4 changed files with 114 additions and 2 deletions
Split View
Diff Options
-
+3 -2README.md
-
+67 -0keycloak.sh
-
+26 -0postgres_replication/postgres-master.sh
-
+18 -0postgres_replication/postgres-replica.sh
+ 3
- 2
README.md
View File
| @ -1,3 +1,4 @@ | |||
| # keycloak | |||
| Keycloak insatll script | |||
| This repo contains: | |||
| - Keycloak cluster script | |||
| - Postgres hot standby replication script | |||
+ 67
- 0
keycloak.sh
View File
| @ -0,0 +1,67 @@ | |||
| #! /bin/bash | |||
| RAND_PASS=`pwgen -s1 16` | |||
| read -p "Keycloak version: " -ei '24.0.4' KEYCLOAK_VERSION | |||
| read -p "Server hostname: " -ei 'keycloak.exmample.com' KEYCLOAK_HOST | |||
| read -p "Postgres hostname: " -ei 'localhost' POSTGRES_HOST | |||
| read -p "Postgres username: " -ei 'keycloak' POSTGRES_USER | |||
| read -p "Postgres password: " -ei "$RAND_PASS" POSTGRES_PASS | |||
| read -p "Postgres database: " -ei 'keycloak' POSTGRES_DB | |||
| echo $PASSWORD_PASS > /usr/local/src/keycloak_db_pass | |||
| if [ ! -f "keycloak-$KEYCLOAK_VERSION.tar.gz" ]; then | |||
| wget https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz | |||
| wget https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz.sha1 | |||
| fi | |||
| SHA_HASH=`sha1sum keycloak-$KEYCLOAK_VERSION.tar.gz | cut -d" " -f1` | |||
| KEYCLOAK_HASH=`cat keycloak-$KEYCLOAK_VERSION.tar.gz.sha1` | |||
| if [ "$SHA_HASH" != "$KEYCLOAK_HASH" ]; then | |||
| echo "Exit. Hash doesnt match." | |||
| else | |||
| sudo -u postgres psql -h $POSTGRES_HOST -c "CREATE DATABASE $POSTGRES_DB" | |||
| sudo -u postgres psql -h $POSTGRES_HOST -c "CREATE USER $POSTGRES_USER WITH PASSWORD $POSTGRES_PASS" | |||
| sudo -u postgres psql -h $POSTGRES_HOST -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $POSTGRES_USER" | |||
| tar xpf keycloak-$KEYCLOAK_VERSION.tar.gz | |||
| mv keycloak-$KEYCLOAK_VERSION /opt/keycloak | |||
| echo " | |||
| # Basic settings for running in production. Change accordingly before deploying the server. | |||
| # Database | |||
| # The database vendor. | |||
| db=postgres | |||
| # The username of the database user. | |||
| db-username=$POSTGRES_USER | |||
| # The password of the database user. | |||
| db-password=$POSTGRES_PASS | |||
| # The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor. | |||
| db-url=jdbc:postgresql://$POSTGRES_HOST/$POSTGRES_DB | |||
| # Observability | |||
| # If the server should expose healthcheck endpoints. | |||
| health-enabled=true | |||
| # If the server should expose metrics endpoints. | |||
| metrics-enabled=true | |||
| # HTTP | |||
| # The proxy address forwarding mode if the server is behind a reverse proxy. | |||
| proxy=edge | |||
| proxy-headers=xforwarded | |||
| # Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy | |||
| #spi-sticky-session-encoder-infinispan-should-attach-route=false | |||
| # Hostname for the Keycloak server. | |||
| hostname=$KEYCLOAK_HOST | |||
| hostname-strict=false" > /opt/keycloak/conf/keyclaok.conf | |||
| fi | |||
+ 26
- 0
postgres_replication/postgres-master.sh
View File
| @ -0,0 +1,26 @@ | |||
| #! /bin/bash | |||
| if [ "$(whoami)" != "root" ]; then | |||
| SUDO=sudo | |||
| fi | |||
| ${SUDO} apt install -y postgresql pwgen | |||
| RAND_PASS=`pwgen -s1 16` | |||
| POSTGRES_VERSION=`${SUDO} apt show postgresql | grep Version | cut -d" " -f2 | cut -d"+" -f1` | |||
| read -p "Postgres replica ip: " -ei '' REPLICA_IP | |||
| read -p "Postgres replica user: " -ei 'replica_user' REPLICA_USER | |||
| read -p "Postgres replica password: " -ei "$RAND_PASS" REPLICA_PASS | |||
| ${SUDO} echo $REPLICA_PASS > /usr/local/src/postgres_replica_password | |||
| ${SUDO} echo "Password is stored in /usr/local/src/postgres_replica_password" | |||
| sudo -u postgres pg_conftool set listen_addresses 0.0.0.0 | |||
| sudo -u postgres pg_conftool set log_destination syslog | |||
| sudo -u postgres pg_conftool set max_wall_senders 3 | |||
| sudo -u postgres pg_conftool set wal_keep_size 1GB | |||
| sudo -u postgres pg_conftool set wal_level replica | |||
| sudo -u postgres pg_conftool set wal_log_hints on | |||
| sudo -u postgres psql -c "CREATE USER '$REPLICA_USER' REPLICATION LOGIN CONNECTION LIMIT 3 ENCRYPTED PASSWORD '$REPLICA_PASS';" | |||
| ${SUDO} echo "host replication $REPLICA_USER $REPLICA_IP/24 trust" >> /etc/postgresql/$POSTGRES_VERSION/main/pg_hba.conf | |||
| ${SUDO} systemctl restart postgresql | |||
+ 18
- 0
postgres_replication/postgres-replica.sh
View File
| @ -0,0 +1,18 @@ | |||
| #! /bin/sh | |||
| if [ "$(whoami)" != "root" ]; then | |||
| SUDO=sudo | |||
| fi | |||
| ${SUDO} apt install -y postgresql | |||
| POSTGRES_VERSION=`apt show postgresql | grep Version | cut -d" " -f2 | cut -d"+" -f1` | |||
| read -p "Postgres Master IP: " -ei "" POSTGRES_MASTER | |||
| read -p "Postgres replica username: " -ei "replica_user" REPLICA_USER | |||
| read -p "Postgres replica password: " -ei "" REPLICA_PASS | |||
| ${SUDO} systemctl stop postgresql | |||
| sudo -u postgres pg_conftool set primary_conninfo "host=$POSTGRES_MASTER port=5432 user=$POSTGRES_USER password=$POSTGRES_PASS" | |||
| sudo -u postgres pg_conftool set primary_slot_name replica_1 | |||
| sudo -u postgres pg_basebackup -h $POSTGRES_MASTER -U -X stream -C -S replica_1 -v -R -W -D /var/lib/postgresql/$POSTGRES_VERSION/main/ | |||
| ${SUDO} systemctl start postgresql | |||