Update keycloak script to support configuration of latest release (v26) (#6322)

* Update keycloak script to support configuration of latest release (v26)

* Add quotes around default credential values

* fix update script

Signed-off-by: CanbiZ <47820557+MickLesk@users.noreply.github.com>

* spelling "restarting"

Signed-off-by: CanbiZ <47820557+MickLesk@users.noreply.github.com>

* remove temp file and spelling

Signed-off-by: CanbiZ <47820557+MickLesk@users.noreply.github.com>

---------

Signed-off-by: CanbiZ <47820557+MickLesk@users.noreply.github.com>
Co-authored-by: CanbiZ <47820557+MickLesk@users.noreply.github.com>

ct/keycloak.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2025 tteck
-# Author: tteck (tteckster)
+# Author: tteck (tteckster) | Co-Author: remz1337
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://www.keycloak.org/
 
@@ -23,34 +23,39 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if [[ ! -f /etc/systemd/system/keycloak.service ]]; then
+  if [[ ! -d /opt/keycloak ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-  msg_info "Updating ${APP} LXC"
+
+  msg_info "Stopping Keycloak"
+  systemctl stop keycloak
+  msg_ok "Stopped Keycloak"
 
   msg_info "Updating packages"
   $STD apt-get update
   $STD apt-get -y upgrade
+  msg_ok "Updated packages"
 
-  RELEASE=$(curl -fsSL https://api.github.com/repos/keycloak/keycloak/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }')
+  msg_info "Backup old Keycloak"
-  msg_info "Updating Keycloak to v$RELEASE"
   cd /opt
-  curl -fsSL "https://github.com/keycloak/keycloak/releases/download/$RELEASE/keycloak-$RELEASE.tar.gz" -o $(basename "https://github.com/keycloak/keycloak/releases/download/$RELEASE/keycloak-$RELEASE.tar.gz")
   mv keycloak keycloak.old
-  tar -xzf keycloak-$RELEASE.tar.gz
+  tar -czf keycloak_conf_backup.tar.gz keycloak.old/conf
-  cp -r keycloak.old/conf keycloak-$RELEASE
+  msg_ok "Backup done"
-  cp -r keycloak.old/providers keycloak-$RELEASE
-  cp -r keycloak.old/themes keycloak-$RELEASE
-  mv keycloak-$RELEASE keycloak
 
-  msg_info "Delete temporary installation files"
+  fetch_and_deploy_gh_release "keycloak" "keycloak/keycloak" "prebuild" "latest" "/opt/keycloak" "keycloak-*.tar.gz"
-  rm keycloak-$RELEASE.tar.gz
+
+  msg_info "Updating ${APP}"
+  cd /opt
+  mv keycloak_conf_backup.tar.gz keycloak/conf
+  cp -r keycloak.old/providers keycloak
+  cp -r keycloak.old/themes keycloak
   rm -rf keycloak.old
+  msg_ok "Updated ${APP} LXC"
 
-  msg_info "Restating Keycloak"
+  msg_info "Restarting Keycloak"
   systemctl restart keycloak
-  msg_ok "Updated Successfully"
+  msg_ok "Restarted Keycloak"
   exit
 }
 

frontend/public/json/keycloak.json

@@ -6,7 +6,7 @@
   ],
   "date_created": "2024-05-02",
   "type": "ct",
-  "updateable": false,
+  "updateable": true,
   "privileged": false,
   "interface_port": 8080,
   "documentation": "https://www.keycloak.org/documentation",
@@ -28,8 +28,8 @@
     }
   ],
   "default_credentials": {
-    "username": null,
+    "username": "tmpadm",
-    "password": null
+    "password": "admin123"
   },
   "notes": [
     {
@@ -39,6 +39,10 @@
     {
       "text": "This script requires some extra steps after the installation, Please checkout the `https://github.com/community-scripts/ProxmoxVE/discussions/193`",
       "type": "info"
+    },
+    {
+      "text": "When updating, if you had modified cache-ispn.xml: Re-apply your changes to the new file, otherwise leave it unchanged.",
+      "type": "info"
     }
   ]
 }

install/keycloak-install.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # Copyright (c) 2021-2025 community-scripts ORG
-# Author: tteck (tteckster) | Co-Author: Slaviša Arežina (tremor021)
+# Author: tteck (tteckster) | Co-Author: Slaviša Arežina (tremor021), remz1337
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/keycloak/keycloak
 
@@ -13,32 +13,46 @@ setting_up_container
 network_check
 update_os
 
-msg_info "Installing OpenJDK"
+JAVA_VERSION=21 setup_java
-curl -fsSL "https://packages.adoptium.net/artifactory/api/gpg/key/public" | gpg --dearmor >/etc/apt/trusted.gpg.d/adoptium.gpg
+PG_VERSION=16 setup_postgresql
-echo 'deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/adoptium.gpg] https://packages.adoptium.net/artifactory/deb bookworm main' >/etc/apt/sources.list.d/adoptium.list
-$STD apt-get update
-$STD apt-get install -y temurin-21-jre
-msg_ok "Installed OpenJDK"
 
-msg_info "Installing Keycloak"
+msg_info "Configuring PostgreSQL"
-temp_file=$(mktemp)
+DB_NAME="keycloak"
-RELEASE=$(curl -fsSL https://api.github.com/repos/keycloak/keycloak/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }')
+DB_USER="keycloak"
-curl -fsSL "https://github.com/keycloak/keycloak/releases/download/$RELEASE/keycloak-$RELEASE.tar.gz" -o "$temp_file"
+DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
-tar xzf $temp_file
+$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
-mv keycloak-$RELEASE /opt/keycloak
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8';"
-msg_ok "Installed Keycloak"
+$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
+msg_ok "Configured PostgreSQL"
+
+fetch_and_deploy_gh_release "keycloak" "keycloak/keycloak" "prebuild" "latest" "/opt/keycloak" "keycloak-*.tar.gz"
 
 msg_info "Creating Service"
 cat <<EOF >/etc/systemd/system/keycloak.service
 [Unit]
 Description=Keycloak Service
-After=network.target
+Requires=network.target
+After=syslog.target network-online.target
 
 [Service]
+Type=idle
 User=root
 WorkingDirectory=/opt/keycloak
-ExecStart=/opt/keycloak/bin/kc.sh start-dev
+ExecStart=/opt/keycloak/bin/kc.sh start
-
+ExecStop=/opt/keycloak/bin/kc.sh stop
+Restart=always
+RestartSec=3
+Environment="JAVA_HOME=/usr/lib/jvm/temurin-21-jdk-amd64"
+Environment="KC_DB=postgres"
+Environment="KC_DB_USERNAME=$DB_USER"
+Environment="KC_DB_PASSWORD=$DB_PASS"
+Environment="KC_HTTP_ENABLED=true"
+Environment="KC_BOOTSTRAP_ADMIN_USERNAME=tmpadm"
+Environment="KC_BOOTSTRAP_ADMIN_PASSWORD=admin123"
+# Comment following line and uncomment the next 2 if working behind a reverse proxy
+Environment="KC_HOSTNAME_STRICT=false"
+#Environment="KC_HOSTNAME=keycloak.example.com"
+#Environment="KC_PROXY_HEADERS=xforwarded"
 [Install]
 WantedBy=multi-user.target
 EOF
@@ -49,7 +63,6 @@ motd_ssh
 customize
 
 msg_info "Cleaning up"
-rm -f $temp_file
 $STD apt-get -y autoremove
 $STD apt-get -y autoclean
 msg_ok "Cleaned"