From 27b257052a5d6ce4e0cea50531378d233ced3fec Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 11 May 2022 17:21:39 +0000 Subject: [PATCH] 17.0.1-debian-10-r0 release --- bitnami/keycloak/17/debian-10/Dockerfile | 32 ++ .../keycloak/17/debian-10/docker-compose.yml | 22 + .../opt/bitnami/.bitnami_components.json | 30 ++ .../opt/bitnami/licenses/licenses.txt | 3 + .../opt/bitnami/scripts/libbitnami.sh | 51 ++ .../opt/bitnami/scripts/libcomponent.sh | 65 +++ .../prebuildfs/opt/bitnami/scripts/libfile.sh | 139 ++++++ .../prebuildfs/opt/bitnami/scripts/libfs.sh | 190 +++++++ .../prebuildfs/opt/bitnami/scripts/libhook.sh | 16 + .../prebuildfs/opt/bitnami/scripts/liblog.sh | 112 +++++ .../prebuildfs/opt/bitnami/scripts/libnet.sh | 163 ++++++ .../prebuildfs/opt/bitnami/scripts/libos.sh | 466 ++++++++++++++++++ .../opt/bitnami/scripts/libpersistence.sh | 122 +++++ .../opt/bitnami/scripts/libservice.sh | 273 ++++++++++ .../opt/bitnami/scripts/libvalidations.sh | 264 ++++++++++ .../opt/bitnami/scripts/libversion.sh | 49 ++ .../opt/bitnami/scripts/libwebserver.sh | 458 +++++++++++++++++ .../prebuildfs/usr/sbin/install_packages | 24 + .../opt/bitnami/scripts/java/entrypoint.sh | 17 + .../opt/bitnami/scripts/java/postunpack.sh | 24 + .../opt/bitnami/scripts/keycloak-env.sh | 137 +++++ .../bitnami/scripts/keycloak/entrypoint.sh | 27 + .../bitnami/scripts/keycloak/postunpack.sh | 25 + .../opt/bitnami/scripts/keycloak/run.sh | 36 ++ .../opt/bitnami/scripts/keycloak/setup.sh | 26 + .../rootfs/opt/bitnami/scripts/libkeycloak.sh | 292 +++++++++++ bitnami/keycloak/README.md | 83 +--- bitnami/keycloak/docker-compose.yml | 2 +- 28 files changed, 3075 insertions(+), 73 deletions(-) create mode 100644 bitnami/keycloak/17/debian-10/Dockerfile create mode 100644 bitnami/keycloak/17/debian-10/docker-compose.yml create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/licenses/licenses.txt create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libbitnami.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libcomponent.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libfile.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libhook.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/liblog.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libnet.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libos.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libservice.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libvalidations.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libversion.sh create mode 100644 bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libwebserver.sh create mode 100755 bitnami/keycloak/17/debian-10/prebuildfs/usr/sbin/install_packages create mode 100755 bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/java/entrypoint.sh create mode 100755 bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/java/postunpack.sh create mode 100644 bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak-env.sh create mode 100755 bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/entrypoint.sh create mode 100755 bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/postunpack.sh create mode 100755 bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/run.sh create mode 100755 bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/setup.sh create mode 100644 bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/libkeycloak.sh diff --git a/bitnami/keycloak/17/debian-10/Dockerfile b/bitnami/keycloak/17/debian-10/Dockerfile new file mode 100644 index 000000000000..7f971bb51de4 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/Dockerfile @@ -0,0 +1,32 @@ +FROM docker.io/bitnami/minideb:buster +LABEL maintainer "Bitnami " + +ENV HOME="/" \ + OS_ARCH="amd64" \ + OS_FLAVOUR="debian-10" \ + OS_NAME="linux" + +ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" + +COPY prebuildfs / +# Install required system packages and dependencies +RUN install_packages acl ca-certificates curl gzip libaio1 libc6 procps rsync tar zlib1g +RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "wait-for-port" "1.0.1-10" --checksum 35c818ba3f4b5aae905959bc7d3a5e81fc63786e3c662b604612c0aa7fcda8fd +RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "java" "11.0.15-0" --checksum 255bc547614ce8052f416a74c58cfb916f724876315f15b816e0eb98b2bded35 +RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "keycloak" "17.0.1-1" --checksum c24ea6603af3ceaa0864f6075ac7bed25f6068884b2cf08f00e2d5676534b35f +RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.14.0-7" --checksum d6280b6f647a62bf6edc74dc8e526bfff63ddd8067dcb8540843f47203d9ccf1 +RUN apt-get update && apt-get upgrade -y && \ + rm -r /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami + +COPY rootfs / +RUN /opt/bitnami/scripts/java/postunpack.sh +RUN /opt/bitnami/scripts/keycloak/postunpack.sh +ENV APP_VERSION="17.0.1" \ + BITNAMI_APP_NAME="keycloak" \ + JAVA_HOME="/opt/bitnami/java" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/keycloak/bin:$PATH" + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/keycloak/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ] diff --git a/bitnami/keycloak/17/debian-10/docker-compose.yml b/bitnami/keycloak/17/debian-10/docker-compose.yml new file mode 100644 index 000000000000..f396d295f2d5 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/docker-compose.yml @@ -0,0 +1,22 @@ +version: '2' +services: + postgresql: + image: docker.io/bitnami/postgresql:11 + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - POSTGRESQL_USERNAME=bn_keycloak + - POSTGRESQL_DATABASE=bitnami_keycloak + volumes: + - 'postgresql_data:/bitnami/postgresql' + + keycloak: + image: docker.io/bitnami/keycloak:17 + depends_on: + - postgresql + ports: + - "80:8080" + +volumes: + postgresql_data: + driver: local diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 000000000000..0ea2411bf83a --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,30 @@ +{ + "gosu": { + "arch": "amd64", + "digest": "d6280b6f647a62bf6edc74dc8e526bfff63ddd8067dcb8540843f47203d9ccf1", + "distro": "debian-10", + "type": "NAMI", + "version": "1.14.0-7" + }, + "java": { + "arch": "amd64", + "digest": "255bc547614ce8052f416a74c58cfb916f724876315f15b816e0eb98b2bded35", + "distro": "debian-10", + "type": "NAMI", + "version": "11.0.15-0" + }, + "keycloak": { + "arch": "amd64", + "digest": "c24ea6603af3ceaa0864f6075ac7bed25f6068884b2cf08f00e2d5676534b35f", + "distro": "debian-10", + "type": "NAMI", + "version": "17.0.1-1" + }, + "wait-for-port": { + "arch": "amd64", + "digest": "35c818ba3f4b5aae905959bc7d3a5e81fc63786e3c662b604612c0aa7fcda8fd", + "distro": "debian-10", + "type": "NAMI", + "version": "1.0.1-10" + } +} \ No newline at end of file diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/licenses/licenses.txt new file mode 100644 index 000000000000..c76ba31f3b8a --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/licenses/licenses.txt @@ -0,0 +1,3 @@ +Bitnami containers ship with software bundles. You can find the licenses under: +/opt/bitnami/nami/COPYING +/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 000000000000..ef29e361dad1 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/bitnami-docker-${BITNAMI_APP_NAME}" + + log "" + log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" + log "" +} + diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libcomponent.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libcomponent.sh new file mode 100644 index 000000000000..e3098a93b7c0 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libcomponent.sh @@ -0,0 +1,65 @@ +#!/bin/bash +# +# Library for managing Bitnami components + +# Constants +CACHE_ROOT="/tmp/bitnami/pkg/cache" +DOWNLOAD_URL="https://downloads.bitnami.com/files/stacksmith" + +# Functions + +######################## +# Download and unpack a Bitnami package +# Globals: +# OS_NAME +# OS_ARCH +# OS_FLAVOUR +# Arguments: +# $1 - component's name +# $2 - component's version +# Returns: +# None +######################### +component_unpack() { + local name="${1:?name is required}" + local version="${2:?version is required}" + local base_name="${name}-${version}-${OS_NAME}-${OS_ARCH}-${OS_FLAVOUR}" + local package_sha256="" + local directory="/opt/bitnami" + + # Validate arguments + shift 2 + while [ "$#" -gt 0 ]; do + case "$1" in + -c|--checksum) + shift + package_sha256="${1:?missing package checksum}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + echo "Downloading $base_name package" + if [ -f "${CACHE_ROOT}/${base_name}.tar.gz" ]; then + echo "${CACHE_ROOT}/${base_name}.tar.gz already exists, skipping download." + cp "${CACHE_ROOT}/${base_name}.tar.gz" . + rm "${CACHE_ROOT}/${base_name}.tar.gz" + if [ -f "${CACHE_ROOT}/${base_name}.tar.gz.sha256" ]; then + echo "Using the local sha256 from ${CACHE_ROOT}/${base_name}.tar.gz.sha256" + package_sha256="$(< "${CACHE_ROOT}/${base_name}.tar.gz.sha256")" + rm "${CACHE_ROOT}/${base_name}.tar.gz.sha256" + fi + else + curl --remote-name --silent --show-error --fail "${DOWNLOAD_URL}/${base_name}.tar.gz" + fi + if [ -n "$package_sha256" ]; then + echo "Verifying package integrity" + echo "$package_sha256 ${base_name}.tar.gz" | sha256sum --check - || exit "$?" + fi + tar --directory "${directory}" --extract --gunzip --file "${base_name}.tar.gz" --no-same-owner --strip-components=2 + rm "${base_name}.tar.gz" +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libfile.sh new file mode 100644 index 000000000000..41ebaf7464f6 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libfile.sh @@ -0,0 +1,139 @@ +#!/bin/bash +# +# Library for managing files + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libos.sh + +# Functions + +######################## +# Replace a regex-matching string in a file +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - substitute regex +# $4 - use POSIX regex. Default: true +# Returns: +# None +######################### +replace_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + local posix_regex=${4:-true} + + local result + + # We should avoid using 'sed in-place' substitutions + # 1) They are not compatible with files mounted from ConfigMap(s) + # 2) We found incompatibility issues with Debian10 and "in-place" substitutions + local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues + if [[ $posix_regex = true ]]; then + result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" + else + result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" + fi + echo "$result" > "$filename" +} + +######################## +# Replace a regex-matching multiline string in a file +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - substitute regex +# Returns: +# None +######################### +replace_in_file_multiline() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + + local result + local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues + result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" + echo "$result" > "$filename" +} + +######################## +# Remove a line in a file based on a regex +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - use POSIX regex. Default: true +# Returns: +# None +######################### +remove_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local posix_regex=${3:-true} + local result + + # We should avoid using 'sed in-place' substitutions + # 1) They are not compatible with files mounted from ConfigMap(s) + # 2) We found incompatibility issues with Debian10 and "in-place" substitutions + if [[ $posix_regex = true ]]; then + result="$(sed -E "/$match_regex/d" "$filename")" + else + result="$(sed "/$match_regex/d" "$filename")" + fi + echo "$result" > "$filename" +} + +######################## +# Appends text after the last line matching a pattern +# Arguments: +# $1 - file +# $2 - match regex +# $3 - contents to add +# Returns: +# None +######################### +append_file_after_last_match() { + local file="${1:?missing file}" + local match_regex="${2:?missing pattern}" + local value="${3:?missing value}" + + # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again + result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" + echo "$result" > "$file" +} + +######################## +# Wait until certain entry is present in a log file +# Arguments: +# $1 - entry to look for +# $2 - log file +# $3 - max retries. Default: 12 +# $4 - sleep between retries (in seconds). Default: 5 +# Returns: +# Boolean +######################### +wait_for_log_entry() { + local -r entry="${1:-missing entry}" + local -r log_file="${2:-missing log file}" + local -r retries="${3:-12}" + local -r interval_time="${4:-5}" + local attempt=0 + + check_log_file_for_entry() { + if ! grep -qE "$entry" "$log_file"; then + debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" + return 1 + fi + } + debug "Checking that ${log_file} log file contains entry \"${entry}\"" + if retry_while check_log_file_for_entry "$retries" "$interval_time"; then + debug "Found entry \"${entry}\" in ${log_file}" + true + else + error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" + debug_execute cat "$log_file" + return 1 + fi +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh new file mode 100644 index 000000000000..1b504b1df458 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh @@ -0,0 +1,190 @@ +#!/bin/bash +# +# Library for file system actions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Ensure a file/directory is owned (user and group) but the given user +# Arguments: +# $1 - filepath +# $2 - owner +# Returns: +# None +######################### +owned_by() { + local path="${1:?path is missing}" + local owner="${2:?owner is missing}" + local group="${3:-}" + + if [[ -n $group ]]; then + chown "$owner":"$group" "$path" + else + chown "$owner":"$owner" "$path" + fi +} + +######################## +# Ensure a directory exists and, optionally, is owned by the given user +# Arguments: +# $1 - directory +# $2 - owner +# Returns: +# None +######################### +ensure_dir_exists() { + local dir="${1:?directory is missing}" + local owner_user="${2:-}" + local owner_group="${3:-}" + + mkdir -p "${dir}" + if [[ -n $owner_user ]]; then + owned_by "$dir" "$owner_user" "$owner_group" + fi +} + +######################## +# Checks whether a directory is empty or not +# arguments: +# $1 - directory +# returns: +# boolean +######################### +is_dir_empty() { + local -r path="${1:?missing directory}" + # Calculate real path in order to avoid issues with symlinks + local -r dir="$(realpath "$path")" + if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then + true + else + false + fi +} + +######################## +# Checks whether a mounted directory is empty or not +# arguments: +# $1 - directory +# returns: +# boolean +######################### +is_mounted_dir_empty() { + local dir="${1:?missing directory}" + + if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then + true + else + false + fi +} + +######################## +# Checks whether a file can be written to or not +# arguments: +# $1 - file +# returns: +# boolean +######################### +is_file_writable() { + local file="${1:?missing file}" + local dir + dir="$(dirname "$file")" + + if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then + true + else + false + fi +} + +######################## +# Relativize a path +# arguments: +# $1 - path +# $2 - base +# returns: +# None +######################### +relativize() { + local -r path="${1:?missing path}" + local -r base="${2:?missing base}" + pushd "$base" >/dev/null || exit + realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' + popd >/dev/null || exit +} + +######################## +# Configure permisions and ownership recursively +# Globals: +# None +# Arguments: +# $1 - paths (as a string). +# Flags: +# -f|--file-mode - mode for directories. +# -d|--dir-mode - mode for files. +# -u|--user - user +# -g|--group - group +# Returns: +# None +######################### +configure_permissions_ownership() { + local -r paths="${1:?paths is missing}" + local dir_mode="" + local file_mode="" + local user="" + local group="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -f | --file-mode) + shift + file_mode="${1:?missing mode for files}" + ;; + -d | --dir-mode) + shift + dir_mode="${1:?missing mode for directories}" + ;; + -u | --user) + shift + user="${1:?missing user}" + ;; + -g | --group) + shift + group="${1:?missing group}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + read -r -a filepaths <<<"$paths" + for p in "${filepaths[@]}"; do + if [[ -e "$p" ]]; then + if [[ -n $dir_mode ]]; then + find -L "$p" -type d -exec chmod "$dir_mode" {} \; + fi + if [[ -n $file_mode ]]; then + find -L "$p" -type f -exec chmod "$file_mode" {} \; + fi + if [[ -n $user ]] && [[ -n $group ]]; then + chown -LR "$user":"$group" "$p" + elif [[ -n $user ]] && [[ -z $group ]]; then + chown -LR "$user" "$p" + elif [[ -z $user ]] && [[ -n $group ]]; then + chgrp -LR "$group" "$p" + fi + else + stderr_print "$p does not exist" + fi + done +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libhook.sh new file mode 100644 index 000000000000..9694852a7d25 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libhook.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# +# Library to use for scripts expected to be used as Kubernetes lifecycle hooks + +# shellcheck disable=SC1091 + +# Load generic libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh + +# Override functions that log to stdout/stderr of the current process, so they print to process 1 +for function_to_override in stderr_print debug_execute; do + # Output is sent to output of process 1 and thus end up in the container log + # The hook output in general isn't saved + eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" +done diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/liblog.sh new file mode 100644 index 000000000000..c7c0f6d4422a --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/liblog.sh @@ -0,0 +1,112 @@ +#!/bin/bash +# +# Library for logging functions + +# Constants +RESET='\033[0m' +RED='\033[38;5;1m' +GREEN='\033[38;5;2m' +YELLOW='\033[38;5;3m' +MAGENTA='\033[38;5;5m' +CYAN='\033[38;5;6m' + +# Functions + +######################## +# Print to STDERR +# Arguments: +# Message to print +# Returns: +# None +######################### +stderr_print() { + # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it + local bool="${BITNAMI_QUIET:-false}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + printf "%b\\n" "${*}" >&2 + fi +} + +######################## +# Log message +# Arguments: +# Message to log +# Returns: +# None +######################### +log() { + stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" +} +######################## +# Log an 'info' message +# Arguments: +# Message to log +# Returns: +# None +######################### +info() { + log "${GREEN}INFO ${RESET} ==> ${*}" +} +######################## +# Log message +# Arguments: +# Message to log +# Returns: +# None +######################### +warn() { + log "${YELLOW}WARN ${RESET} ==> ${*}" +} +######################## +# Log an 'error' message +# Arguments: +# Message to log +# Returns: +# None +######################### +error() { + log "${RED}ERROR${RESET} ==> ${*}" +} +######################## +# Log a 'debug' message +# Globals: +# BITNAMI_DEBUG +# Arguments: +# None +# Returns: +# None +######################### +debug() { + # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it + local bool="${BITNAMI_DEBUG:-false}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + log "${MAGENTA}DEBUG${RESET} ==> ${*}" + fi +} + +######################## +# Indent a string +# Arguments: +# $1 - string +# $2 - number of indentation characters (default: 4) +# $3 - indentation character (default: " ") +# Returns: +# None +######################### +indent() { + local string="${1:-}" + local num="${2:?missing num}" + local char="${3:-" "}" + # Build the indentation unit string + local indent_unit="" + for ((i = 0; i < num; i++)); do + indent_unit="${indent_unit}${char}" + done + # shellcheck disable=SC2001 + # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions + echo "$string" | sed "s/^/${indent_unit}/" +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libnet.sh new file mode 100644 index 000000000000..8bbf165e3e2a --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -0,0 +1,163 @@ +#!/bin/bash +# +# Library for network functions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Resolve IP address for a host/domain (i.e. DNS lookup) +# Arguments: +# $1 - Hostname to resolve +# $2 - IP address version (v4, v6), leave empty for resolving to any version +# Returns: +# IP +######################### +dns_lookup() { + local host="${1:?host is missing}" + local ip_version="${2:-}" + getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 +} + +######################### +# Wait for a hostname and return the IP +# Arguments: +# $1 - hostname +# $2 - number of retries +# $3 - seconds to wait between retries +# Returns: +# - IP address that corresponds to the hostname +######################### +wait_for_dns_lookup() { + local hostname="${1:?hostname is missing}" + local retries="${2:-5}" + local seconds="${3:-1}" + check_host() { + if [[ $(dns_lookup "$hostname") == "" ]]; then + false + else + true + fi + } + # Wait for the host to be ready + retry_while "check_host ${hostname}" "$retries" "$seconds" + dns_lookup "$hostname" +} + +######################## +# Get machine's IP +# Arguments: +# None +# Returns: +# Machine IP +######################### +get_machine_ip() { + local -a ip_addresses + local hostname + hostname="$(hostname)" + read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" + if [[ "${#ip_addresses[@]}" -gt 1 ]]; then + warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" + elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then + error "Could not find any IP address associated to hostname ${hostname}" + exit 1 + fi + echo "${ip_addresses[0]}" +} + +######################## +# Check if the provided argument is a resolved hostname +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_hostname_resolved() { + local -r host="${1:?missing value}" + if [[ -n "$(dns_lookup "$host")" ]]; then + true + else + false + fi +} + +######################## +# Parse URL +# Globals: +# None +# Arguments: +# $1 - uri - String +# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String +# Returns: +# String +parse_uri() { + local uri="${1:?uri is missing}" + local component="${2:?component is missing}" + + # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with + # additional sub-expressions to split authority into userinfo, host and port + # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) + local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' + # || | ||| | | | | | | | | | + # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment + # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... + # | 4 authority + # 3 //... + local index=0 + case "$component" in + scheme) + index=2 + ;; + authority) + index=4 + ;; + userinfo) + index=6 + ;; + host) + index=7 + ;; + port) + index=9 + ;; + path) + index=10 + ;; + query) + index=13 + ;; + fragment) + index=14 + ;; + *) + stderr_print "unrecognized component $component" + return 1 + ;; + esac + [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" +} + +######################## +# Wait for a HTTP connection to succeed +# Globals: +# * +# Arguments: +# $1 - URL to wait for +# $2 - Maximum amount of retries (optional) +# $3 - Time between retries (optional) +# Returns: +# true if the HTTP connection succeeded, false otherwise +######################### +wait_for_http_connection() { + local url="${1:?missing url}" + local retries="${2:-}" + local sleep_time="${3:-}" + if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then + error "Could not connect to ${url}" + return 1 + fi +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libos.sh new file mode 100644 index 000000000000..b6c50da90807 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libos.sh @@ -0,0 +1,466 @@ +#!/bin/bash +# +# Library for operating system actions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libvalidations.sh + +# Functions + +######################## +# Check if an user exists in the system +# Arguments: +# $1 - user +# Returns: +# Boolean +######################### +user_exists() { + local user="${1:?user is missing}" + id "$user" >/dev/null 2>&1 +} + +######################## +# Check if a group exists in the system +# Arguments: +# $1 - group +# Returns: +# Boolean +######################### +group_exists() { + local group="${1:?group is missing}" + getent group "$group" >/dev/null 2>&1 +} + +######################## +# Create a group in the system if it does not exist already +# Arguments: +# $1 - group +# Flags: +# -i|--gid - the ID for the new group +# -s|--system - Whether to create new user as system user (uid <= 999) +# Returns: +# None +######################### +ensure_group_exists() { + local group="${1:?group is missing}" + local gid="" + local is_system_user=false + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -i | --gid) + shift + gid="${1:?missing gid}" + ;; + -s | --system) + is_system_user=true + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + if ! group_exists "$group"; then + local -a args=("$group") + if [[ -n "$gid" ]]; then + if group_exists "$gid"; then + error "The GID $gid is already in use." >&2 + return 1 + fi + args+=("--gid" "$gid") + fi + $is_system_user && args+=("--system") + groupadd "${args[@]}" >/dev/null 2>&1 + fi +} + +######################## +# Create an user in the system if it does not exist already +# Arguments: +# $1 - user +# Flags: +# -i|--uid - the ID for the new user +# -g|--group - the group the new user should belong to +# -a|--append-groups - comma-separated list of supplemental groups to append to the new user +# -h|--home - the home directory for the new user +# -s|--system - whether to create new user as system user (uid <= 999) +# Returns: +# None +######################### +ensure_user_exists() { + local user="${1:?user is missing}" + local uid="" + local group="" + local append_groups="" + local home="" + local is_system_user=false + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -i | --uid) + shift + uid="${1:?missing uid}" + ;; + -g | --group) + shift + group="${1:?missing group}" + ;; + -a | --append-groups) + shift + append_groups="${1:?missing append_groups}" + ;; + -h | --home) + shift + home="${1:?missing home directory}" + ;; + -s | --system) + is_system_user=true + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + if ! user_exists "$user"; then + local -a user_args=("-N" "$user") + if [[ -n "$uid" ]]; then + if user_exists "$uid"; then + error "The UID $uid is already in use." + return 1 + fi + user_args+=("--uid" "$uid") + else + $is_system_user && user_args+=("--system") + fi + useradd "${user_args[@]}" >/dev/null 2>&1 + fi + + if [[ -n "$group" ]]; then + local -a group_args=("$group") + $is_system_user && group_args+=("--system") + ensure_group_exists "${group_args[@]}" + usermod -g "$group" "$user" >/dev/null 2>&1 + fi + + if [[ -n "$append_groups" ]]; then + local -a groups + read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" + for group in "${groups[@]}"; do + ensure_group_exists "$group" + usermod -aG "$group" "$user" >/dev/null 2>&1 + done + fi + + if [[ -n "$home" ]]; then + mkdir -p "$home" + usermod -d "$home" "$user" >/dev/null 2>&1 + configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" + fi +} + +######################## +# Check if the script is currently running as root +# Arguments: +# $1 - user +# $2 - group +# Returns: +# Boolean +######################### +am_i_root() { + if [[ "$(id -u)" = "0" ]]; then + true + else + false + fi +} + +######################## +# Print OS metadata +# Arguments: +# $1 - Flag name +# Flags: +# --id - Distro ID +# --version - Distro version +# --branch - Distro branch +# --codename - Distro codename +# Returns: +# String +######################### +get_os_metadata() { + local -r flag_name="${1:?missing flag}" + # Helper function + get_os_release_metadata() { + local -r env_name="${1:?missing environment variable name}" + ( + . /etc/os-release + echo "${!env_name}" + ) + } + case "$flag_name" in + --id) + get_os_release_metadata ID + ;; + --version) + get_os_release_metadata VERSION_ID + ;; + --branch) + get_os_release_metadata VERSION_ID | sed 's/\..*//' + ;; + --codename) + get_os_release_metadata VERSION_CODENAME + ;; + *) + error "Unknown flag ${flag_name}" + return 1 + ;; + esac +} + +######################## +# Get total memory available +# Arguments: +# None +# Returns: +# Memory in bytes +######################### +get_total_memory() { + echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) +} + +######################## +# Get machine size depending on specified memory +# Globals: +# None +# Arguments: +# None +# Flags: +# --memory - memory size (optional) +# Returns: +# Detected instance size +######################### +get_machine_size() { + local memory="" + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + --memory) + shift + memory="${1:?missing memory}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if [[ -z "$memory" ]]; then + debug "Memory was not specified, detecting available memory automatically" + memory="$(get_total_memory)" + fi + sanitized_memory=$(convert_to_mb "$memory") + if [[ "$sanitized_memory" -gt 26000 ]]; then + echo 2xlarge + elif [[ "$sanitized_memory" -gt 13000 ]]; then + echo xlarge + elif [[ "$sanitized_memory" -gt 6000 ]]; then + echo large + elif [[ "$sanitized_memory" -gt 3000 ]]; then + echo medium + elif [[ "$sanitized_memory" -gt 1500 ]]; then + echo small + else + echo micro + fi +} + +######################## +# Get machine size depending on specified memory +# Globals: +# None +# Arguments: +# $1 - memory size (optional) +# Returns: +# Detected instance size +######################### +get_supported_machine_sizes() { + echo micro small medium large xlarge 2xlarge +} + +######################## +# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) +# Globals: +# None +# Arguments: +# $1 - memory size +# Returns: +# Result of the conversion +######################### +convert_to_mb() { + local amount="${1:-}" + if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then + size="${BASH_REMATCH[1]}" + unit="${BASH_REMATCH[2]}" + if [[ "$unit" = "g" || "$unit" = "G" ]]; then + amount="$((size * 1024))" + else + amount="$size" + fi + fi + echo "$amount" +} + +######################### +# Redirects output to /dev/null if debug mode is disabled +# Globals: +# BITNAMI_DEBUG +# Arguments: +# $@ - Command to execute +# Returns: +# None +######################### +debug_execute() { + if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then + "$@" + else + "$@" >/dev/null 2>&1 + fi +} + +######################## +# Retries a command a given number of times +# Arguments: +# $1 - cmd (as a string) +# $2 - max retries. Default: 12 +# $3 - sleep between retries (in seconds). Default: 5 +# Returns: +# Boolean +######################### +retry_while() { + local cmd="${1:?cmd is missing}" + local retries="${2:-12}" + local sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<<"$cmd" + for ((i = 1; i <= retries; i += 1)); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value +} + +######################## +# Generate a random string +# Arguments: +# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii +# -c|--count - Number of characters, defaults to 32 +# Arguments: +# None +# Returns: +# None +# Returns: +# String +######################### +generate_random_string() { + local type="ascii" + local count="32" + local filter + local result + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + -t | --type) + shift + type="$1" + ;; + -c | --count) + shift + count="$1" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Validate type + case "$type" in + ascii) + filter="[:print:]" + ;; + alphanumeric) + filter="a-zA-Z0-9" + ;; + numeric) + filter="0-9" + ;; + *) + echo "Invalid type ${type}" >&2 + return 1 + ;; + esac + # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size + # Note there is a very small chance of strings starting with EOL character + # Therefore, the higher amount of lines read, this will happen less frequently + result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" + echo "$result" +} + +######################## +# Create md5 hash from a string +# Arguments: +# $1 - string +# Returns: +# md5 hash - string +######################### +generate_md5_hash() { + local -r str="${1:?missing input string}" + echo -n "$str" | md5sum | awk '{print $1}' +} + +######################## +# Create sha1 hash from a string +# Arguments: +# $1 - string +# $2 - algorithm - 1 (default), 224, 256, 384, 512 +# Returns: +# sha1 hash - string +######################### +generate_sha_hash() { + local -r str="${1:?missing input string}" + local -r algorithm="${2:-1}" + echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' +} + +######################## +# Converts a string to its hexadecimal representation +# Arguments: +# $1 - string +# Returns: +# hexadecimal representation of the string +######################### +convert_to_hex() { + local -r str=${1:?missing input string} + local -i iterator + local char + for ((iterator = 0; iterator < ${#str}; iterator++)); do + char=${str:iterator:1} + printf '%x' "'${char}" + done +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh new file mode 100644 index 000000000000..99df69681c27 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# +# Bitnami persistence library +# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libversion.sh + +# Functions + +######################## +# Persist an application directory +# Globals: +# BITNAMI_ROOT_DIR +# BITNAMI_VOLUME_DIR +# Arguments: +# $1 - App folder name +# $2 - List of app files to persist +# Returns: +# true if all steps succeeded, false otherwise +######################### +persist_app() { + local -r app="${1:?missing app}" + local -a files_to_restore + read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" + local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + # Persist the individual files + if [[ "${#files_to_persist[@]}" -le 0 ]]; then + warn "No files are configured to be persisted" + return + fi + pushd "$install_dir" >/dev/null || exit + local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder + local -r tmp_file="/tmp/perms.acl" + for file_to_persist in "${files_to_persist[@]}"; do + if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then + error "Cannot persist '${file_to_persist}' because it does not exist" + return 1 + fi + file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" + file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" + file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" + # Get original permissions for existing files, which will be applied later + # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume + getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" + # Copy directories to the volume + ensure_dir_exists "$file_to_persist_destination_folder" + cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" + # Restore permissions + pushd "$persist_dir" >/dev/null || exit + if am_i_root; then + setfacl --restore="$tmp_file" + else + # When running as non-root, don't change ownership + setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") + fi + popd >/dev/null || exit + done + popd >/dev/null || exit + rm -f "$tmp_file" + # Install the persisted files into the installation directory, via symlinks + restore_persisted_app "$@" +} + +######################## +# Restore a persisted application directory +# Globals: +# BITNAMI_ROOT_DIR +# BITNAMI_VOLUME_DIR +# FORCE_MAJOR_UPGRADE +# Arguments: +# $1 - App folder name +# $2 - List of app files to restore +# Returns: +# true if all steps succeeded, false otherwise +######################### +restore_persisted_app() { + local -r app="${1:?missing app}" + local -a files_to_restore + read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" + local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + # Restore the individual persisted files + if [[ "${#files_to_restore[@]}" -le 0 ]]; then + warn "No persisted files are configured to be restored" + return + fi + local file_to_restore_relative file_to_restore_origin file_to_restore_destination + for file_to_restore in "${files_to_restore[@]}"; do + file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" + # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed + file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" + file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" + rm -rf "$file_to_restore_origin" + ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" + done +} + +######################## +# Check if an application directory was already persisted +# Globals: +# BITNAMI_VOLUME_DIR +# Arguments: +# $1 - App folder name +# Returns: +# true if all steps succeeded, false otherwise +######################### +is_app_initialized() { + local -r app="${1:?missing app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + if ! is_mounted_dir_empty "$persist_dir"; then + true + else + false + fi +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libservice.sh new file mode 100644 index 000000000000..a713bd108e15 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libservice.sh @@ -0,0 +1,273 @@ +#!/bin/bash +# +# Library for managing services + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Read the provided pid file and returns a PID +# Arguments: +# $1 - Pid file +# Returns: +# PID +######################### +get_pid_from_file() { + local pid_file="${1:?pid file is missing}" + + if [[ -f "$pid_file" ]]; then + if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then + echo "$(< "$pid_file")" + fi + fi +} + +######################## +# Check if a provided PID corresponds to a running service +# Arguments: +# $1 - PID +# Returns: +# Boolean +######################### +is_service_running() { + local pid="${1:?pid is missing}" + + kill -0 "$pid" 2>/dev/null +} + +######################## +# Stop a service by sending a termination signal to its pid +# Arguments: +# $1 - Pid file +# $2 - Signal number (optional) +# Returns: +# None +######################### +stop_service_using_pid() { + local pid_file="${1:?pid file is missing}" + local signal="${2:-}" + local pid + + pid="$(get_pid_from_file "$pid_file")" + [[ -z "$pid" ]] || ! is_service_running "$pid" && return + + if [[ -n "$signal" ]]; then + kill "-${signal}" "$pid" + else + kill "$pid" + fi + + local counter=10 + while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do + sleep 1 + counter=$((counter - 1)) + done +} + +######################## +# Start cron daemon +# Arguments: +# None +# Returns: +# true if started correctly, false otherwise +######################### +cron_start() { + if [[ -x "/usr/sbin/cron" ]]; then + /usr/sbin/cron + elif [[ -x "/usr/sbin/crond" ]]; then + /usr/sbin/crond + else + false + fi +} + +######################## +# Generate a cron configuration file for a given service +# Arguments: +# $1 - Service name +# $2 - Command +# Flags: +# --run-as - User to run as (default: root) +# --schedule - Cron schedule configuration (default: * * * * *) +# Returns: +# None +######################### +generate_cron_conf() { + local service_name="${1:?service name is missing}" + local cmd="${2:?command is missing}" + local run_as="root" + local schedule="* * * * *" + local clean="true" + + local clean="true" + + # Parse optional CLI flags + shift 2 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --run-as) + shift + run_as="$1" + ;; + --schedule) + shift + schedule="$1" + ;; + --no-clean) + clean="false" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + mkdir -p /etc/cron.d + if "$clean"; then + echo "${schedule} ${run_as} ${cmd}" > /etc/cron.d/"$service_name" + else + echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name" + fi +} + +######################## +# Remove a cron configuration file for a given service +# Arguments: +# $1 - Service name +# Returns: +# None +######################### +remove_cron_conf() { + local service_name="${1:?service name is missing}" + local cron_conf_dir="/etc/monit/conf.d" + rm -f "${cron_conf_dir}/${service_name}" +} + +######################## +# Generate a monit configuration file for a given service +# Arguments: +# $1 - Service name +# $2 - Pid file +# $3 - Start command +# $4 - Stop command +# Flags: +# --disable - Whether to disable the monit configuration +# Returns: +# None +######################### +generate_monit_conf() { + local service_name="${1:?service name is missing}" + local pid_file="${2:?pid file is missing}" + local start_command="${3:?start command is missing}" + local stop_command="${4:?stop command is missing}" + local monit_conf_dir="/etc/monit/conf.d" + local disabled="no" + + # Parse optional CLI flags + shift 4 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --disable) + disabled="yes" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + is_boolean_yes "$disabled" && conf_suffix=".disabled" + mkdir -p "$monit_conf_dir" + cat >"${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 + return 1 + ;; + esac + shift + done + + mkdir -p "$logrotate_conf_dir" + cat <"${logrotate_conf_dir}/${service_name}" +${log_path} { + ${period} + rotate ${rotations} + dateext + compress + copytruncate + missingok +$(indent "$extra" 2) +} +EOF +} + +######################## +# Remove a logrotate configuration file +# Arguments: +# $1 - Service name +# Returns: +# None +######################### +remove_logrotate_conf() { + local service_name="${1:?service name is missing}" + local logrotate_conf_dir="/etc/logrotate.d" + rm -f "${logrotate_conf_dir}/${service_name}" +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libvalidations.sh new file mode 100644 index 000000000000..2d7aaa943513 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libvalidations.sh @@ -0,0 +1,264 @@ +#!/bin/bash +# +# Validation functions library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Check if the provided argument is an integer +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_int() { + local -r int="${1:?missing value}" + if [[ "$int" =~ ^-?[0-9]+ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a positive integer +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_positive_int() { + local -r int="${1:?missing value}" + if is_int "$int" && (( "${int}" >= 0 )); then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean or is the string 'yes/true' +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_boolean_yes() { + local -r bool="${1:-}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean yes/no value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_yes_no_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(yes|no)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean true/false value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_true_false_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(true|false)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean 1/0 value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_1_0_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^[10]$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is an empty string or not defined +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_empty_value() { + local -r val="${1:-}" + if [[ -z "$val" ]]; then + true + else + false + fi +} + +######################## +# Validate if the provided argument is a valid port +# Arguments: +# $1 - Port to validate +# Returns: +# Boolean and error message +######################### +validate_port() { + local value + local unprivileged=0 + + # Parse flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -unprivileged) + unprivileged=1 + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [[ "$#" -gt 1 ]]; then + echo "too many arguments provided" + return 2 + elif [[ "$#" -eq 0 ]]; then + stderr_print "missing port argument" + return 1 + else + value=$1 + fi + + if [[ -z "$value" ]]; then + echo "the value is empty" + return 1 + else + if ! is_int "$value"; then + echo "value is not an integer" + return 2 + elif [[ "$value" -lt 0 ]]; then + echo "negative value provided" + return 2 + elif [[ "$value" -gt 65535 ]]; then + echo "requested port is greater than 65535" + return 2 + elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then + echo "privileged port requested" + return 3 + fi + fi +} + +######################## +# Validate if the provided argument is a valid IPv4 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ipv4() { + local ip="${1:?ip is missing}" + local stat=1 + + if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" + [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ + && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] + stat=$? + fi + return $stat +} + +######################## +# Validate a string format +# Arguments: +# $1 - String to validate +# Returns: +# Boolean +######################### +validate_string() { + local string + local min_length=-1 + local max_length=-1 + + # Parse flags + while [ "$#" -gt 0 ]; do + case "$1" in + -min-length) + shift + min_length=${1:-} + ;; + -max-length) + shift + max_length=${1:-} + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [ "$#" -gt 1 ]; then + stderr_print "too many arguments provided" + return 2 + elif [ "$#" -eq 0 ]; then + stderr_print "missing string" + return 1 + else + string=$1 + fi + + if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then + echo "string length is less than $min_length" + return 1 + fi + if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then + echo "string length is great than $max_length" + return 1 + fi +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libversion.sh new file mode 100644 index 000000000000..f3bc7568bfa5 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libversion.sh @@ -0,0 +1,49 @@ +#!/bin/bash +# +# Library for managing versions strings + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions +######################## +# Gets semantic version +# Arguments: +# $1 - version: string to extract major.minor.patch +# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch +# Returns: +# array with the major, minor and release +######################### +get_sematic_version () { + local version="${1:?version is required}" + local section="${2:?section is required}" + local -a version_sections + + #Regex to parse versions: x.y.z + local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' + + if [[ "$version" =~ $regex ]]; then + local i=1 + local j=1 + local n=${#BASH_REMATCH[*]} + + while [[ $i -lt $n ]]; do + if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then + version_sections[$j]=${BASH_REMATCH[$i]} + ((j++)) + fi + ((i++)) + done + + local number_regex='^[0-9]+$' + if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then + echo "${version_sections[$section]}" + return + else + stderr_print "Section allowed values are: 1, 2, and 3" + return 1 + fi + fi +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libwebserver.sh new file mode 100644 index 000000000000..818c2158032b --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/opt/bitnami/scripts/libwebserver.sh @@ -0,0 +1,458 @@ +#!/bin/bash +# +# Bitnami web server handler library + +# shellcheck disable=SC1090,SC1091 + +# Load generic libraries +. /opt/bitnami/scripts/liblog.sh + +######################## +# Execute a command (or list of commands) with the web server environment and library loaded +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_execute() { + local -r web_server="${1:?missing web server}" + shift + # Run program in sub-shell to avoid web server environment getting loaded when not necessary + ( + . "/opt/bitnami/scripts/lib${web_server}.sh" + . "/opt/bitnami/scripts/${web_server}-env.sh" + "$@" + ) +} + +######################## +# Prints the list of enabled web servers +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_list() { + local -r -a supported_web_servers=(apache nginx) + local -a existing_web_servers=() + for web_server in "${supported_web_servers[@]}"; do + [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") + done + echo "${existing_web_servers[@]:-}" +} + +######################## +# Prints the currently-enabled web server type (only one, in order of preference) +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_type() { + local -a web_servers + read -r -a web_servers <<< "$(web_server_list)" + echo "${web_servers[0]:-}" +} + +######################## +# Validate that a supported web server is configured +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_validate() { + local error_code=0 + local supported_web_servers=("apache" "nginx") + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then + print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" + elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then + print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." + fi + + return "$error_code" +} + +######################## +# Check whether the web server is running +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the web server is running, false otherwise +######################### +is_web_server_running() { + "is_$(web_server_type)_running" +} + +######################## +# Start web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_start() { + info "Starting $(web_server_type) in background" + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" +} + +######################## +# Stop web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_stop() { + info "Stopping $(web_server_type)" + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" +} + +######################## +# Restart web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_restart() { + info "Restarting $(web_server_type)" + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" +} + +######################## +# Reload web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_reload() { + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" +} + +######################## +# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on which configuration template to use +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --disable - Whether to render server configurations with a .disabled prefix +# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix +# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix +# --http-port - HTTP port number +# --https-port - HTTPS port number +# --document-root - Path to document root directory +# Apache-specific flags: +# --apache-additional-configuration - Additional vhost configuration (no default) +# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) +# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) +# --apache-before-vhost-configuration - Configuration to add before the directive (no default) +# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --apache-extra-directory-configuration - Extra configuration for the document root directory +# --apache-proxy-address - Address where to proxy requests +# --apache-proxy-configuration - Extra configuration for the proxy +# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost +# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost +# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# NGINX-specific flags: +# --nginx-additional-configuration - Additional server block configuration (no default) +# --nginx-external-configuration - Configuration external to server block (no default) +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_web_server_app_configuration_exists() { + local app="${1:?missing app}" + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --disable \ + | --disable-http \ + | --disable-https \ + ) + apache_args+=("$1") + nginx_args+=("$1") + ;; + --hosts \ + | --server-name \ + | --server-aliases \ + | --type \ + | --allow-remote-connections \ + | --http-port \ + | --https-port \ + | --document-root \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-additional-http-configuration \ + | --apache-additional-https-configuration \ + | --apache-before-vhost-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-proxy-address \ + | --apache-proxy-configuration \ + | --apache-proxy-http-configuration \ + | --apache-proxy-https-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "${2:?missing value}") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration \ + | --nginx-external-configuration) + nginx_args+=("${1//nginx-/}" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" + done +} + +######################## +# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Returns: +# true if the configuration was disabled, false otherwise +######################## +ensure_web_server_app_configuration_not_exists() { + local app="${1:?missing app}" + local -a web_servers + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" + done +} + +######################## +# Ensure the web server loads the configuration for an application in a URL prefix +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --document-root - Path to document root directory +# --prefix - URL prefix from where it will be accessible (i.e. /myapp) +# --type - Application type, which has an effect on what configuration template will be used +# Apache-specific flags: +# --apache-additional-configuration - Additional vhost configuration (no default) +# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') +# --apache-extra-directory-configuration - Extra configuration for the document root directory +# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup +# NGINX-specific flags: +# --nginx-additional-configuration - Additional server block configuration (no default) +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_web_server_prefix_configuration_exists() { + local app="${1:?missing app}" + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --allow-remote-connections \ + | --document-root \ + | --prefix \ + | --type \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "$2") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration) + nginx_args+=("${1//nginx-/}" "$2") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" + done +} + +######################## +# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --enable-http - Enable HTTP app configuration (if not enabled already) +# --enable-https - Enable HTTPS app configuration (if not enabled already) +# --disable-http - Disable HTTP app configuration (if not disabled already) +# --disable-https - Disable HTTPS app configuration (if not disabled already) +# --http-port - HTTP port number +# --https-port - HTTPS port number +# Returns: +# true if the configuration was updated, false otherwise +######################## +web_server_update_app_configuration() { + local app="${1:?missing app}" + shift + local -a args web_servers + args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --enable-http \ + | --enable-https \ + | --disable-http \ + | --disable-https \ + ) + args+=("$1") + ;; + --hosts \ + | --server-name \ + | --server-aliases \ + | --http-port \ + | --https-port \ + ) + args+=("$1" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" + done +} + +######################## +# Enable loading page, which shows users that the initialization process is not yet completed +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_enable_loading_page() { + ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ + --apache-additional-configuration " +# Show a HTTP 503 Service Unavailable page by default +RedirectMatch 503 ^/$ +# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes +ErrorDocument 404 /index.html +ErrorDocument 503 /index.html" \ + --nginx-additional-configuration " +# Show a HTTP 503 Service Unavailable page by default +location / { + return 503; +} +# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes +error_page 404 @installing; +error_page 503 @installing; +location @installing { + rewrite ^(.*)$ /index.html break; +}" + web_server_reload +} + +######################## +# Enable loading page, which shows users that the initialization process is not yet completed +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_disable_install_page() { + ensure_web_server_app_configuration_not_exists "__loading" + web_server_reload +} diff --git a/bitnami/keycloak/17/debian-10/prebuildfs/usr/sbin/install_packages b/bitnami/keycloak/17/debian-10/prebuildfs/usr/sbin/install_packages new file mode 100755 index 000000000000..c9577647443b --- /dev/null +++ b/bitnami/keycloak/17/debian-10/prebuildfs/usr/sbin/install_packages @@ -0,0 +1,24 @@ +#!/bin/sh +set -e +set -u +export DEBIAN_FRONTEND=noninteractive +n=0 +max=2 +until [ $n -gt $max ]; do + set +e + ( + apt-get update -qq && + apt-get install -y --no-install-recommends "$@" + ) + CODE=$? + set -e + if [ $CODE -eq 0 ]; then + break + fi + if [ $n -eq $max ]; then + exit $CODE + fi + echo "apt failed, retrying" + n=$(($n + 1)) +done +rm -r /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/java/entrypoint.sh new file mode 100755 index 000000000000..15cf7d1833e5 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/java/entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +print_welcome_page + +echo "" +exec "$@" diff --git a/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/java/postunpack.sh new file mode 100755 index 000000000000..24a5c9bc15fa --- /dev/null +++ b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/java/postunpack.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purpose + +# Load libraries +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/liblog.sh + +# +# Java post-unpack operations +# + +# Override default files in the Java security directory. This is used for +# custom base images (with custom CA certificates or block lists is used) + +if ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then + info "Adding custom CAs to the Java security folder" + cp -Lr "$JAVA_EXTRA_SECURITY_DIR" /opt/bitnami/java/lib/security +fi diff --git a/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak-env.sh b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak-env.sh new file mode 100644 index 000000000000..9effd78c2b67 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak-env.sh @@ -0,0 +1,137 @@ +#!/bin/bash +# +# Environment configuration for keycloak + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-keycloak}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +keycloak_env_vars=( + KEYCLOAK_MOUNTED_CONF_DIR + KEYCLOAK_ADMIN + KEYCLOAK_ADMIN_PASSWORD + KEYCLOAK_HTTP_PORT + KEYCLOAK_HTTPS_PORT + KEYCLOAK_BIND_ADDRESS + KEYCLOAK_FRONTEND_URL + KEYCLOAK_INIT_MAX_RETRIES + KEYCLOAK_CACHE_TYPE + KEYCLOAK_EXTRA_ARGS + KEYCLOAK_ENABLE_STATISTICS + KEYCLOAK_ENABLE_TLS + KEYCLOAK_TLS_TRUSTSTORE_FILE + KEYCLOAK_TLS_TRUSTSTORE_PASSWORD + KEYCLOAK_TLS_KEYSTORE_FILE + KEYCLOAK_TLS_KEYSTORE_PASSWORD + KEYCLOAK_LOG_LEVEL + KEYCLOAK_ROOT_LOG_LEVEL + KEYCLOAK_PROXY + KEYCLOAK_CREATE_ADMIN_USER + KEYCLOAK_PRODUCTION + KEYCLOAK_DATABASE_HOST + KEYCLOAK_DATABASE_PORT + KEYCLOAK_DATABASE_USER + KEYCLOAK_DATABASE_NAME + KEYCLOAK_DATABASE_PASSWORD + KEYCLOAK_DATABASE_SCHEMA + KEYCLOAK_JDBC_PARAMS + KEYCLOAK_DAEMON_USER + KEYCLOAK_DAEMON_GROUP + KEYCLOAK_ADMIN_USER + KEYCLOAK_ADMIN_PASSWORD + DB_ADDR + DB_PORT + DB_USER + DB_DATABASE + DB_PASSWORD + DB_SCHEMA + JDBC_PARAMS +) +for env_var in "${keycloak_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset keycloak_env_vars + +# Paths +export BITNAMI_VOLUME_DIR="/bitnami" +export JAVA_HOME="/opt/bitnami/java" +export KEYCLOAK_BASE_DIR="/opt/bitnami/keycloak" +export KEYCLOAK_BIN_DIR="$KEYCLOAK_BASE_DIR/bin" +export KEYCLOAK_PROVIDERS_DIR="$KEYCLOAK_BASE_DIR/providers" +export KEYCLOAK_LOG_DIR="$KEYCLOAK_PROVIDERS_DIR/log" +export KEYCLOAK_TMP_DIR="$KEYCLOAK_PROVIDERS_DIR/tmp" +export KEYCLOAK_DOMAIN_TMP_DIR="$KEYCLOAK_BASE_DIR/domain/tmp" +export WILDFLY_BASE_DIR="/opt/bitnami/wildfly" +export KEYCLOAK_VOLUME_DIR="/bitnami/keycloak" +export KEYCLOAK_CONF_DIR="$KEYCLOAK_BASE_DIR/conf" +export KEYCLOAK_MOUNTED_CONF_DIR="${KEYCLOAK_MOUNTED_CONF_DIR:-${KEYCLOAK_VOLUME_DIR}/conf}" +export KEYCLOAK_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" +export KEYCLOAK_CONF_FILE="keycloak.conf" +export KEYCLOAK_DEFAULT_CONF_FILE="keycloak.conf" + +# Keycloak configuration +KEYCLOAK_ADMIN="${KEYCLOAK_ADMIN:-"${KEYCLOAK_ADMIN_USER:-}"}" +export KEYCLOAK_ADMIN="${KEYCLOAK_ADMIN:-user}" +KEYCLOAK_ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-"${KEYCLOAK_ADMIN_PASSWORD:-}"}" +export KEYCLOAK_ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-bitnami}" +export KEYCLOAK_HTTP_PORT="${KEYCLOAK_HTTP_PORT:-8080}" +export KEYCLOAK_HTTPS_PORT="${KEYCLOAK_HTTPS_PORT:-8443}" +export KEYCLOAK_BIND_ADDRESS="${KEYCLOAK_BIND_ADDRESS:-$(hostname --fqdn)}" +export KEYCLOAK_FRONTEND_URL="${KEYCLOAK_FRONTEND_URL:-}" +export KEYCLOAK_INIT_MAX_RETRIES="${KEYCLOAK_INIT_MAX_RETRIES:-10}" +export KEYCLOAK_CACHE_TYPE="${KEYCLOAK_CACHE_TYPE:-ispn}" +export KEYCLOAK_EXTRA_ARGS="${KEYCLOAK_EXTRA_ARGS:-}" +export KEYCLOAK_ENABLE_STATISTICS="${KEYCLOAK_ENABLE_STATISTICS:-false}" +export KEYCLOAK_ENABLE_TLS="${KEYCLOAK_ENABLE_TLS:-false}" +export KEYCLOAK_TLS_TRUSTSTORE_FILE="${KEYCLOAK_TLS_TRUSTSTORE_FILE:-}" +export KEYCLOAK_TLS_TRUSTSTORE_PASSWORD="${KEYCLOAK_TLS_TRUSTSTORE_PASSWORD:-}" +export KEYCLOAK_TLS_KEYSTORE_FILE="${KEYCLOAK_TLS_KEYSTORE_FILE:-}" +export KEYCLOAK_TLS_KEYSTORE_PASSWORD="${KEYCLOAK_TLS_KEYSTORE_PASSWORD:-}" +export KEYCLOAK_LOG_LEVEL="${KEYCLOAK_LOG_LEVEL:-INFO}" +export KEYCLOAK_ROOT_LOG_LEVEL="${KEYCLOAK_ROOT_LOG_LEVEL:-INFO}" +export KEYCLOAK_PROXY="${KEYCLOAK_PROXY:-passthrough}" +export KEYCLOAK_CREATE_ADMIN_USER="${KEYCLOAK_CREATE_ADMIN_USER:-true}" +export KEYCLOAK_PRODUCTION="${KEYCLOAK_PRODUCTION:-false}" +KEYCLOAK_DATABASE_HOST="${KEYCLOAK_DATABASE_HOST:-"${DB_ADDR:-}"}" +export KEYCLOAK_DATABASE_HOST="${KEYCLOAK_DATABASE_HOST:-postgresql}" +KEYCLOAK_DATABASE_PORT="${KEYCLOAK_DATABASE_PORT:-"${DB_PORT:-}"}" +export KEYCLOAK_DATABASE_PORT="${KEYCLOAK_DATABASE_PORT:-5432}" +KEYCLOAK_DATABASE_USER="${KEYCLOAK_DATABASE_USER:-"${DB_USER:-}"}" +export KEYCLOAK_DATABASE_USER="${KEYCLOAK_DATABASE_USER:-bn_keycloak}" +KEYCLOAK_DATABASE_NAME="${KEYCLOAK_DATABASE_NAME:-"${DB_DATABASE:-}"}" +export KEYCLOAK_DATABASE_NAME="${KEYCLOAK_DATABASE_NAME:-bitnami_keycloak}" +KEYCLOAK_DATABASE_PASSWORD="${KEYCLOAK_DATABASE_PASSWORD:-"${DB_PASSWORD:-}"}" +export KEYCLOAK_DATABASE_PASSWORD="${KEYCLOAK_DATABASE_PASSWORD:-}" +KEYCLOAK_DATABASE_SCHEMA="${KEYCLOAK_DATABASE_SCHEMA:-"${DB_SCHEMA:-}"}" +export KEYCLOAK_DATABASE_SCHEMA="${KEYCLOAK_DATABASE_SCHEMA:-public}" +KEYCLOAK_JDBC_PARAMS="${KEYCLOAK_JDBC_PARAMS:-"${JDBC_PARAMS:-}"}" +export KEYCLOAK_JDBC_PARAMS="${KEYCLOAK_JDBC_PARAMS:-}" + +# System users (when running with a privileged user) +export KEYCLOAK_DAEMON_USER="${KEYCLOAK_DAEMON_USER:-keycloak}" +export KEYCLOAK_DAEMON_GROUP="${KEYCLOAK_DAEMON_GROUP:-keycloak}" + +# Custom environment variables may be defined below diff --git a/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/entrypoint.sh b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/entrypoint.sh new file mode 100755 index 000000000000..5036f17d8039 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +#set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libkeycloak.sh + +# Load keycloak environment variables +. /opt/bitnami/scripts/keycloak-env.sh + +print_welcome_page + +if [[ "$*" = *"/opt/bitnami/scripts/keycloak/run.sh"* ]]; then + info "** Starting keycloak setup **" + /opt/bitnami/scripts/keycloak/setup.sh + info "** keycloak setup finished! **" +fi + +echo "" +exec "$@" diff --git a/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/postunpack.sh b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/postunpack.sh new file mode 100755 index 000000000000..c2906aeaeffa --- /dev/null +++ b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/postunpack.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purpose + +# Load libraries +. /opt/bitnami/scripts/libkeycloak.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh + +# Load keycloak environment variables +. /opt/bitnami/scripts/keycloak-env.sh + +ensure_user_exists "$KEYCLOAK_ADMIN" +ensure_user_exists "$KEYCLOAK_DAEMON_USER" --group "$KEYCLOAK_DAEMON_GROUP" + +for dir in "$KEYCLOAK_LOG_DIR" "$KEYCLOAK_TMP_DIR" "$KEYCLOAK_VOLUME_DIR" "$KEYCLOAK_CONF_DIR" "$KEYCLOAK_INITSCRIPTS_DIR" "${KEYCLOAK_BASE_DIR}/.installation" "${KEYCLOAK_BASE_DIR}/lib" "$KEYCLOAK_BASE_DIR" "$KEYCLOAK_PROVIDERS_DIR"; do + ensure_dir_exists "$dir" + chmod -R g+rwX "$dir" + chown -R "$KEYCLOAK_DAEMON_USER:$KEYCLOAK_DAEMON_GROUP" "$dir" +done diff --git a/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/run.sh b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/run.sh new file mode 100755 index 000000000000..91c48e164f0a --- /dev/null +++ b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/run.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purpose + +# Load libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libkeycloak.sh +. /opt/bitnami/scripts/libos.sh + +# Load keycloak environment variables +. /opt/bitnami/scripts/keycloak-env.sh + +info "** Starting keycloak **" +# Use only basename +conf_file="${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}" + +is_boolean_yes "$KEYCLOAK_PRODUCTION" && start_param="start" || start_param="start-dev" + +start_command=("${KEYCLOAK_BIN_DIR}/kc.sh -cf ${conf_file} ${start_param}") + +# Add extra args +if [[ -n "$KEYCLOAK_EXTRA_ARGS" ]]; then + read -r -a extra_args <<<"$KEYCLOAK_EXTRA_ARGS" + start_command+=("${extra_args[@]}") +fi + +if am_i_root; then + exec gosu "$KEYCLOAK_DAEMON_USER" /bin/bash -c "${start_command[@]}" +else + exec /bin/bash -c "${start_command[@]}" +fi diff --git a/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/setup.sh b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/setup.sh new file mode 100755 index 000000000000..719210f40c18 --- /dev/null +++ b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/keycloak/setup.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purpose + +# Load libraries +. /opt/bitnami/scripts/libkeycloak.sh + +# Load keycloak environment variables +. /opt/bitnami/scripts/keycloak-env.sh + +# Ensure keycloak environment variables are valid +keycloak_validate + +# Ensure 'daemon' user exists when running as 'root' +am_i_root && ensure_user_exists "$KEYCLOAK_DAEMON_USER" --group "$KEYCLOAK_DAEMON_GROUP" + +# Ensure keycloak is initialized +keycloak_initialize + +# keycloak init scripts +keycloak_custom_init_scripts diff --git a/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/libkeycloak.sh b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/libkeycloak.sh new file mode 100644 index 000000000000..75b4c8d8fefb --- /dev/null +++ b/bitnami/keycloak/17/debian-10/rootfs/opt/bitnami/scripts/libkeycloak.sh @@ -0,0 +1,292 @@ +#!/bin/bash +# +# Bitnami Keycloak library + +# shellcheck disable=SC1090,SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libnet.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libvalidations.sh + +######################## +# Validate settings in KEYCLOAK_* env. variables +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_validate() { + info "Validating settings in KEYCLOAK_* env vars..." + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + check_allowed_port() { + local port_var="${1:?missing port variable}" + local -a validate_port_args=() + ! am_i_root && validate_port_args+=("-unprivileged") + validate_port_args+=("${!port_var}") + if ! err=$(validate_port "${validate_port_args[@]}"); then + print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." + fi + } + if is_boolean_yes "$KEYCLOAK_PRODUCTION"; then + if ! is_boolean_yes "$KEYCLOAK_ENABLE_TLS"; then + print_validation_error "You need to have the TLS enable. Please set the KEYCLOAK_ENABLE_TLS variable to true" + fi + fi + + if is_boolean_yes "$KEYCLOAK_ENABLE_TLS"; then + if is_empty_value "$KEYCLOAK_TLS_TRUSTSTORE_FILE"; then + print_validation_error "Path to the TLS truststore file not defined. Please set the KEYCLOAK_TLS_TRUSTSTORE_FILE variable to the mounted truststore" + fi + if is_empty_value "$KEYCLOAK_TLS_KEYSTORE_FILE"; then + print_validation_error "Path to the TLS keystore file not defined. Please set the KEYCLOAK_TLS_KEYSTORE_FILE variable to the mounted keystore" + fi + fi + + if ! validate_ipv4 "${KEYCLOAK_BIND_ADDRESS}"; then + if ! is_hostname_resolved "${KEYCLOAK_BIND_ADDRESS}"; then + print_validation_error print_validation_error "The value for KEYCLOAK_BIND_ADDRESS ($KEYCLOAK_BIND_ADDRESS) should be an IPv4 address or it must be a resolvable hostname" + fi + fi + + if [[ "$KEYCLOAK_HTTP_PORT" -eq "$KEYCLOAK_HTTPS_PORT" ]]; then + print_validation_error "KEYCLOAK_HTTP_PORT and KEYCLOAK_HTTPS_PORT are bound to the same port!" + fi + check_allowed_port KEYCLOAK_HTTP_PORT + check_allowed_port KEYCLOAK_HTTPS_PORT + + for var in KEYCLOAK_CREATE_ADMIN_USER KEYCLOAK_ENABLE_TLS KEYCLOAK_ENABLE_STATISTICS; do + if ! is_true_false_value "${!var}"; then + print_validation_error "The allowed values for $var are [true, false]" + fi + done + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Add or modify an entry in the Discourse configuration file +# Globals: +# KEYCLOAK_* +# Arguments: +# $1 - Variable name +# $2 - Value to assign to the variable +# Returns: +# None +######################### +keycloak_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:-}" + debug "Setting ${key} to '${value}' in Keycloak configuration" + # Sanitize key (sed does not support fixed string substitutions) + local sanitized_pattern + sanitized_pattern="^\s*(#\s*)?$(sed 's/[]\[^$.*/]/\\&/g' <<< "$key")\s*=\s*(.*)" + local entry="${key} = ${value}" + # Check if the configuration exists in the file + if grep -q -E "$sanitized_pattern" "${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}"; then + # It exists, so replace the line + replace_in_file "${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}" "$sanitized_pattern" "$entry" + else + echo "$entry" >> "${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}" + fi +} + +######################## +# Configure database settings +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_configure_database() { + info "Configuring database settings" + keycloak_conf_set "db" "postgres" + keycloak_conf_set "db-username" "$KEYCLOAK_DATABASE_USER" + keycloak_conf_set "db-password" "$KEYCLOAK_DATABASE_PASSWORD" + keycloak_conf_set "db-url" "jdbc:postgresql://${KEYCLOAK_DATABASE_HOST}:${KEYCLOAK_DATABASE_PORT}/${KEYCLOAK_DATABASE_NAME}" + debug_execute kc.sh build --db postgres +} + +######################## +# Configure cluster caching +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_configure_cache() { + info "Configuring cache count" + keycloak_conf_set "cache" "$KEYCLOAK_CACHE_TYPE" +} + +######################## +# Enable statistics +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_configure_metrics() { + info "Enabling statistics" + keycloak_conf_set "metrics-enabled" "$KEYCLOAK_ENABLE_STATISTICS" +} + +######################## +# Configure hostname +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_configure_hostname(){ + info "Configuring hostname settings" + keycloak_conf_set "hostname-strict" "false" +} + +######################## +# Configure http +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_configure_http(){ + info "Configuring http settings" + keycloak_conf_set "http-enabled" "true" + keycloak_conf_set "https-stric" "false" + keycloak_conf_set "http-port" "${KEYCLOAK_HTTP_PORT}" + keycloak_conf_set "https-port" "${KEYCLOAK_HTTPS_PORT}" +} + +######################## +# Configure logging settings +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_configure_loglevel() { + info "Configuring log level" + keycloak_conf_set "log-level" "${KEYCLOAK_LOG_LEVEL}" +} + +######################## +# Configure proxy settings using JBoss CLI +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_configure_proxy() { + info "Configuring proxy" + keycloak_conf_set "proxy" "${KEYCLOAK_PROXY}" +} + + ######################## +# Configure database settings +# Globals: +# KEYCLOAK_* +# Arguments: +# Returns: +# None +######################### +keycloak_configure_tls() { + info "Configuring TLS by setting keystore and truststore" + keycloak_conf_set "https-key-store-file" "${KEYCLOAK_TLS_KEYSTORE_FILE}" + keycloak_conf_set "https-trust-store-file" "${KEYCLOAK_TLS_TRUSTSTORE_FILE}" + ! is_empty_value "$KEYCLOAK_TLS_KEYSTORE_PASSWORD" && keycloak_conf_set "https-key-store-password" "${KEYCLOAK_TLS_KEYSTORE_PASSWORD}" + ! is_empty_value "$KEYCLOAK_TLS_TRUSTSTORE_PASSWORD" && keycloak_conf_set "https-trust-store-password" "${KEYCLOAK_TLS_TRUSTSTORE_PASSWORD}" +} + +######################## +# Initialize keycloak installation +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_initialize() { + # Clean to avoid issues when running docker restart + # Wait for database + info "Trying to connect to PostgreSQL server $KEYCLOAK_DATABASE_HOST..." + if ! retry_while "wait-for-port --host $KEYCLOAK_DATABASE_HOST --timeout 10 $KEYCLOAK_DATABASE_PORT" "$KEYCLOAK_INIT_MAX_RETRIES"; then + error "Unable to connect to host $KEYCLOAK_DATABASE_HOST" + exit 1 + else + info "Found PostgreSQL server listening at $KEYCLOAK_DATABASE_HOST:$KEYCLOAK_DATABASE_PORT" + fi + + if ! is_dir_empty "$KEYCLOAK_MOUNTED_CONF_DIR"; then + cp -Lr "$KEYCLOAK_MOUNTED_CONF_DIR"/* "$KEYCLOAK_CONF_DIR" + fi + keycloak_configure_database + keycloak_configure_metrics + keycloak_configure_http + keycloak_configure_hostname + keycloak_configure_cache + keycloak_configure_loglevel + keycloak_configure_proxy + is_boolean_yes "$KEYCLOAK_ENABLE_TLS" && keycloak_configure_tls + true +} + +######################## +# Run custom initialization scripts +# Globals: +# KEYCLOAK_* +# Arguments: +# None +# Returns: +# None +######################### +keycloak_custom_init_scripts() { + if [[ -n $(find "${KEYCLOAK_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh") ]] && [[ ! -f "${KEYCLOAK_INITSCRIPTS_DIR}/.user_scripts_initialized" ]]; then + info "Loading user's custom files from ${KEYCLOAK_INITSCRIPTS_DIR} ..." + local -r tmp_file="/tmp/filelist" + find "${KEYCLOAK_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh" | sort >"$tmp_file" + while read -r f; do + case "$f" in + *.sh) + if [[ -x "$f" ]]; then + debug "Executing $f" + "$f" + else + debug "Sourcing $f" + . "$f" + fi + ;; + *) debug "Ignoring $f" ;; + esac + done <$tmp_file + rm -f "$tmp_file" + touch "$KEYCLOAK_VOLUME_DIR"/.user_scripts_initialized + fi +} diff --git a/bitnami/keycloak/README.md b/bitnami/keycloak/README.md index c7788f4d99cb..d10ea1abd469 100644 --- a/bitnami/keycloak/README.md +++ b/bitnami/keycloak/README.md @@ -44,7 +44,7 @@ Non-root container images add an extra layer of security and are generally recom Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/). -* [`16`, `16-debian-10`, `16.1.1`, `16.1.1-debian-10-r103`, `latest` (16/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-keycloak/blob/16.1.1-debian-10-r103/16/debian-10/Dockerfile) +* [`17`, `17-debian-10`, `17.0.1`, `17.0.1-debian-10-r0`, `latest` (17/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-keycloak/blob/17.0.1-debian-10-r0/17/debian-10/Dockerfile) Subscribe to project updates by watching the [bitnami/keycloak GitHub repo](https://github.com/bitnami/bitnami-docker-keycloak). @@ -65,7 +65,7 @@ $ docker pull bitnami/keycloak:[TAG] If you wish, you can also build the image yourself. ```console -$ docker build -t bitnami/keycloak:latest 'https://github.com/bitnami/bitnami-docker-keycloak.git#master:16/debian-10' +$ docker build -t bitnami/keycloak:latest 'https://github.com/bitnami/bitnami-docker-keycloak.git#master:17/debian-10' ``` ## Configuration @@ -102,7 +102,7 @@ The listening port and listening address can be configured with the following en ### Extra arguments to Keycloak startup -In case you want to add extra flags to the Keycloak `standalone.sh` command, use the `KEYCLOAK_EXTRA_ARGS` variable. Example: +In case you want to add extra flags to the Keycloak use the `KEYCLOAK_EXTRA_ARGS` variable. Example: ```console $ docker run --name keycloak \ @@ -148,74 +148,6 @@ Apart from that, the following environment variables must be set: - `KEYCLOAK_TLS_KEYSTORE_PASSWORD`: Password for accessing the keystore. No defaults. - `KEYCLOAK_TLS_TRUSTSTORE_PASSWORD`: Password for accessing the truststore. No defaults. -### Cluster configuration - -The Bitnami Keycloak Docker image allows configuring a highly available cluster. In order to do so, two elements must be configured: the service discovery mechanism and the caching settings. - -Service discovery is configured by setting the following variables: - -- `KEYCLOAK_JGROUPS_DISCOVERY_PROTOCOL`: Sets the protocol that Keycloak nodes would use to discover new peers. Check the [official jgroups documentation](http://www.jgroups.org/javadoc3/org/jgroups/protocols/) for the list of available protocols. No defaults. -- `KEYCLOAK_JGROUPS_DISCOVERY_PROPERTIES`: Sets the properties for the discovery protocol set in `KEYCLOAK_JGROUPS_DISCOVERY_PROTOCOL`. It is a comma-separated list of `key=>value` pairs. No defaults. -- `KEYCLOAK_JGROUPS_TRANSPORT_STACK`: Transport stack for the discovery protocol set in `KEYCLOAK_JGROUPS_DISCOVERY_PROTOCOL`. Default: **tcp**. - -Caching is configured by setting the following variables: - -- `KEYCLOAK_CACHE_OWNERS_COUNT`: Number of nodes that will replicate cached data. Default: **1**. -- `KEYCLOAK_AUTH_CACHE_OWNERS_COUNT`: Number of nodes that will replicate cached authentication data. Default: **1**. - -In the example below we will configure a 3-node keycloak cluster with a database-based discovery protocol (JDBC_PING): - -```yaml -version: "2" -services: - postgresql: - image: "docker.io/bitnami/postgresql:11" - environment: - - ALLOW_EMPTY_PASSWORD=yes - - POSTGRESQL_USERNAME=bn_keycloak - - POSTGRESQL_DATABASE=bitnami_keycloak - volumes: - - "postgresql_data:/bitnami/postgresql" - keycloak-1: - image: docker.io/bitnami/keycloak:latest - ports: - - "80:8080" - environment: - - KEYCLOAK_CREATE_ADMIN_USER=true - - KEYCLOAK_JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING - - 'KEYCLOAK_JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=>java:jboss/datasources/KeycloakDS, initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"' - - KEYCLOAK_CACHE_OWNERS_COUNT=3 - - KEYCLOAK_AUTH_CACHE_OWNERS_COUNT=3 - depends_on: - - postgresql - keycloak-2: - image: docker.io/bitnami/keycloak:latest - ports: - - "81:8080" - depends_on: - - postgresql - environment: - - KEYCLOAK_JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING - - 'KEYCLOAK_JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=>java:jboss/datasources/KeycloakDS, initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"' - - KEYCLOAK_CACHE_OWNERS_COUNT=3 - - KEYCLOAK_AUTH_CACHE_OWNERS_COUNT=3 - keycloak-3: - image: docker.io/bitnami/keycloak:latest - ports: - - "82:8080" - depends_on: - - postgresql - environment: - - KEYCLOAK_JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING - - 'KEYCLOAK_JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=>java:jboss/datasources/KeycloakDS, initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"' - - KEYCLOAK_CACHE_OWNERS_COUNT=3 - - KEYCLOAK_AUTH_CACHE_OWNERS_COUNT=3 -volumes: - postgresql_data: - driver: local -``` - -In case of adding a reverse proxy, you need to set the `KEYCLOAK_PROXY_ADDRESS_FORWARDING` to `true. ### Adding custom themes @@ -253,7 +185,7 @@ The Bitnami Keycloak container can activate different set of statistics (databas #### Full configuration -The image looks for configuration files (e.g. `standalone-ha.xml`) in the `/bitnami/keycloak/configuration/` directory, this directory can be changed by setting the KEYCLOAK_MOUNTED_CONF_DIR environment variable. +The image looks for configuration files in the `/bitnami/keycloak/configuration/` directory, this directory can be changed by setting the KEYCLOAK_MOUNTED_CONF_DIR environment variable. ```console $ docker run --name keycloak \ @@ -276,6 +208,13 @@ After that, your changes will be taken into account in the server's behaviour. Keycloak's branch 16 is no longer maintained by upstream and is now internally tagged as to be deprecated. This branch will no longer be released in our catalog a month after this notice is published, but already released container images will still persist in the registries. Valid to be removed starting on: 05-05-2022 +## Notable Changes + +### 17-debian-10 + +Keycloak 17 is powered by Quarkus and to deploy it in production mode it is necessary to set up TLS. +To do this you need to set `KEYCLOAK_PRODUCTION` to **true** and configure TLS + ## Contributing We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/bitnami-docker-keycloak/issues), or submit a [pull request](https://github.com/bitnami/bitnami-docker-keycloak/pulls) with your contribution. diff --git a/bitnami/keycloak/docker-compose.yml b/bitnami/keycloak/docker-compose.yml index bc3c0229e708..f396d295f2d5 100644 --- a/bitnami/keycloak/docker-compose.yml +++ b/bitnami/keycloak/docker-compose.yml @@ -11,7 +11,7 @@ services: - 'postgresql_data:/bitnami/postgresql' keycloak: - image: docker.io/bitnami/keycloak:16 + image: docker.io/bitnami/keycloak:17 depends_on: - postgresql ports: