diff --git a/rollback/keycloak/config.env b/rollback/keycloak/config.env new file mode 100644 index 0000000..c052c0a --- /dev/null +++ b/rollback/keycloak/config.env @@ -0,0 +1,27 @@ +# where everything lives, +# such as ./latest ./themes and so on +location=$HOME + +# to make sure we can use systemctl +XDG_RUNTIME_DIR=/run/user/$UID + +# theme in $HOME/themes to copy +theme= + +# this is used for setting +# a random new password for a demo user +# +# needed to obtain an admin token +kcadmin= +kcadminpw= +# the admin api port +kcport=38081 +# our user to modify: +kcuserid=fbe-123-456-ee0oab +newpw= +kcrealm= + +app=keycloak # service and dumpfile name +db= +user=$db +dump=$HOME/var/db/$app.dump \ No newline at end of file diff --git a/rollback/keycloak/rollback.sh b/rollback/keycloak/rollback.sh new file mode 100644 index 0000000..5d1ca57 --- /dev/null +++ b/rollback/keycloak/rollback.sh @@ -0,0 +1,24 @@ +#/bin/bash +set -e + +source $HOME/scripts/env + +echo "stopping $app..." +systemctl stop --user $app + +echo "restoring database..." +# -c drops all objects that are to be restored +pg_restore -c -h localhost -U $user -d $db < $dump + +systemctl start --user $app + +echo "started $app..." +sleep 2 + +systemctl --no-pager status --user $app + +echo "setting new demouser password" +echo "waiting a crazy amount of 20s so keycloak has time to open that port..." +sleep 20 +. $HOME/scripts/set-demopw.sh +echo "done." \ No newline at end of file diff --git a/rollback/keycloak/set-demopw.sh b/rollback/keycloak/set-demopw.sh new file mode 100644 index 0000000..81904d1 --- /dev/null +++ b/rollback/keycloak/set-demopw.sh @@ -0,0 +1,12 @@ +#!/bin/bash +set -e + +. $HOME/scripts/env + +echo "obtaining new admin token" +$HOME/latest/bin/kcadm.sh config credentials --server http://localhost:$kcport --user $kcadmin --password $kcadminpw --realm master + +echo "setting password for demo account" +$HOME/latest/bin/kcadm.sh set-password --server http://localhost:$kcport --userid $kcuserid -r $kcrealm --new-password $newpw # -x (for stacktrace) + +echo "demo user now has the password of $newpw" \ No newline at end of file diff --git a/rollback/keycloak/setstate.sh b/rollback/keycloak/setstate.sh new file mode 100644 index 0000000..48831c9 --- /dev/null +++ b/rollback/keycloak/setstate.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -e + +. $HOME/scripts/env + +pg_dump -Fc -U $user -d $db > $dump + +echo "state has been made permanent." \ No newline at end of file diff --git a/rollback/keycloak/update.sh b/rollback/keycloak/update.sh new file mode 100644 index 0000000..865d485 --- /dev/null +++ b/rollback/keycloak/update.sh @@ -0,0 +1,64 @@ +#!/bin/bash +# source: https://git.tchncs.de/tchncs/tchncs-scripts/-/blob/main/updates/keycloak.sh + +# Use ./update.sh 1.2.3 to OVERRIDE the release check. + +# Without an argument, THIS SCRIPT WILL AUTODETECT the release +# that was tagged as "latest" by the project. +set -e + +if [ -z "$1" ] + then + release=`curl -L https://api.github.com/repos/keycloak/keycloak/releases/latest -s | jq -r '.tag_name'` + echo ">>> Detected v$release being tagged as the latest release." + else + release=$1 +fi + +current_release=$(cat latest/version.txt) +current_release=${current_release#'Keycloak - Version '} + +if [[ $current_release == "$release" ]] + then + echo ">>> It appears, are on v$current_release. Nothing to do." + exit + else + read -p "Proceed? With Keycloak ${release}?" -n 1 -r + if [[ ! $REPLY =~ ^[Yy]$ ]] + then + [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 + fi +fi + +systemctl stop --user keycloak + +echo ">>> calling for rollback.sh" +. $HOME/scripts/rollback.sh + +cd $location + +wget "https://github.com/keycloak/keycloak/releases/download/$release/keycloak-$release.zip" +unzip keycloak-$release.zip +rm keycloak-$release.zip + +[ -L latest ] && rm -v latest +ln -sv $location/keycloak-$1 $location/latest + +# default config got the same filename! +rm -v latest/conf/keycloak.conf + +ln -sv $location/config/* $location/latest/conf/ + +bash latest/bin/kc.sh build + +cp -r $HOME/themes/$theme $HOME/latest/themes/ + +systemctl restart --user keycloak + +echo ">>> waiting 10s so Keycloak may run migrations..." +sleep 10 + +echo ">>> calling setstate.sh to make the update permanent" +. $HOME/scripts/setstate.sh + +echo "Done." \ No newline at end of file