add keycloak rollback scripts

2024-10-24 12:50:47 +02:00 · 2024-10-24 12:50:47 +02:00 · 5512176b00
commit 5512176b00
parent fc352f2ff3
5 changed files with 135 additions and 0 deletions
--- a/rollback/keycloak/config.env
+++ b/rollback/keycloak/config.env
@ -0,0 +1,27 @@
+# where everything lives,
+# such as ./latest ./themes and so on
+location=$HOME
+
+# to make sure we can use systemctl
+XDG_RUNTIME_DIR=/run/user/$UID
+
+# theme in $HOME/themes to copy
+theme=
+
+# this is used for setting
+# a random new password for a demo user
+#
+# needed to obtain an admin token
+kcadmin=
+kcadminpw=
+# the admin api port
+kcport=38081
+# our user to modify:
+kcuserid=fbe-123-456-ee0oab
+newpw=
+kcrealm=
+
+app=keycloak # service and dumpfile name
+db=
+user=$db
+dump=$HOME/var/db/$app.dump
--- a/rollback/keycloak/rollback.sh
+++ b/rollback/keycloak/rollback.sh
@ -0,0 +1,24 @@
+#/bin/bash
+set -e
+
+source $HOME/scripts/env
+
+echo "stopping $app..."
+systemctl stop --user $app
+
+echo "restoring database..."
+# -c drops all objects that are to be restored
+pg_restore -c -h localhost -U $user -d $db < $dump
+
+systemctl start --user $app
+
+echo "started $app..."
+sleep 2
+
+systemctl --no-pager status --user $app
+
+echo "setting new demouser password"
+echo "waiting a crazy amount of 20s so keycloak has time to open that port..."
+sleep 20
+. $HOME/scripts/set-demopw.sh
+echo "done."
--- a/rollback/keycloak/set-demopw.sh
+++ b/rollback/keycloak/set-demopw.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+. $HOME/scripts/env
+
+echo "obtaining new admin token"
+$HOME/latest/bin/kcadm.sh config credentials --server http://localhost:$kcport --user $kcadmin --password $kcadminpw --realm master
+
+echo "setting password for demo account"
+$HOME/latest/bin/kcadm.sh set-password --server http://localhost:$kcport --userid $kcuserid -r $kcrealm --new-password $newpw # -x (for stacktrace)
+
+echo "demo user now has the password of $newpw"
--- a/rollback/keycloak/setstate.sh
+++ b/rollback/keycloak/setstate.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+. $HOME/scripts/env
+
+pg_dump -Fc -U $user -d $db > $dump
+
+echo "state has been made permanent."
--- a/rollback/keycloak/update.sh
+++ b/rollback/keycloak/update.sh
@ -0,0 +1,64 @@
+#!/bin/bash
+# source: https://git.tchncs.de/tchncs/tchncs-scripts/-/blob/main/updates/keycloak.sh
+
+# Use ./update.sh 1.2.3 to OVERRIDE the release check.
+
+# Without an argument, THIS SCRIPT WILL AUTODETECT the release
+# that was tagged as "latest" by the project.
+set -e
+
+if [ -z "$1" ]
+    then
+        release=`curl -L https://api.github.com/repos/keycloak/keycloak/releases/latest -s | jq -r '.tag_name'`
+        echo ">>> Detected v$release being tagged as the latest release."
+    else
+        release=$1
+fi
+
+current_release=$(cat latest/version.txt)
+current_release=${current_release#'Keycloak - Version '}
+
+if [[ $current_release == "$release" ]]
+    then
+        echo ">>> It appears, are on v$current_release. Nothing to do."
+        exit
+    else
+        read -p "Proceed? With Keycloak ${release}?" -n 1 -r
+        if [[ ! $REPLY =~ ^[Yy]$ ]]
+            then
+                [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
+        fi
+fi
+
+systemctl stop --user keycloak
+
+echo ">>> calling for rollback.sh"
+. $HOME/scripts/rollback.sh
+
+cd $location
+
+wget "https://github.com/keycloak/keycloak/releases/download/$release/keycloak-$release.zip"
+unzip keycloak-$release.zip
+rm keycloak-$release.zip
+
+[ -L latest ] && rm -v latest
+ln -sv $location/keycloak-$1 $location/latest
+
+# default config got the same filename!
+rm -v latest/conf/keycloak.conf
+
+ln -sv $location/config/* $location/latest/conf/
+
+bash latest/bin/kc.sh build
+
+cp -r $HOME/themes/$theme $HOME/latest/themes/
+
+systemctl restart --user keycloak
+
+echo ">>> waiting 10s so Keycloak may run migrations..."
+sleep 10
+
+echo ">>> calling setstate.sh to make the update permanent"
+. $HOME/scripts/setstate.sh
+
+echo "Done."