Preparation for easier Keycloak setup + simplified orchestration of LEAF-Writer

383ed4b9 · Jacob Benz · 485ed5f7 · 383ed4b9 · 383ed4b9 · 383ed4b9
Commit 383ed4b9 authored 4 months ago by Jacob Benz
--- a/docker-compose-keycloak-firstrun.yml
+++ b/docker-compose-keycloak-firstrun.yml
+include:
+  - docker-compose-keycloak.yml
+volumes:
+  keycloak-config:
+    name: keycloak-firstrun
+services:
+  # Import LINCS realm
+  keycloak-firstrun:
+    image: adorsys/keycloak-config-cli:latest
+    env_file: 
+      - "../leafwriter.env"
+    environment:
+      - KEYCLOAK_URL=http://keycloak:8080/
+      - KEYCLOAK_USER=tempadmin
+      - KEYCLOAK_PASSWORD=tempadmin
+      - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
+      - KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s
+      - IMPORT_FILES_LOCATIONS=/config/leafwriter-conf.json
+      - IMPORT_VARSUBSTITUTION_ENABLED=true
+    volumes:
+      - ./keycloak-provisioning-files:/config
+    depends_on:
+      - keycloak
+    networks:
+      - keycloak-net
+  # Second run of Keycloak-config-cli Tool to automatically create permanent Keycloak admin, used for gui login as well as auth-api
+  keycloak-secondrun:
+    image: adorsys/keycloak-config-cli:latest
+    env_file: 
+      - "../leafwriter.env"
+    environment:
+      - KEYCLOAK_URL=http://keycloak:8080/
+      - KEYCLOAK_USER=tempadmin
+      - KEYCLOAK_PASSWORD=tempadmin
+      - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
+      - KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s
+      - IMPORT_FILES_LOCATIONS=/config/leafwriter-conf-master.json
+      - IMPORT_VARSUBSTITUTION_ENABLED=true
+    volumes:
+      - ./keycloak-provisioning-files:/config
+    depends_on:
+      keycloak:
+        condition: service_started
+      keycloak-firstrun:
+        condition: service_completed_successfully
+    networks:
+      - keycloak-net
\ No newline at end of file
--- a/docker-compose-keycloak.yml
+++ b/docker-compose-keycloak.yml
-version: '3'
 volumes:
  keycloak-data:
    name: keycloakdb
 services:
    keycloakdb:
-        image: postgres:11
+        image: postgres:17
        ports:
            - "5406:5432"
        environment:
@@ -15,6 +13,8 @@ services:
            - POSTGRES_DB=keycloak
        volumes:
            - ./keycloak-data:/var/lib/postgresql/data
+        networks:
+            - keycloak-net
    keycloak:
        image: keycloak/keycloak
        command: start        
@@ -24,11 +24,14 @@ services:
            - keycloakdb
        depends_on:
            - keycloakdb
+        networks:
+            - keycloak-net
        volumes:
            - ./opt-keycloak:/opt/keycloak/providers
        environment:
-            - KEYCLOAK_ADMIN=admin
+            - KC_BOOTSTRAP_ADMIN_USERNAME=tempadmin
-            - KEYCLOAK_ADMIN_PASSWORD=admin
+            - KC_BOOTSTRAP_ADMIN_PASSWORD=tempadmin
+            - KC_BOOTSTRAP_ADMIN_EXPIRATION=10
            - KC_DB_USERNAME=postgres
            - KC_DB_PASSWORD=postgres
            - KC_DB=postgres
@@ -39,3 +42,6 @@ services:
            - KC_HTTP_ENABLED=true
            - KC_HOSTNAME_STRICT_HTTPS=false
            - KC_HEALTH_ENABLED=true
+networks:
+    keycloak-net:
\ No newline at end of file
--- a/keycloak-provisioning-files/leafwriter-conf-master.json
+++ b/keycloak-provisioning-files/leafwriter-conf-master.json
+{
+  "id": "master",
+  "realm": "master",
+  "users": [
+    {
+      "username": "$(env:keycloak_admin)",
+      "enabled": true,
+      "realmRoles": [
+        "admin",
+        "default-roles-master"
+      ],
+      "credentials": [
+        {
+          "type": "password",
+          "value": "$(env:keycloak_password)"
+        }
+      ]
+    }
+  ]  
+}
--- a/authapi
+++ b/authapi
 server {
-	server_name authapi.test.lca.users.h-da.cloud;
+	server_name authapi.example.com;
 	listen 80;
 	listen [::]:80;
 	location / {
-		proxy_pass http://localhost:5000/;
+		proxy_pass http://localhost:3002/;
 		proxy_set_header Host $host;
 		proxy_set_header X-Forwarded-Proto $scheme;
 		proxy_set_header X-Real-IP $remote_addr;

--- a/keycloak
+++ b/keycloak
 server {
-        server_name keycloak.test.lca.users.h-da.cloud;
+        server_name keycloak.example.com;
 	listen 80;
 	listen [::]:80;
        location / {
-                proxy_pass http://localhost:8090;
+                proxy_pass http://localhost:8080;
                proxy_set_header    Host               $host;
                proxy_set_header    X-Real-IP          $remote_addr;
                proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;

--- a/leaf
+++ b/leaf
 server {
-	server_name leaf.test.lca.users.h-da.cloud;
+	server_name example.com;
 	listen 80;
 	listen [::]:80;
@@ -10,8 +10,4 @@ server {
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	}
 }
--- a/nssi
+++ b/nssi
-server {
-        server_name nssi.test.lca.users.h-da.cloud;
-	listen 80;
-	listen [::]:80;
-        location / {
-                proxy_pass http://localhost:8080;
-                proxy_set_header    Host               $host;
-                proxy_set_header    X-Real-IP          $remote_addr;
-                proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
-                proxy_set_header    X-Forwarded-Host   $host;
-                proxy_set_header    X-Forwarded-Server $host;
-                proxy_set_header    X-Forwarded-Port   $server_port;
-                proxy_set_header    X-Forwarded-Proto  $scheme;
-        }
-}