Author: tteck (tteckster) +# Author: tteck (tteckster) | Co-Author: remz1337 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE # Source: https://www.keycloak.org/ @@ -23,34 +23,39 @@ function update_script() { header_info check_container_storage check_container_resources - if [[ ! -f /etc/systemd/system/keycloak.service ]]; then + if [[ ! -d /opt/keycloak ]]; then msg_error "No ${APP} Installation Found!" exit fi - msg_info "Updating ${APP} LXC" + + msg_info "Stopping Keycloak" + systemctl stop keycloak + msg_ok "Stopped Keycloak" msg_info "Updating packages" $STD apt-get update $STD apt-get -y upgrade + msg_ok "Updated packages" - RELEASE=$(curl -fsSL https://api.github.com/repos/keycloak/keycloak/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') - msg_info "Updating Keycloak to v$RELEASE" + msg_info "Backup old Keycloak" cd /opt - curl -fsSL "https://github.com/keycloak/keycloak/releases/download/$RELEASE/keycloak-$RELEASE.tar.gz" -o $(basename "https://github.com/keycloak/keycloak/releases/download/$RELEASE/keycloak-$RELEASE.tar.gz") mv keycloak keycloak.old - tar -xzf keycloak-$RELEASE.tar.gz - cp -r keycloak.old/conf keycloak-$RELEASE - cp -r keycloak.old/providers keycloak-$RELEASE - cp -r keycloak.old/themes keycloak-$RELEASE - mv keycloak-$RELEASE keycloak + tar -czf keycloak_conf_backup.tar.gz keycloak.old/conf + msg_ok "Backup done" - msg_info "Delete temporary installation files" - rm keycloak-$RELEASE.tar.gz + fetch_and_deploy_gh_release "keycloak" "keycloak/keycloak" "prebuild" "latest" "/opt/keycloak" "keycloak-*.tar.gz" + + msg_info "Updating ${APP}" + cd /opt + mv keycloak_conf_backup.tar.gz keycloak/conf + cp -r keycloak.old/providers keycloak + cp -r keycloak.old/themes keycloak rm -rf keycloak.old + msg_ok "Updated ${APP} LXC" - msg_info "Restating Keycloak" + msg_info "Restarting Keycloak" systemctl restart keycloak - msg_ok "Updated Successfully" + msg_ok "Restarted Keycloak" exit } diff --git a/frontend/public/json/keycloak.json b/frontend/public/json/keycloak.json index bf1203c42f..f51da3b3aa 100644 --- a/frontend/public/json/keycloak.json +++ b/frontend/public/json/keycloak.json @@ -6,7 +6,7 @@ ], "date_created": "2024-05-02", "type": "ct", - "updateable": false, + "updateable": true, "privileged": false, "interface_port": 8080, "documentation": "https://www.keycloak.org/documentation", @@ -28,8 +28,8 @@ } ], "default_credentials": { - "username": null, - "password": null + "username": "tmpadm", + "password": "admin123" }, "notes": [ { @@ -39,6 +39,10 @@ { "text": "This script requires some extra steps after the installation, Please checkout the `https://github.com/community-scripts/ProxmoxVE/discussions/193`", "type": "info" + }, + { + "text": "When updating, if you had modified cache-ispn.xml: Re-apply your changes to the new file, otherwise leave it unchanged.", + "type": "info" } ] } diff --git a/install/keycloak-install.sh b/install/keycloak-install.sh index 26127ae7bd..83bc5a35d6 100644 --- a/install/keycloak-install.sh +++ b/install/keycloak-install.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # Copyright (c) 2021-2025 community-scripts ORG -# Author: tteck (tteckster) | Co-Author: Slaviša Arežina (tremor021) +# Author: tteck (tteckster) | Co-Author: Slaviša Arežina (tremor021), remz1337 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE # Source: https://github.com/keycloak/keycloak @@ -13,32 +13,46 @@ setting_up_container network_check update_os -msg_info "Installing OpenJDK" -curl -fsSL "https://packages.adoptium.net/artifactory/api/gpg/key/public" | gpg --dearmor >/etc/apt/trusted.gpg.d/adoptium.gpg -echo 'deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/adoptium.gpg] https://packages.adoptium.net/artifactory/deb bookworm main' >/etc/apt/sources.list.d/adoptium.list -$STD apt-get update -$STD apt-get install -y temurin-21-jre -msg_ok "Installed OpenJDK" +JAVA_VERSION=21 setup_java +PG_VERSION=16 setup_postgresql -msg_info "Installing Keycloak" -temp_file=$(mktemp) -RELEASE=$(curl -fsSL https://api.github.com/repos/keycloak/keycloak/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') -curl -fsSL "https://github.com/keycloak/keycloak/releases/download/$RELEASE/keycloak-$RELEASE.tar.gz" -o "$temp_file" -tar xzf $temp_file -mv keycloak-$RELEASE /opt/keycloak -msg_ok "Installed Keycloak" +msg_info "Configuring PostgreSQL" +DB_NAME="keycloak" +DB_USER="keycloak" +DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)" +$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8';" +$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" +msg_ok "Configured PostgreSQL" + +fetch_and_deploy_gh_release "keycloak" "keycloak/keycloak" "prebuild" "latest" "/opt/keycloak" "keycloak-*.tar.gz" msg_info "Creating Service" cat </etc/systemd/system/keycloak.service [Unit] Description=Keycloak Service -After=network.target +Requires=network.target +After=syslog.target network-online.target [Service] +Type=idle User=root WorkingDirectory=/opt/keycloak -ExecStart=/opt/keycloak/bin/kc.sh start-dev - +ExecStart=/opt/keycloak/bin/kc.sh start +ExecStop=/opt/keycloak/bin/kc.sh stop +Restart=always +RestartSec=3 +Environment="JAVA_HOME=/usr/lib/jvm/temurin-21-jdk-amd64" +Environment="KC_DB=postgres" +Environment="KC_DB_USERNAME=$DB_USER" +Environment="KC_DB_PASSWORD=$DB_PASS" +Environment="KC_HTTP_ENABLED=true" +Environment="KC_BOOTSTRAP_ADMIN_USERNAME=tmpadm" +Environment="KC_BOOTSTRAP_ADMIN_PASSWORD=admin123" +# Comment following line and uncomment the next 2 if working behind a reverse proxy +Environment="KC_HOSTNAME_STRICT=false" +#Environment="KC_HOSTNAME=keycloak.example.com" +#Environment="KC_PROXY_HEADERS=xforwarded" [Install] WantedBy=multi-user.target EOF @@ -49,7 +63,6 @@ motd_ssh customize msg_info "Cleaning up" -rm -f $temp_file $STD apt-get -y autoremove $STD apt-get -y autoclean msg_ok "Cleaned"