Skip to content

Commit

Permalink
Prepare for 3.2.0.Final keycloak deployment (#34)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sbose78
sbose78 authored and Hector Fernandez committed Jul 19, 2017
1 parent 15751c8 commit d17eb5e
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 260 deletions.
2 changes: 1 addition & 1 deletion cico_run_tests.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

function run_tests() {
echo 'CICO: Cloning keycloak source code repo'
git clone https://github.com/fabric8-services/keycloak.git --branch master
git clone -b 3.2.0.Final --depth 1 https://github.com/fabric8-services/keycloak.git
cd keycloak

# echo 'CICO: Run mv clean install -pl :keycloak-server-dist -am -Pdistribution'
Expand Down
2 changes: 1 addition & 1 deletion cico_setup.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ function install_deps() {

function build() {
echo 'CICO: Cloning keycloak source code repo'
git clone https://github.com/fabric8-services/keycloak.git --branch master
git clone -b 3.2.0.Final --depth 1 https://github.com/fabric8-services/keycloak.git

cd keycloak
# Set the version according to the ENV variable
Expand Down
2 changes: 1 addition & 1 deletion docker/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ MAINTAINER Hector Fernandez <hfernand@redhat.com>
# ensuring clean shutdown when container is stopped.
ENV LAUNCH_JBOSS_IN_BACKGROUND 1

ENV KEYCLOAK_VERSION 3.2.0.CR1-SNAPSHOT
ENV KEYCLOAK_VERSION 3.2.0.Final

# This can be specified as build argument, e.g. docker build --build-arg OPERATING_MODE=clustered --tag IMAGE_NAME .
ARG OPERATING_MODE=standalone
Expand Down
138 changes: 17 additions & 121 deletions docker/standalone-ha.xml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" ?>
<?xml version='1.0' encoding='UTF-8'?>

<server xmlns="urn:jboss:domain:5.0">
<server xmlns="urn:jboss:domain:4.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan"/>
<extension module="org.jboss.as.clustering.jgroups"/>
Expand All @@ -22,7 +22,6 @@
<extension module="org.jboss.as.transactions"/>
<extension module="org.keycloak.keycloak-server-subsystem"/>
<extension module="org.wildfly.extension.bean-validation"/>
<extension module="org.wildfly.extension.elytron"/>
<extension module="org.wildfly.extension.io"/>
<extension module="org.wildfly.extension.request-controller"/>
<extension module="org.wildfly.extension.security.manager"/>
Expand Down Expand Up @@ -70,9 +69,8 @@
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<socket-binding http="management-http"/>
<http-upgrade enabled="true"/>
</http-interface>
</management-interfaces>
<access-control provider="simple">
Expand Down Expand Up @@ -101,7 +99,7 @@
<logger category="org.jboss.as.config">
<level name="DEBUG"/>
</logger>
<logger category="org.jgroups">
<logger category="org.jgroups">
<level name="DEBUG"/>
</logger>
<logger category="sun.rmi">
Expand All @@ -128,7 +126,7 @@
</formatter>
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
Expand Down Expand Up @@ -166,8 +164,10 @@
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
</managed-scheduled-executor-services>
</concurrent>
<!--removed by OpenShift.io team -->
<!--default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/-->
</subsystem>
<subsystem xmlns="urn:jboss:domain:ejb3:5.0">
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
Expand Down Expand Up @@ -286,7 +286,7 @@
</cache-container>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<subsystem xmlns="urn:jboss:domain:jca:4.0">
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
<bean-validation enabled="true"/>
<default-workmanager>
Expand All @@ -306,7 +306,7 @@
<cached-connection-manager/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
<subsystem xmlns="urn:jboss:domain:jgroups:4.1">
<subsystem xmlns="urn:jboss:domain:jgroups:4.0">
<!-- Added and modified by openshift.io keycloak team -->
<channels default="kubernetes">
<channel name="kubernetes" stack="tcp"/>
Expand Down Expand Up @@ -353,12 +353,12 @@
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
<subsystem xmlns="urn:jboss:domain:mail:2.1">
<subsystem xmlns="urn:jboss:domain:mail:2.0">
<mail-session name="default" jndi-name="java:jboss/mail/Default">
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
</mail-session>
</subsystem>
<subsystem xmlns="urn:jboss:domain:modcluster:3.0">
<subsystem xmlns="urn:jboss:domain:modcluster:2.0">
<mod-cluster-config advertise-socket="modcluster" connector="ajp">
<dynamic-load-provider>
<load-metric type="cpu"/>
Expand All @@ -368,121 +368,19 @@
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
<endpoint/>
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
<subsystem xmlns="urn:jboss:domain:security-manager:3.0">
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<maximum-set>
<permission class="java.security.AllPermission"/>
</maximum-set>
</deployment-permissions>
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:1.0" final-providers="combined-providers">
<providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
<provider-loader name="openssl" module="org.wildfly.openssl"/>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
<providers name="openssl"/>
</aggregate-providers>
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
</audit-logging>
<security-domains>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
<realm name="local"/>
</security-domain>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
<realm name="local" role-mapper="super-user-mapper"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
</security-realms>
<mappers>
<constant-permission-mapper name="default-permission-mapper">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
</constant-permission-mapper>
<constant-realm-mapper name="local" realm-name="local"/>
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser"/>
</constant-role-mapper>
</mappers>
<http>
<http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="Application Realm"/>
</mechanism>
<mechanism mechanism-name="FORM"/>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
</http>
<sasl>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<provider-sasl-server-factory name="global"/>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron"/>
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<filters>
<filter>
<pattern-filter value="JBOSS-LOCAL-USER"/>
</filter>
<filter>
<pattern-filter value="DIGEST-MD5"/>
</filter>
</filters>
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
</properties>
</configurable-sasl-server-factory>
</sasl>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:3.0">
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
Expand Down Expand Up @@ -514,16 +412,15 @@
</security-domain>
</security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:transactions:3.1">
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
<core-environment>
<process-id>
<uuid/>
</process-id>
</core-environment>
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
Expand All @@ -536,7 +433,6 @@
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<http-invoker http-authentication-factory="application-http-authentication"/>
</host>
<!-- Added by openshift.io keycloak team -->
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm"
Expand Down
Loading

0 comments on commit d17eb5e

Please sign in to comment.