[sso-avatars] Actually use environment variables
This was needed because previously the DEFAULT_SERVER_URL was hardcoded in the compiled keycloak module and that URL has changed. For consistency sso-admin uses the same environment variables (except it needs AVATARS_SERVER_HOST instead of AVATARS_SERVER_URL).mejoras_instalacion
Evilham
parent
beb0350e9a
commit
38d4e517b3
|
|
@ -35,10 +35,10 @@ class Avatars:
|
||||||
def __init__(self, avatars_path : str):
|
def __init__(self, avatars_path : str):
|
||||||
self.avatars_path = avatars_path
|
self.avatars_path = avatars_path
|
||||||
self.mclient = Minio(
|
self.mclient = Minio(
|
||||||
"dd-sso-avatars:9000",
|
os.environ["AVATARS_SERVER_HOST"],
|
||||||
access_key="AKIAIOSFODNN7EXAMPLE",
|
access_key=os.environ["AVATARS_ACCESS_KEY"],
|
||||||
secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
|
secret_key=os.environ["AVATARS_SECRET_KEY"],
|
||||||
secure=False,
|
secure=bool(os.environ.get("AVATARS_SECURE", "")),
|
||||||
)
|
)
|
||||||
self.bucket = "master-avatars"
|
self.bucket = "master-avatars"
|
||||||
self._minio_set_realm()
|
self._minio_set_realm()
|
||||||
|
|
|
||||||
|
|
@ -57,10 +57,10 @@ class DefaultAvatars:
|
||||||
)
|
)
|
||||||
|
|
||||||
self.mclient = Minio(
|
self.mclient = Minio(
|
||||||
"dd-sso-avatars:9000",
|
os.environ["AVATARS_SERVER_HOST"],
|
||||||
access_key="AKIAIOSFODNN7EXAMPLE",
|
access_key=os.environ["AVATARS_ACCESS_KEY"],
|
||||||
secret_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
|
secret_key=os.environ["AVATARS_SECRET_KEY"],
|
||||||
secure=False,
|
secure=bool(os.environ.get("AVATARS_SECURE", "")),
|
||||||
)
|
)
|
||||||
self.bucket = "master-avatars"
|
self.bucket = "master-avatars"
|
||||||
self._minio_set_realm()
|
self._minio_set_realm()
|
||||||
|
|
|
||||||
|
|
@ -48,3 +48,6 @@ services:
|
||||||
- CUSTOM_FOLDER=/admin/custom
|
- CUSTOM_FOLDER=/admin/custom
|
||||||
- NC_MAIL_QUEUE_FOLDER=/nc-mail-queue
|
- NC_MAIL_QUEUE_FOLDER=/nc-mail-queue
|
||||||
- LEGAL_PATH=/admin/admin/static/templates/pages/legal
|
- LEGAL_PATH=/admin/admin/static/templates/pages/legal
|
||||||
|
- AVATARS_SERVER_HOST=dd-sso-avatars:9000
|
||||||
|
- AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
|
||||||
|
- AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
|
||||||
|
|
|
||||||
|
|
@ -33,6 +33,9 @@ services:
|
||||||
- ${CUSTOM_PATH}/custom/img:/opt/jboss/keycloak/themes/dd/login/resources/custom-img
|
- ${CUSTOM_PATH}/custom/img:/opt/jboss/keycloak/themes/dd/login/resources/custom-img
|
||||||
- ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/jboss/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
|
- ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/jboss/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
|
||||||
environment:
|
environment:
|
||||||
|
- AVATARS_SERVER_URL=http://dd-sso-avatars:9000
|
||||||
|
- AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
|
||||||
|
- AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
|
||||||
- KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm.json
|
- KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm.json
|
||||||
- DB_VENDOR=POSTGRES
|
- DB_VENDOR=POSTGRES
|
||||||
- DB_ADDR=${KEYCLOAK_DB_ADDR}
|
- DB_ADDR=${KEYCLOAK_DB_ADDR}
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,14 @@
|
||||||
embed-server --server-config=standalone-ha.xml --std-out=echo
|
embed-server --server-config=standalone-ha.xml --std-out=echo
|
||||||
batch
|
batch
|
||||||
|
|
||||||
/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*,module:deployment.avatar-minio-extension-bundle ])
|
|
||||||
/subsystem=keycloak-server/spi=avatar-storage/:add
|
/subsystem=keycloak-server/spi=avatar-storage/:add
|
||||||
/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true)
|
/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true, \
|
||||||
|
properties={ \
|
||||||
|
server-url => "${env.AVATARS_SERVER_URL}", \
|
||||||
|
access-key => "${env.AVATARS_ACCESS_KEY}", \
|
||||||
|
secret-key => "${env.AVATARS_SECRET_KEY}" \
|
||||||
|
})
|
||||||
|
/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*, module:deployment.avatar-minio-extension-bundle ])
|
||||||
|
|
||||||
:reload
|
:reload
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,55 +0,0 @@
|
||||||
## COPY keycloak.cli /opt/jboss/startup-scripts/keycloak.cli
|
|
||||||
#cp -R /opt/custom/deployments/* /opt/jboss/keycloak/standalone/deployments/
|
|
||||||
embed-server --server-config=standalone-ha.xml --std-out=echo
|
|
||||||
batch
|
|
||||||
|
|
||||||
# Haproxy in front
|
|
||||||
#/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:remove
|
|
||||||
#/subsystem=keycloak-server/spi=x509cert-lookup:write-attribute(name=default-provider, value="haproxy")
|
|
||||||
#/subsystem=keycloak-server/spi=x509cert-lookup/provider=default:remove
|
|
||||||
#/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:add(enabled=true,properties={ sslClientCert => "SSL_CLIENT_CERT", sslCertChainPrefix => "CERT_CHAIN", certificateChainLength => "10"})
|
|
||||||
|
|
||||||
# Add avatar
|
|
||||||
/subsystem=keycloak-server/:write-attribute(name=providers,value=[ classpath:${jboss.home.dir}/providers/*,module:deployment.avatar-minio-extension-bundle ])
|
|
||||||
/subsystem=keycloak-server/spi=avatar-storage/:add
|
|
||||||
/subsystem=keycloak-server/spi=avatar-storage/provider=avatar-storage-minio/:add(enabled=true)
|
|
||||||
|
|
||||||
|
|
||||||
#:reload
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
run-batch
|
|
||||||
stop-embedded-server
|
|
||||||
|
|
||||||
|
|
||||||
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup:write-attribute(name=default-provider, value="haproxy")'
|
|
||||||
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup/provider=default:remove'
|
|
||||||
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/spi=x509cert-lookup/provider=haproxy:add(enabled=true,properties={ sslClientCert => "SSL_CLIENT_CERT", sslCertChainPrefix => "CERT_CHAIN", certificateChainLength => "10"})'
|
|
||||||
#./jboss-cli.sh --connect --command=':reload'
|
|
||||||
|
|
||||||
#<spi name="x509cert-lookup">
|
|
||||||
# <default-provider>haproxy</default-provider>
|
|
||||||
# <provider name="haproxy" enabled="true">
|
|
||||||
# <properties>
|
|
||||||
# <property name="sslClientCert" value="SSL_CLIENT_CERT"/>
|
|
||||||
# <property name="sslCertChainPrefix" value="CERT_CHAIN"/>
|
|
||||||
# <property name="certificateChainLength" value="10"/>
|
|
||||||
# </properties>
|
|
||||||
# </provider>
|
|
||||||
#</spi>
|
|
||||||
|
|
||||||
# <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
# <providers>
|
|
||||||
# <provider>
|
|
||||||
# module:deployment.avatar-minio-extension-bundle
|
|
||||||
# </provider>
|
|
||||||
# </providers>
|
|
||||||
# <spi name="avatar-storage">
|
|
||||||
# <provider name="avatar-storage-minio" enabled="true"/>
|
|
||||||
# </spi>
|
|
||||||
|
|
||||||
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)'
|
|
||||||
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)'
|
|
||||||
#./jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)'
|
|
||||||
#./jboss-cli.sh --connect --command='reload'
|
|
||||||
Loading…
Reference in New Issue