hostsharing/hs.scripts
8
0
Fork 0
Code Issues Pull Requests Projects Activity

add keycloak rollback scripts

Browse Source
This commit is contained in:
Milan 2024-10-24 12:50:47 +02:00
parent fc352f2ff3
commit 5512176b00
5 changed files with 135 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
rollback/keycloak/config.env Normal file
View File

@ -0,0 +1,27 @@
# where everything lives,
# such as ./latest ./themes and so on
location=$HOME
# to make sure we can use systemctl
XDG_RUNTIME_DIR=/run/user/$UID
# theme in $HOME/themes to copy
theme=
# this is used for setting
# a random new password for a demo user
#
# needed to obtain an admin token
kcadmin=
kcadminpw=
# the admin api port
kcport=38081
# our user to modify:
kcuserid=fbe-123-456-ee0oab
newpw=
kcrealm=
app=keycloak # service and dumpfile name
db=
user=$db
dump=$HOME/var/db/$app.dump

24
rollback/keycloak/rollback.sh Normal file
View File

@ -0,0 +1,24 @@
#/bin/bash
set -e
source $HOME/scripts/env
echo "stopping $app..."
systemctl stop --user $app
echo "restoring database..."
# -c drops all objects that are to be restored
pg_restore -c -h localhost -U $user -d $db < $dump
systemctl start --user $app
echo "started $app..."
sleep 2
systemctl --no-pager status --user $app
echo "setting new demouser password"
echo "waiting a crazy amount of 20s so keycloak has time to open that port..."
sleep 20
. $HOME/scripts/set-demopw.sh
echo "done."

12
rollback/keycloak/set-demopw.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
set -e
. $HOME/scripts/env
echo "obtaining new admin token"
$HOME/latest/bin/kcadm.sh config credentials --server http://localhost:$kcport --user $kcadmin --password $kcadminpw --realm master
echo "setting password for demo account"
$HOME/latest/bin/kcadm.sh set-password --server http://localhost:$kcport --userid $kcuserid -r $kcrealm --new-password $newpw # -x (for stacktrace)
echo "demo user now has the password of $newpw"

8
rollback/keycloak/setstate.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
set -e
. $HOME/scripts/env
pg_dump -Fc -U $user -d $db > $dump
echo "state has been made permanent."

64
rollback/keycloak/update.sh Normal file
View File

@ -0,0 +1,64 @@
#!/bin/bash
# source: https://git.tchncs.de/tchncs/tchncs-scripts/-/blob/main/updates/keycloak.sh
# Use ./update.sh 1.2.3 to OVERRIDE the release check.
# Without an argument, THIS SCRIPT WILL AUTODETECT the release
# that was tagged as "latest" by the project.
set -e
if [ -z "$1" ]
then
release=`curl -L https://api.github.com/repos/keycloak/keycloak/releases/latest -s | jq -r '.tag_name'`
echo ">>> Detected v$release being tagged as the latest release."
else
release=$1
fi
current_release=$(cat latest/version.txt)
current_release=${current_release#'Keycloak - Version '}
if [[ $current_release == "$release" ]]
then
echo ">>> It appears, are on v$current_release. Nothing to do."
exit
else
read -p "Proceed? With Keycloak ${release}?" -n 1 -r
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
[[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
fi
fi
systemctl stop --user keycloak
echo ">>> calling for rollback.sh"
. $HOME/scripts/rollback.sh
cd $location
wget "https://github.com/keycloak/keycloak/releases/download/$release/keycloak-$release.zip"
unzip keycloak-$release.zip
rm keycloak-$release.zip
[ -L latest ] && rm -v latest
ln -sv $location/keycloak-$1 $location/latest
# default config got the same filename!
rm -v latest/conf/keycloak.conf
ln -sv $location/config/* $location/latest/conf/
bash latest/bin/kc.sh build
cp -r $HOME/themes/$theme $HOME/latest/themes/
systemctl restart --user keycloak
echo ">>> waiting 10s so Keycloak may run migrations..."
sleep 10
echo ">>> calling setstate.sh to make the update permanent"
. $HOME/scripts/setstate.sh
echo "Done."