Page MenuHomeSoftware Heritage

keycloak: Add smtp config and fix warning
ClosedPublic

Authored by anlambert on Aug 26 2020, 3:15 PM.

Details

Summary

This requires upgrading keycloak (to get smtp configuration) and postgresql (see https://github.com/treydock/puppet-module-keycloak/pull/143) keycloak modules.

A warning is now issued when the login_theme option is absent from client configuration, so set it to swh.

I cannot push directly to https://forge.softwareheritage.org/source/puppet-treydock-keycloak/
so I changed the repo url to the github one before running octocatalog-diff.

Depends on D3847

14:52 $ bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details -t staging kelvingrove.internal.softwareheritage.org
Found host kelvingrove.internal.softwareheritage.org
WARN     -> Environment "add-keycloak-realm-and-client" contained non-word characters, correcting name to add_keycloak_realm_and_client
WARN     -> Environment "api-remove-rl-for-m" contained non-word characters, correcting name to api_remove_rl_for_m
WARN     -> Environment "change-swh-web-static-dir" contained non-word characters, correcting name to change_swh_web_static_dir
WARN     -> Environment "icinga-rv-log" contained non-word characters, correcting name to icinga_rv_log
WARN     -> Environment "keycloak-add-swh-theme" contained non-word characters, correcting name to keycloak_add_swh_theme
WARN     -> Environment "openaire-ips" contained non-word characters, correcting name to openaire_ips
WARN     -> Environment "swh-web-conf-update" contained non-word characters, correcting name to swh_web_conf_update
WARN     -> Environment "swh-web-remove-recaptcha" contained non-word characters, correcting name to swh_web_remove_recaptcha
WARN     -> Environment "update-webapp-conf" contained non-word characters, correcting name to update_webapp_conf
WARN     -> Environment "webapp-exempt-dinsic" contained non-word characters, correcting name to webapp_exempt_dinsic
WARN     -> Environment "webapp-set-search-empty-dict" contained non-word characters, correcting name to webapp_set_search_empty_dict
Clonage dans '/tmp/swh-ocd.qhCcPKj1/environments/production/data/private'...
fait.
Clonage dans '/tmp/swh-ocd.qhCcPKj1/environments/staging/data/private'...
fait.
*** Running octocatalog-diff on host kelvingrove.internal.softwareheritage.org
I, [2020-08-26T14:52:42.391305 #10904]  INFO -- : Catalogs compiled for kelvingrove.internal.softwareheritage.org
I, [2020-08-26T14:52:43.500340 #10904]  INFO -- : Diffs computed for kelvingrove.internal.softwareheritage.org
diff origin/production/kelvingrove.internal.softwareheritage.org current/kelvingrove.internal.softwareheritage.org
*******************************************
+ Concat::Fragment[config.cli-keycloak] =>
   parameters =>
      "order": "00"
      "target": "/opt/keycloak-8.0.1/config.cli"
      "content": >>>
embed-server
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/https-listener=https:read-resource
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (outcome != success) of /socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource
/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)
end-if
if (result.redirect-socket != proxy-https) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)
end-if
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=postgresql)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="jdbc:postgresql://db.internal.softwareheritage.org:5432/keycloak")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=keycloak)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=keycloak::postgres::password)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
try
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
catch
/subsystem=datasources/jdbc-driver=postgresql:remove
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
end-try
if (outcome == success) of /subsystem=keycloak-server/spi=truststore:read-resource
/subsystem=keycloak-server/spi=truststore/:remove
end-if
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=2592000)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=true)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=true)
/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-exploded",value=false)
/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-zipped",value=true)
try
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
catch
/subsystem=keycloak-server/spi=userCache/provider=default/:remove
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
end-try
<<<
*******************************************
+ Concat[/opt/keycloak-8.0.1/config.cli] =>
   parameters =>
      "backup": "puppet"
      "ensure": "present"
      "ensure_newline": false
      "force": false
      "format": "plain"
      "group": "keycloak"
      "mode": "0600"
      "notify": "Exec[jboss-cli.sh --file=config.cli]"
      "order": "alpha"
      "owner": "keycloak"
      "path": "/opt/keycloak-8.0.1/config.cli"
      "replace": true
      "show_diff": false
      "warn": false
*******************************************
+ Concat_file[/opt/keycloak-8.0.1/config.cli] =>
   parameters =>
      "backup": "puppet"
      "ensure_newline": false
      "force": false
      "format": "plain"
      "group": "keycloak"
      "mode": "0600"
      "order": "alpha"
      "owner": "keycloak"
      "replace": true
      "show_diff": false
      "tag": "_opt_keycloak-8.0.1_config.cli"
*******************************************
+ Concat_fragment[config.cli-keycloak] =>
   parameters =>
      "order": "00"
      "tag": "_opt_keycloak-8.0.1_config.cli"
      "target": "/opt/keycloak-8.0.1/config.cli"
      "content": >>>
embed-server
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/https-listener=https:read-resource
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (outcome != success) of /socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource
/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)
end-if
if (result.redirect-socket != proxy-https) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)
end-if
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=postgresql)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="jdbc:postgresql://db.internal.softwareheritage.org:5432/keycloak")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=keycloak)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=keycloak::postgres::password)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
try
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
catch
/subsystem=datasources/jdbc-driver=postgresql:remove
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
end-try
if (outcome == success) of /subsystem=keycloak-server/spi=truststore:read-resource
/subsystem=keycloak-server/spi=truststore/:remove
end-if
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=2592000)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=true)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=true)
/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-exploded",value=false)
/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-zipped",value=true)
try
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
catch
/subsystem=keycloak-server/spi=userCache/provider=default/:remove
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
end-try
<<<
*******************************************
  Exec[create-keycloak-admin] =>
   parameters =>
     user =>
      + keycloak
*******************************************
- File[/opt/keycloak-8.0.1/config.cli]
*******************************************
  Group[keycloak] =>
   parameters =>
     system =>
      + true
*******************************************
  Keycloak_client[swh-web on SoftwareHeritageStaging] =>
   parameters =>
     login_theme =>
      + swh
*******************************************
  Keycloak_client[swh-web on SoftwareHeritage] =>
   parameters =>
     login_theme =>
      + swh
*******************************************
  Keycloak_realm[SoftwareHeritageStaging] =>
   parameters =>
     smtp_server_from =>
      + noreply@softwareheritage.org
     smtp_server_from_display_name =>
      + Software Heritage Authentication Service
     smtp_server_host =>
      + localhost
*******************************************
  Keycloak_realm[SoftwareHeritage] =>
   parameters =>
     smtp_server_from =>
      + noreply@softwareheritage.org
     smtp_server_from_display_name =>
      + Software Heritage Authentication Service
     smtp_server_host =>
      + localhost
*******************************************
  Keycloak_realm[master] =>
   parameters =>
     smtp_server_from =>
      + noreply@softwareheritage.org
     smtp_server_from_display_name =>
      + Software Heritage Authentication Service
     smtp_server_host =>
      + localhost
*******************************************
  User[keycloak] =>
   parameters =>
     system =>
      + true
*******************************************
*** End octocatalog-diff on kelvingrove.internal.softwareheritage.org

Diff Detail

Repository
rSPSITE puppet-swh-site
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.