From a8e4f57575bf8287cde141e210fa362930518ade Mon Sep 17 00:00:00 2001 From: anmg Date: Sun, 16 Mar 2025 08:56:30 +0200 Subject: [PATCH 1/5] Bump Keycloack to 26.1, use separate postgres container and separate folder --- bbb-install.sh | 88 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 69 insertions(+), 19 deletions(-) diff --git a/bbb-install.sh b/bbb-install.sh index 6553e01..597fcbc 100644 --- a/bbb-install.sh +++ b/bbb-install.sh @@ -54,7 +54,7 @@ OPTIONS (install BigBlueButton): -x Use Let's Encrypt certbot with manual DNS challenges -g Install Greenlight version 3 - -k Install Keycloak version 20 + -k Install Keycloak version 26 -t : Install BigBlueButton LTI framework tools and add/update LTI consumer credentials : @@ -85,7 +85,7 @@ OPTIONS (install Let's Encrypt certificate only): OPTIONS (install Greenlight only): -g Install Greenlight version 3 (required) - -k Install Keycloak version 20 (optional) + -k Install Keycloak version 26 (optional) OPTIONS (install BigBlueButton LTI framework only): @@ -124,6 +124,7 @@ main() { LETS_ENCRYPT_OPTIONS=(--webroot --non-interactive) SOURCES_FETCHED=false GL3_DIR=~/greenlight-v3 + KC_DIR=~/keycloack LTI_DIR=~/bbb-lti NGINX_FILES_DEST=/usr/share/bigbluebutton/nginx CR_TMPFILE=$(mktemp /tmp/carriage-return.XXXXXX) @@ -946,33 +947,82 @@ install_greenlight_v3(){ disable_nginx_site default-fe.nginx && say "found default bbb-fe 'Welcome' and disabled it!" # Adding Keycloak - if [ -n "$INSTALL_KC" ]; then - # When attempting to install/update Keycloak let us attempt to create the database to resolve any issues caused by postgres false negatives. - docker-compose -f $GL3_DIR/docker-compose.yml up -d postgres && say "started postgres" - wait_postgres_start - docker-compose -f $GL3_DIR/docker-compose.yml exec -T postgres psql -U postgres -c 'CREATE DATABASE keycloakdb;' - fi - if ! grep -q 'keycloak:' $GL3_DIR/docker-compose.yml; then + if [ ! -f "$KC_DIR/docker-compose.yml" ] || [ ! grep -q 'keycloak:' $GL3_DIR/docker-compose.yml ]; then # The following logic is expected to run only once when adding Keycloak. # Keycloak isn't installed if [ -n "$INSTALL_KC" ]; then # Add Keycloak say "Adding Keycloak..." - docker-compose -f $GL3_DIR/docker-compose.yml down - cp -v $GL3_DIR/docker-compose.yml $GL3_DIR/docker-compose.base.yml # Persist working base compose file for admins as a Backup. + if [ ! -d $KC_DIR ]; then + mkdir -p $KC_DIR && say "created $KC_DIR" + fi + cat < $KC_DIR/.env +POSTGRES_DB=keycloak_db +POSTGRES_USER=postgres +POSTGRES_PASSWORD= +KEYCLOAK_ADMIN=admin +KEYCLOAK_ADMIN_PASSWORD= +HERE - docker run --rm --entrypoint sh $GL_IMG_REPO -c 'cat docker-compose.kc.yml' >> $GL3_DIR/docker-compose.yml + cat < $KC_DIR/docker-compose.yml +networks: + keycloak_network: + +services: + postgres: + image: postgres:17-alpine + container_name: postgres-keycloack + volumes: + - ./postgres17:/var/lib/postgresql/data + environment: + POSTGRES_DB: \${POSTGRES_DB} + POSTGRES_USER: \${POSTGRES_USER} + POSTGRES_PASSWORD: \${POSTGRES_PASSWORD} + networks: + - keycloak_network + + keycloak: + image: quay.io/keycloak/keycloak:26.1 + container_name: keycloack + command: start + environment: + # KC_HOSTNAME: localhost + KC_HOSTNAME_PORT: 5151 + KC_HOSTNAME_STRICT: false + KC_HTTP_ENABLED: true + KC_HOSTNAME_STRICT_HTTPS: false + KC_HTTP_RELATIVE_PATH: /keycloak + KC_HEALTH_ENABLED: true + KC_BOOTSTRAP_ADMIN_USERNAME: \${KEYCLOAK_ADMIN} + KC_BOOTSTRAP_ADMIN_PASSWORD: \${KEYCLOAK_ADMIN_PASSWORD} + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://postgres/\${POSTGRES_DB} + KC_DB_USERNAME: \${POSTGRES_USER} + KC_DB_PASSWORD: \${POSTGRES_PASSWORD} + KC_PROXY_HEADERS: xforwarded + + ports: + - 5151:8080 + restart: always + depends_on: + - postgres + networks: + - keycloak_network + +volumes: + postgres17: {} + +HERE - if ! grep -q 'keycloak:' $GL3_DIR/docker-compose.yml; then - err "failed to add Keycloak service to greenlight-v3 compose file - is docker running?" - fi - say "added Keycloak to compose file" KCPASSWORD=$(openssl rand -hex 12) # Keycloak admin password. - sed -i "s|^\([ \t-]*KEYCLOAK_ADMIN_PASSWORD\)\(=[ \t]*\)$|\1=$KCPASSWORD|g" $GL3_DIR/docker-compose.yml # Do not overwrite the value if not empty. - sed -i "s|^\([ \t-]*KC_DB_PASSWORD\)\(=[ \t]*\)$|\1=$PGPASSWORD|g" $GL3_DIR/docker-compose.yml # Do not overwrite the value if not empty. + KCPGPASSWORD=$(openssl rand -hex 12) # Keycloak postgres password. + sed -i "s|^\([ \t-]*KEYCLOAK_ADMIN_PASSWORD\)\(=[ \t]*\)$|\1=$KCPASSWORD|g" $KC_DIR/.env # Do not overwrite the value if not empty. + sed -i "s|^\([ \t-]*POSTGRES_PASSWORD\)\(=[ \t]*\)$|\1=$KCPGPASSWORD|g" $KC_DIR/.env # Do not overwrite the value if not empty. + + docker-compose -f $KC_DIR/docker-compose.yml up -d # Updating Keycloak nginx file. cp -v $NGINX_FILES_DEST/keycloak.nginx $NGINX_FILES_DEST/keycloak.nginx.old && say "old Keycloak nginx config can be retrieved at $NGINX_FILES_DEST/keycloak.nginx.old" @@ -1032,7 +1082,7 @@ HERE say "To create Greenlight administrator account, see: https://docs.bigbluebutton.org/greenlight/v3/install#creating-an-admin-account" - if grep -q 'keycloak:' $GL3_DIR/docker-compose.yml; then + if grep -q 'keycloak:' $KC_DIR/docker-compose.yml; then say "Keycloak is installed, up to date and accessible for configuration on: https://$HOST/keycloak/" if [ -n "$KCPASSWORD" ];then say "Use the following credentials when accessing the admin console:" From a4400946c34b1db3f3e6fc1ebb3d0cc53efd9a49 Mon Sep 17 00:00:00 2001 From: anmg Date: Sun, 16 Mar 2025 09:21:18 +0200 Subject: [PATCH 2/5] fix lint --- bbb-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbb-install.sh b/bbb-install.sh index 597fcbc..fa11a04 100644 --- a/bbb-install.sh +++ b/bbb-install.sh @@ -948,7 +948,7 @@ install_greenlight_v3(){ # Adding Keycloak - if [ ! -f "$KC_DIR/docker-compose.yml" ] || [ ! grep -q 'keycloak:' $GL3_DIR/docker-compose.yml ]; then + if ! -f "$KC_DIR/docker-compose.yml" || ! grep -q 'keycloak:' $GL3_DIR/docker-compose.yml ; then # The following logic is expected to run only once when adding Keycloak. # Keycloak isn't installed if [ -n "$INSTALL_KC" ]; then From 8bbcf1445ff515e79c6e498cb998471dcb16a737 Mon Sep 17 00:00:00 2001 From: anmg Date: Sun, 16 Mar 2025 09:24:43 +0200 Subject: [PATCH 3/5] fix lint --- bbb-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbb-install.sh b/bbb-install.sh index fa11a04..f8a1cf4 100644 --- a/bbb-install.sh +++ b/bbb-install.sh @@ -948,7 +948,7 @@ install_greenlight_v3(){ # Adding Keycloak - if ! -f "$KC_DIR/docker-compose.yml" || ! grep -q 'keycloak:' $GL3_DIR/docker-compose.yml ; then + if ! -f "$KC_DIR/docker-compose.yml" || ! grep -q 'keycloak:' $GL3_DIR/docker-compose.yml; then # The following logic is expected to run only once when adding Keycloak. # Keycloak isn't installed if [ -n "$INSTALL_KC" ]; then From a49be7eb6328462ca0bbe5256de98b4c49a549bc Mon Sep 17 00:00:00 2001 From: anmg Date: Sun, 16 Mar 2025 10:06:33 +0200 Subject: [PATCH 4/5] fix port number --- bbb-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbb-install.sh b/bbb-install.sh index f8a1cf4..0233c2a 100644 --- a/bbb-install.sh +++ b/bbb-install.sh @@ -1004,7 +1004,7 @@ services: KC_PROXY_HEADERS: xforwarded ports: - - 5151:8080 + - 5151:5151 restart: always depends_on: - postgres From 44386b2ea66f0a89d5c6c6499490fc9d191a4ad8 Mon Sep 17 00:00:00 2001 From: anmg Date: Mon, 17 Mar 2025 16:57:55 +0200 Subject: [PATCH 5/5] edit Keycloak network name, fix v2 hostname config --- bbb-install.sh | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/bbb-install.sh b/bbb-install.sh index 0233c2a..cd166cb 100644 --- a/bbb-install.sh +++ b/bbb-install.sh @@ -955,10 +955,13 @@ install_greenlight_v3(){ # Add Keycloak say "Adding Keycloak..." + # create Keycloak dir if [ ! -d $KC_DIR ]; then mkdir -p $KC_DIR && say "created $KC_DIR" fi - cat < $KC_DIR/.env + + # Create Keycloak docker files + cat < $KC_DIR/.env POSTGRES_DB=keycloak_db POSTGRES_USER=postgres POSTGRES_PASSWORD= @@ -968,7 +971,7 @@ HERE cat < $KC_DIR/docker-compose.yml networks: - keycloak_network: + kcnetwork: services: postgres: @@ -981,18 +984,16 @@ services: POSTGRES_USER: \${POSTGRES_USER} POSTGRES_PASSWORD: \${POSTGRES_PASSWORD} networks: - - keycloak_network + - kcnetwork keycloak: image: quay.io/keycloak/keycloak:26.1 container_name: keycloack command: start environment: - # KC_HOSTNAME: localhost KC_HOSTNAME_PORT: 5151 KC_HOSTNAME_STRICT: false KC_HTTP_ENABLED: true - KC_HOSTNAME_STRICT_HTTPS: false KC_HTTP_RELATIVE_PATH: /keycloak KC_HEALTH_ENABLED: true KC_BOOTSTRAP_ADMIN_USERNAME: \${KEYCLOAK_ADMIN} @@ -1009,14 +1010,14 @@ services: depends_on: - postgres networks: - - keycloak_network + - kcnetwork volumes: postgres17: {} HERE - + # generate Keycloak passwords KCPASSWORD=$(openssl rand -hex 12) # Keycloak admin password. KCPGPASSWORD=$(openssl rand -hex 12) # Keycloak postgres password. sed -i "s|^\([ \t-]*KEYCLOAK_ADMIN_PASSWORD\)\(=[ \t]*\)$|\1=$KCPASSWORD|g" $KC_DIR/.env # Do not overwrite the value if not empty. @@ -1085,7 +1086,7 @@ HERE if grep -q 'keycloak:' $KC_DIR/docker-compose.yml; then say "Keycloak is installed, up to date and accessible for configuration on: https://$HOST/keycloak/" if [ -n "$KCPASSWORD" ];then - say "Use the following credentials when accessing the admin console:" + say "Use the following credentials when accessing the admin console and create admin user:" say " admin" say " $KCPASSWORD" fi