-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Move to Quarkus runtime * Removed useless commented out command --------- Co-authored-by: Petr Jurak <petr.jurak@integsoft.cz>
- Loading branch information
Showing
25 changed files
with
118 additions
and
416 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,48 +1,47 @@ | ||
FROM quay.io/keycloak/keycloak:19.0.3-legacy | ||
FROM quay.io/keycloak/keycloak:19.0.3 as builder | ||
|
||
LABEL maintainer="support@integrationeye.com" | ||
LABEL builder="Integsoft s.r.o" | ||
LABEL description="MBTA Keycloak" | ||
|
||
ENV INSTALL_FOLDER=/tmp/files | ||
ENV KC_FOLDER=/opt/keycloak | ||
|
||
ENV KC_DB=mariadb | ||
ENV KC_HTTP_RELATIVE_PATH=/auth | ||
ENV KC_CACHE_CONFIG_FILE=cache-ispn-jdbc-ping.xml | ||
ENV KC_HOSTNAME_STRICT=false | ||
ENV KC_HTTP_ENABLED=true | ||
ENV KC_LOG_LEVEL=INFO,cz.integsoft:debug | ||
ENV KC_PROXY=edge | ||
|
||
USER root | ||
# install system tools and update system | ||
RUN ["/bin/bash", "-c", "microdnf update -y && microdnf install -y vim"] | ||
# remove root password | ||
# RUN ["/bin/bash", "-c", "passwd --delete root"] | ||
|
||
USER jboss | ||
USER keycloak | ||
|
||
# copy build scripts and related data | ||
COPY files/ $INSTALL_FOLDER/ | ||
|
||
# copy CLI scripts (in this version it is not supported to use startup-scripts variable | ||
COPY files/startup-scripts/* /opt/jboss/startup-scripts/ | ||
# copy custom modules | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/modules/* $JBOSS_HOME/modules/"] | ||
# copy the custom cache config file into the keycloak conf dir | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/conf/cache-ispn-jdbc-ping.xml $KC_FOLDER/conf/"] | ||
|
||
# copy welcome page | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/welcome-content/* $JBOSS_HOME/welcome-content/"] | ||
# copy custom modules | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/modules/* $KC_FOLDER/providers/"] | ||
|
||
# copy templates | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/templates/* $JBOSS_HOME/themes/"] | ||
|
||
# add integsoft version of keycloak-model-infinispan and replace module.xml | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/keycloak-model-infinispan/* $JBOSS_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-model-infinispan/main/"] | ||
|
||
# add integsoft version of keycloak-server-spi and replace module.xml | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/keycloak-server-spi/* $JBOSS_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi/main/"] | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/templates/* $KC_FOLDER/themes/"] | ||
|
||
# add integsoft version of keycloak-server-spi-private and replace module.xml | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/keycloak-server-spi-private/* $JBOSS_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/"] | ||
# add integsoft version of keycloak jars | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/* $KC_FOLDER/lib/lib/main"] | ||
|
||
# add integsoft version of keycloak-services and replace module.xml | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/keycloak-modules/keycloak-services/* $JBOSS_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/"] | ||
RUN /opt/keycloak/bin/kc.sh build --spi-email-sender-provider=aws-ses --spi-email-sender-provider-aws-ses-enabled=true --spi-email-sender-provider-aws-ses-region=$AWS_REGION | ||
RUN /opt/keycloak/bin/kc.sh show-config | ||
|
||
# copy AWS SES SPI library | ||
RUN ["/bin/bash", "-c", "cp -Rv $INSTALL_FOLDER/mbta-keycloak-aws-ses-email-provider-1.1.0.jar $JBOSS_HOME/standalone/deployments/"] | ||
WORKDIR /opt/keycloak | ||
|
||
# Ports | ||
EXPOSE 8080 8443 | ||
|
||
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<infinispan | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="urn:infinispan:config:11.0 http://www.infinispan.org/schemas/infinispan-config-11.0.xsd" | ||
xmlns="urn:infinispan:config:11.0"> | ||
|
||
<jgroups> | ||
<stack name="jdbc-ping-tcp" extends="tcp"> | ||
<JDBC_PING connection_driver="org.mariadb.jdbc.Driver" | ||
connection_username="${env.KC_DB_USERNAME}" connection_password="${env.KC_DB_PASSWORD}" | ||
connection_url="${env.KC_DB_URL}" | ||
initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name));" | ||
insert_single_sql="INSERT INTO JGROUPSPING (own_addr, cluster_name, ping_data) values (?, ?, ?);" | ||
delete_single_sql="DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?;" | ||
select_all_pingdata_sql="SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?;" | ||
info_writer_sleep_time="500" | ||
remove_all_data_on_view_change="true" | ||
stack.combine="REPLACE" | ||
stack.position="MPING" /> | ||
</stack> | ||
</jgroups> | ||
|
||
<cache-container name="keycloak"> | ||
<transport lock-timeout="60000" stack="jdbc-ping-tcp" /> | ||
<local-cache name="realms"> | ||
<encoding> | ||
<key media-type="application/x-java-object"/> | ||
<value media-type="application/x-java-object"/> | ||
</encoding> | ||
<memory max-count="10000"/> | ||
</local-cache> | ||
<local-cache name="users"> | ||
<encoding> | ||
<key media-type="application/x-java-object"/> | ||
<value media-type="application/x-java-object"/> | ||
</encoding> | ||
<memory max-count="10000"/> | ||
</local-cache> | ||
<distributed-cache name="sessions" owners="2"> | ||
<expiration lifespan="-1"/> | ||
</distributed-cache> | ||
<distributed-cache name="authenticationSessions" owners="2"> | ||
<expiration lifespan="-1"/> | ||
</distributed-cache> | ||
<distributed-cache name="offlineSessions" owners="2"> | ||
<expiration lifespan="-1"/> | ||
</distributed-cache> | ||
<distributed-cache name="clientSessions" owners="2"> | ||
<expiration lifespan="-1"/> | ||
</distributed-cache> | ||
<distributed-cache name="offlineClientSessions" owners="2"> | ||
<expiration lifespan="-1"/> | ||
</distributed-cache> | ||
<distributed-cache name="loginFailures" owners="2"> | ||
<expiration lifespan="-1"/> | ||
</distributed-cache> | ||
<local-cache name="authorization"> | ||
<encoding> | ||
<key media-type="application/x-java-object"/> | ||
<value media-type="application/x-java-object"/> | ||
</encoding> | ||
<memory max-count="10000"/> | ||
</local-cache> | ||
<replicated-cache name="work"> | ||
<expiration lifespan="-1"/> | ||
</replicated-cache> | ||
<local-cache name="keys"> | ||
<encoding> | ||
<key media-type="application/x-java-object"/> | ||
<value media-type="application/x-java-object"/> | ||
</encoding> | ||
<expiration max-idle="3600000"/> | ||
<memory max-count="1000"/> | ||
</local-cache> | ||
<distributed-cache name="actionTokens" owners="2"> | ||
<encoding> | ||
<key media-type="application/x-java-object"/> | ||
<value media-type="application/x-java-object"/> | ||
</encoding> | ||
<expiration max-idle="-1" lifespan="-1" interval="300000"/> | ||
<memory max-count="-1"/> | ||
</distributed-cache> | ||
</cache-container> | ||
</infinispan> |
60 changes: 0 additions & 60 deletions
60
files/keycloak-modules/keycloak-model-infinispan/module.xml
This file was deleted.
Oops, something went wrong.
42 changes: 0 additions & 42 deletions
42
files/keycloak-modules/keycloak-server-spi-private/module.xml
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.