keycloak: Add smtp config and fix warning
This requires upgrading keycloak (to get smtp configuration) and postgresql (see https://github.com/treydock/puppet-module-keycloak/pull/143) keycloak modules.
A warning is now issued when the login_theme option
is absent from client configuration, so set it to swh.
I cannot push directly to https://forge.softwareheritage.org/source/puppet-treydock-keycloak/
so I changed the repo url to the github one before running octocatalog-diff
.
Depends on D3847
14:52 $ bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details -t staging kelvingrove.internal.softwareheritage.org
Found host kelvingrove.internal.softwareheritage.org
WARN -> Environment "add-keycloak-realm-and-client" contained non-word characters, correcting name to add_keycloak_realm_and_client
WARN -> Environment "api-remove-rl-for-m" contained non-word characters, correcting name to api_remove_rl_for_m
WARN -> Environment "change-swh-web-static-dir" contained non-word characters, correcting name to change_swh_web_static_dir
WARN -> Environment "icinga-rv-log" contained non-word characters, correcting name to icinga_rv_log
WARN -> Environment "keycloak-add-swh-theme" contained non-word characters, correcting name to keycloak_add_swh_theme
WARN -> Environment "openaire-ips" contained non-word characters, correcting name to openaire_ips
WARN -> Environment "swh-web-conf-update" contained non-word characters, correcting name to swh_web_conf_update
WARN -> Environment "swh-web-remove-recaptcha" contained non-word characters, correcting name to swh_web_remove_recaptcha
WARN -> Environment "update-webapp-conf" contained non-word characters, correcting name to update_webapp_conf
WARN -> Environment "webapp-exempt-dinsic" contained non-word characters, correcting name to webapp_exempt_dinsic
WARN -> Environment "webapp-set-search-empty-dict" contained non-word characters, correcting name to webapp_set_search_empty_dict
Clonage dans '/tmp/swh-ocd.qhCcPKj1/environments/production/data/private'...
fait.
Clonage dans '/tmp/swh-ocd.qhCcPKj1/environments/staging/data/private'...
fait.
*** Running octocatalog-diff on host kelvingrove.internal.softwareheritage.org
I, [2020-08-26T14:52:42.391305 #10904] INFO -- : Catalogs compiled for kelvingrove.internal.softwareheritage.org
I, [2020-08-26T14:52:43.500340 #10904] INFO -- : Diffs computed for kelvingrove.internal.softwareheritage.org
diff origin/production/kelvingrove.internal.softwareheritage.org current/kelvingrove.internal.softwareheritage.org
*******************************************
+ Concat::Fragment[config.cli-keycloak] =>
parameters =>
"order": "00"
"target": "/opt/keycloak-8.0.1/config.cli"
"content": >>>
embed-server
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/https-listener=https:read-resource
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (outcome != success) of /socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource
/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)
end-if
if (result.redirect-socket != proxy-https) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)
end-if
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=postgresql)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="jdbc:postgresql://db.internal.softwareheritage.org:5432/keycloak")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=keycloak)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=keycloak::postgres::password)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
try
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
catch
/subsystem=datasources/jdbc-driver=postgresql:remove
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
end-try
if (outcome == success) of /subsystem=keycloak-server/spi=truststore:read-resource
/subsystem=keycloak-server/spi=truststore/:remove
end-if
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=2592000)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=true)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=true)
/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-exploded",value=false)
/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-zipped",value=true)
try
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
catch
/subsystem=keycloak-server/spi=userCache/provider=default/:remove
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
end-try
<<<
*******************************************
+ Concat[/opt/keycloak-8.0.1/config.cli] =>
parameters =>
"backup": "puppet"
"ensure": "present"
"ensure_newline": false
"force": false
"format": "plain"
"group": "keycloak"
"mode": "0600"
"notify": "Exec[jboss-cli.sh --file=config.cli]"
"order": "alpha"
"owner": "keycloak"
"path": "/opt/keycloak-8.0.1/config.cli"
"replace": true
"show_diff": false
"warn": false
*******************************************
+ Concat_file[/opt/keycloak-8.0.1/config.cli] =>
parameters =>
"backup": "puppet"
"ensure_newline": false
"force": false
"format": "plain"
"group": "keycloak"
"mode": "0600"
"order": "alpha"
"owner": "keycloak"
"replace": true
"show_diff": false
"tag": "_opt_keycloak-8.0.1_config.cli"
*******************************************
+ Concat_fragment[config.cli-keycloak] =>
parameters =>
"order": "00"
"tag": "_opt_keycloak-8.0.1_config.cli"
"target": "/opt/keycloak-8.0.1/config.cli"
"content": >>>
embed-server
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/https-listener=https:read-resource
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (outcome != success) of /socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource
/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)
end-if
if (result.redirect-socket != proxy-https) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)
end-if
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=postgresql)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="jdbc:postgresql://db.internal.softwareheritage.org:5432/keycloak")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=keycloak)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=keycloak::postgres::password)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
try
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
catch
/subsystem=datasources/jdbc-driver=postgresql:remove
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
end-try
if (outcome == success) of /subsystem=keycloak-server/spi=truststore:read-resource
/subsystem=keycloak-server/spi=truststore/:remove
end-if
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=2592000)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=true)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=true)
/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-exploded",value=false)
/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-zipped",value=true)
try
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
catch
/subsystem=keycloak-server/spi=userCache/provider=default/:remove
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
end-try
<<<
*******************************************
Exec[create-keycloak-admin] =>
parameters =>
user =>
+ keycloak
*******************************************
- File[/opt/keycloak-8.0.1/config.cli]
*******************************************
Group[keycloak] =>
parameters =>
system =>
+ true
*******************************************
Keycloak_client[swh-web on SoftwareHeritageStaging] =>
parameters =>
login_theme =>
+ swh
*******************************************
Keycloak_client[swh-web on SoftwareHeritage] =>
parameters =>
login_theme =>
+ swh
*******************************************
Keycloak_realm[SoftwareHeritageStaging] =>
parameters =>
smtp_server_from =>
+ noreply@softwareheritage.org
smtp_server_from_display_name =>
+ Software Heritage Authentication Service
smtp_server_host =>
+ localhost
*******************************************
Keycloak_realm[SoftwareHeritage] =>
parameters =>
smtp_server_from =>
+ noreply@softwareheritage.org
smtp_server_from_display_name =>
+ Software Heritage Authentication Service
smtp_server_host =>
+ localhost
*******************************************
Keycloak_realm[master] =>
parameters =>
smtp_server_from =>
+ noreply@softwareheritage.org
smtp_server_from_display_name =>
+ Software Heritage Authentication Service
smtp_server_host =>
+ localhost
*******************************************
User[keycloak] =>
parameters =>
system =>
+ true
*******************************************
*** End octocatalog-diff on kelvingrove.internal.softwareheritage.org
Migrated from D3848 (view on Phabricator)