Issue Sunbird-Lern#1 feat: docker compose files for keycloak

kartishr · Aug 8, 2017 · e908b81 · e908b81
1 parent 48856b9
commit e908b81
Show file tree

Hide file tree

Showing 8 changed files with 736 additions and 0 deletions.
diff --git a/keycloak/themes/sunbird/login/keycloak/Dockerfile b/keycloak/themes/sunbird/login/keycloak/Dockerfile
@@ -0,0 +1,49 @@
+FROM jboss/base-jdk:8
+
+ENV KEYCLOAK_VERSION 3.2.1.Final
+# Enables signals getting passed from startup script to JVM
+# ensuring clean shutdown when container is stopped.
+ENV LAUNCH_JBOSS_IN_BACKGROUND 1
+ENV PROXY_ADDRESS_FORWARDING true
+USER root
+
+RUN yum install -y epel-release && yum install -y jq && yum clean all
+
+USER jboss
+
+RUN cd /opt/jboss/ && curl -L https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz | tar zx && mv /opt/jboss/keycloak-$KEYCLOAK_VERSION /opt/jboss/keycloak
+
+ADD docker-entrypoint.sh /opt/jboss/
+
+COPY standalone.xml /opt/jboss/keycloak/standalone/configuration/
+
+USER root
+ADD setLogLevel.xsl /opt/jboss/keycloak/
+RUN \
+chown jboss:jboss /opt/jboss/keycloak/setLogLevel.xsl && \ 
+java -jar /usr/share/java/saxon.jar -s:/opt/jboss/keycloak/standalone/configuration/standalone.xml -xsl:/opt/jboss/keycloak/setLogLevel.xsl -o:/opt/jboss/keycloak/standalone/configuration/standalone.xml
+
+ENV JBOSS_HOME /opt/jboss/keycloak
+
+#Enabling Proxy address forwarding so we can correctly handle SSL termination in front ends
+#such as an OpenShift Router or Apache Proxy
+RUN sed -i -e 's/<http-listener /& proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING}" /' $JBOSS_HOME/standalone/configuration/standalone.xml
+RUN sed -i -e 's/<http-listener /& proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING}" /' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
+
+ENV DB_CONNECTOR_VERSION 9.4-1201-jdbc41
+
+RUN mkdir -p /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main; cd /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main; curl -O http://central.maven.org/maven2/org/postgresql/postgresql/$DB_CONNECTOR_VERSION/postgresql-$DB_CONNECTOR_VERSION.jar
+ADD module.xml /opt/jboss/keycloak/modules/system/layers/base/org/postgresql/jdbc/main/
+
+# setup SSL
+#USER root
+#ADD keycloak.jks $JBOSS_HOME/standalone/configuration/ 
+#RUN chown jboss:jboss $JBOSS_HOME/standalone/configuration/keycloak.jks
+#USER jboss
+#RUN sed -i -e 's/<security-realms>/&\n            <security-realm name="UndertowRealm">\n                <server-identities>\n                    <ssl>\n                        <keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret" \/>\n                    <\/ssl>\n                <\/server-identities>\n            <\/security-realm>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
+#RUN sed -i -e 's/<server name="default-server">/&\n                <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"\/>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
+
+EXPOSE 8080
+
+ENTRYPOINT [ "/opt/jboss/docker-entrypoint.sh" ]
+
diff --git a/keycloak/themes/sunbird/login/keycloak/README b/keycloak/themes/sunbird/login/keycloak/README
@@ -0,0 +1,15 @@
+cd sunbird-auth/keycloak/keycloak/
+
+docker build -t "keycloak_image:3.2.1.Final" .
+
+docker stack deploy -c "docker-compose.yml" "keycloak"
+
+docker service ls
+
+
+For getting logs:
+docker ps -a
+
+docker exec -i -t <container ID> /bin/bash
+
+cd /opt/jboss/keycloak/standalone/log/server.log
diff --git a/keycloak/themes/sunbird/login/keycloak/docker-compose.yml b/keycloak/themes/sunbird/login/keycloak/docker-compose.yml
@@ -0,0 +1,47 @@
+version: '3'
+
+services:
+  db:
+    image: postgres
+    hostname: "postgres"
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: passkeycloak
+      POSTGRES_ROOT_PASSWORD: root_password
+    networks:
+        - default
+
+  keycloak-1:
+    image: keycloak_image:3.2.1.Final
+    hostname: "keycloak-1"
+    environment:
+      KEYCLOAK_LOGLEVEL: DEBUG
+      POSTGRES_PORT_5432_TCP_ADDR: keycloak_db
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: passkeycloak      
+    ports:
+        - "8080:8080"
+    networks:
+        - default
+    deploy:
+      replicas: 1
+
+  keycloak-2:
+    image: keycloak_image:3.2.1.Final
+    hostname: "keycloak-2"
+    environment:
+      KEYCLOAK_LOGLEVEL: DEBUG
+      POSTGRES_PORT_5432_TCP_ADDR: keycloak_db
+      POSTGRES_USER: keycloak 
+      POSTGRES_PASSWORD: passkeycloak
+    ports:
+        - "8081:8080"
+    networks:
+        - default
+    deploy:
+      replicas: 1
+
+networks:
+ default:
+   driver: overlay
diff --git a/keycloak/themes/sunbird/login/keycloak/docker-entrypoint.sh b/keycloak/themes/sunbird/login/keycloak/docker-entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+KEYCLOAK_USER=admin
+KEYCLOAK_PASSWORD=ash12345678
+
+if [ $KEYCLOAK_USER ] && [ $KEYCLOAK_PASSWORD ]; then
+    keycloak/bin/add-user-keycloak.sh --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD
+fi
+
+exec /opt/jboss/keycloak/bin/standalone.sh -b 0.0.0.0 -bprivate=$(hostname) --server-config standalone-ha.xml
+exit $?
diff --git a/keycloak/themes/sunbird/login/keycloak/keycloak.jks b/keycloak/themes/sunbird/login/keycloak/keycloak.jks
diff --git a/keycloak/themes/sunbird/login/keycloak/module.xml b/keycloak/themes/sunbird/login/keycloak/module.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+       ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2010, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+<module xmlns="urn:jboss:module:1.0" name="org.postgresql.jdbc">
+   <resources>
+      <resource-root path="postgresql-9.4-1201-jdbc41.jar"/>
+   </resources>
+   <dependencies>
+      <module name="javax.api"/>
+      <module name="javax.transaction.api"/>
+   </dependencies>
+</module>
diff --git a/keycloak/themes/sunbird/login/keycloak/setLogLevel.xsl b/keycloak/themes/sunbird/login/keycloak/setLogLevel.xsl
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xsl:stylesheet version="2.0"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:log="urn:jboss:domain:logging:3.0">
+
+    <xsl:output method="xml" indent="yes"/>
+
+    <xsl:template match="//log:subsystem">
+        <xsl:copy>
+            <xsl:apply-templates select="node()|@*"/>
+                <log:logger category="org.keycloak">
+                    <log:level>
+                      <xsl:attribute name="name">${env.KEYCLOAK_LOGLEVEL:INFO}</xsl:attribute>
+                    </log:level>
+                </log:logger>
+        </xsl:copy>
+    </xsl:template>
+
+    <xsl:template match="@*|node()">
+        <xsl:copy>
+            <xsl:apply-templates select="@*|node()"/>
+        </xsl:copy>
+    </xsl:template>
+
+</xsl:stylesheet>
+