Move to Quarkus runtime (#16)

* Move to Quarkus runtime * Removed useless commented out command --------- Co-authored-by: Petr Jurak <petr.jurak@integsoft.cz>
mbta · Oct 10, 2023 · fff7848 · fff7848
1 parent 8227bcc
commit fff7848
Show file tree

Hide file tree

Showing 25 changed files with 118 additions and 416 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,48 +1,47 @@
-FROM quay.io/keycloak/keycloak:19.0.3-legacy
+FROM quay.io/keycloak/keycloak:19.0.3 as builder
 
 LABEL maintainer="support@integrationeye.com"
 LABEL builder="Integsoft s.r.o"
 LABEL description="MBTA Keycloak"
 
 ENV INSTALL_FOLDER=/tmp/files
+ENV KC_FOLDER=/opt/keycloak
+
+ENV KC_DB=mariadb
+ENV KC_HTTP_RELATIVE_PATH=/auth
+ENV KC_CACHE_CONFIG_FILE=cache-ispn-jdbc-ping.xml
+ENV KC_HOSTNAME_STRICT=false
+ENV KC_HTTP_ENABLED=true
+ENV KC_LOG_LEVEL=INFO,cz.integsoft:debug
+ENV KC_PROXY=edge
 
 USER root
 # install system tools and update system
 RUN ["/bin/bash", "-c", "microdnf update -y && microdnf install -y vim"]
-# remove root password
-# RUN ["/bin/bash", "-c", "passwd --delete root"]
 
-USER jboss
+USER keycloak
 
 # copy build scripts and related data
 COPY files/ $INSTALL_FOLDER/
 
-# copy CLI scripts (in this version it is not supported to use startup-scripts variable
-COPY files/startup-scripts/* /opt/jboss/startup-scripts/
-# copy custom modules
-RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/modules/* $JBOSS_HOME/modules/"]
+# copy the custom cache config file into the keycloak conf dir
+RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/conf/cache-ispn-jdbc-ping.xml $KC_FOLDER/conf/"]
 
-# copy welcome page
-RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/welcome-content/* $JBOSS_HOME/welcome-content/"]
+# copy custom modules
+RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/modules/* $KC_FOLDER/providers/"]
 
 # copy templates
-RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/templates/* $JBOSS_HOME/themes/"]
-
-# add integsoft version of keycloak-model-infinispan and replace module.xml
-RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/keycloak-model-infinispan/* $JBOSS_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-model-infinispan/main/"]
-
-# add integsoft version of keycloak-server-spi and replace module.xml
-RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/keycloak-server-spi/* $JBOSS_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi/main/"]
+RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/templates/* $KC_FOLDER/themes/"]
 
-# add integsoft version of keycloak-server-spi-private and replace module.xml
-RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/keycloak-server-spi-private/* $JBOSS_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/"]
+# add integsoft version of keycloak jars
+RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/* $KC_FOLDER/lib/lib/main"]
 
-# add integsoft version of keycloak-services and replace module.xml
-RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/keycloak-services/* $JBOSS_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/"]
+RUN /opt/keycloak/bin/kc.sh build --spi-email-sender-provider=aws-ses --spi-email-sender-provider-aws-ses-enabled=true --spi-email-sender-provider-aws-ses-region=$AWS_REGION
+RUN /opt/keycloak/bin/kc.sh show-config
 
-# copy AWS SES SPI library
-RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/mbta-keycloak-aws-ses-email-provider-1.1.0.jar $JBOSS_HOME/standalone/deployments/"]
+WORKDIR /opt/keycloak
 
 # Ports
 EXPOSE 8080 8443
 
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -5,22 +5,19 @@ services:
     ports:
       - "8080:8080"
     environment:
-      - KEYCLOAK_USER=kc_username
-      - KEYCLOAK_PASSWORD=kc_password
-      - PROXY_ADDRESS_FORWARDING=false
-      - KEYCLOAK_LOGLEVEL=INFO
-      - ROOT_LOGLEVEL=INFO
-      - DB_VENDOR=mariadb
-      - DB_ADDR=mariadb
-      - DB_DATABASE=keycloak
-      - DB_USER=keycloak
-      - DB_PASSWORD=keycloak
-      - JDBC_PARAMS=autoreconnect=true
+      - KEYCLOAK_ADMIN=kc_username
+      - KEYCLOAK_ADMIN_PASSWORD=kc_password
+      - KC_HTTP_ENABLED=true
+      - KC_HOSTNAME_STRICT=false
+      - KC_HEALTH_ENABLED=true
+      - KC_LOG_LEVEL=INFO,cz.integsoft:DEBUG,org.infinispan:DEBUG,org.jgroups:DEBUG
+      - KC_DB=mariadb
+      - KC_DB_URL=jdbc:mysql://mariadb:3306/keycloak?autoReconnect=true
+      - KC_DB_USERNAME=keycloak
+      - KC_DB_PASSWORD=keycloak
+      - KC_HTTP_RELATIVE_PATH=/auth
+      - KC_CACHE_CONFIG_FILE=cache-ispn-jdbc-ping.xml
       - JAVA_OPTS_APPEND=-Xmx1500m -Djboss.bind.address=0.0.0.0
-      - CACHE_OWNERS_COUNT=1
-      - CACHE_OWNERS_AUTH_SESSIONS_COUNT=1
-      - JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING
-      - JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=java:jboss/datasources/KeycloakDS,remove_old_coords_on_view_change=true
       - AWS_REGION=us-east-1
     links:
       - mariadb

diff --git a/files/conf/cache-ispn-jdbc-ping.xml b/files/conf/cache-ispn-jdbc-ping.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<infinispan
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="urn:infinispan:config:11.0 http://www.infinispan.org/schemas/infinispan-config-11.0.xsd"
+        xmlns="urn:infinispan:config:11.0">
+
+	<jgroups>
+		<stack name="jdbc-ping-tcp" extends="tcp">
+			<JDBC_PING connection_driver="org.mariadb.jdbc.Driver"
+				connection_username="${env.KC_DB_USERNAME}" connection_password="${env.KC_DB_PASSWORD}"
+				connection_url="${env.KC_DB_URL}"
+				initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name));"
+				insert_single_sql="INSERT INTO JGROUPSPING (own_addr, cluster_name, ping_data) values (?, ?, ?);"
+				delete_single_sql="DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?;"
+				select_all_pingdata_sql="SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?;"
+				info_writer_sleep_time="500"
+				remove_all_data_on_view_change="true"
+				stack.combine="REPLACE"
+				stack.position="MPING" />
+		</stack>
+	</jgroups>
+
+    <cache-container name="keycloak">
+        <transport lock-timeout="60000" stack="jdbc-ping-tcp" />
+        <local-cache name="realms">
+            <encoding>
+                <key media-type="application/x-java-object"/>
+                <value media-type="application/x-java-object"/>
+            </encoding>
+            <memory max-count="10000"/>
+        </local-cache>
+        <local-cache name="users">
+            <encoding>
+                <key media-type="application/x-java-object"/>
+                <value media-type="application/x-java-object"/>
+            </encoding>
+            <memory max-count="10000"/>
+        </local-cache>
+        <distributed-cache name="sessions" owners="2">
+            <expiration lifespan="-1"/>
+        </distributed-cache>
+        <distributed-cache name="authenticationSessions" owners="2">
+            <expiration lifespan="-1"/>
+        </distributed-cache>
+        <distributed-cache name="offlineSessions" owners="2">
+            <expiration lifespan="-1"/>
+        </distributed-cache>
+        <distributed-cache name="clientSessions" owners="2">
+            <expiration lifespan="-1"/>
+        </distributed-cache>
+        <distributed-cache name="offlineClientSessions" owners="2">
+            <expiration lifespan="-1"/>
+        </distributed-cache>
+        <distributed-cache name="loginFailures" owners="2">
+            <expiration lifespan="-1"/>
+        </distributed-cache>
+        <local-cache name="authorization">
+            <encoding>
+                <key media-type="application/x-java-object"/>
+                <value media-type="application/x-java-object"/>
+            </encoding>
+            <memory max-count="10000"/>
+        </local-cache>
+        <replicated-cache name="work">
+            <expiration lifespan="-1"/>
+        </replicated-cache>
+        <local-cache name="keys">
+            <encoding>
+                <key media-type="application/x-java-object"/>
+                <value media-type="application/x-java-object"/>
+            </encoding>
+            <expiration max-idle="3600000"/>
+            <memory max-count="1000"/>
+        </local-cache>
+        <distributed-cache name="actionTokens" owners="2">
+            <encoding>
+                <key media-type="application/x-java-object"/>
+                <value media-type="application/x-java-object"/>
+            </encoding>
+            <expiration max-idle="-1" lifespan="-1" interval="300000"/>
+            <memory max-count="-1"/>
+        </distributed-cache>
+    </cache-container>
+</infinispan>
diff --git a/files/keycloak-modules/keycloak-model-infinispan/module.xml b/files/keycloak-modules/keycloak-model-infinispan/module.xml
diff --git a/files/keycloak-modules/keycloak-server-spi-private/module.xml b/files/keycloak-modules/keycloak-server-spi-private/module.xml
diff --git a/files/keycloak-modules/keycloak-server-spi/module.xml b/files/keycloak-modules/keycloak-server-spi/module.xml