Skip to content

Instantly share code, notes, and snippets.

@abdullah-shiwani
Last active November 10, 2020 17:13
Show Gist options
  • Save abdullah-shiwani/8bb2066fea8d6fe9ec8ba57a1e85fec0 to your computer and use it in GitHub Desktop.
Save abdullah-shiwani/8bb2066fea8d6fe9ec8ba57a1e85fec0 to your computer and use it in GitHub Desktop.
keycloak:
replicas: 2
image:
repository: docker.local:5000/hd/keycloak
tag: 8.0.1
affinity: |
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: role
operator: NotIn
values:
- test
topologyKey: failure-domain.beta.kubernetes.io/zone
# jGroups configuration (only for HA deployment)
jgroups:
discoveryProtocol: dns.DNS_PING
discoveryProperties: >
"dns_query={{ template "keycloak.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
persistence:
deployPostgres: false
dbVendor: postgres
dbName: keycloak_helm_k8s
dbHost: 192.168.8.100
dbPort: 5432
dbUser: dbUser
dbPassword: dbPassword
cli:
enabled: true
custom: |
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/expiration=EXPIRATION:add(max-idle=25920000000)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=jdbc:add(data-source="KeycloakDS",dialect="POSTGRES",passivation="false",preload="false",purge="false", properties={"dropTableOnExit" => "false","createTableOnStart" => "true"})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/expiration=EXPIRATION:add(max-idle=25920000000)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=jdbc:add(data-source="KeycloakDS",dialect="POSTGRES",passivation="false",preload="false",purge="false", properties={"dropTableOnExit" => "false","createTableOnStart" => "true", "key2StringMapper" => "org.acit.keycloak.cachestore.mapper.UuidKey2StringMapper"})
run-batch
batch
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=jdbc/write=behind:add(thread-pool-size=20)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=jdbc/table=string:write-attribute(name=prefix,value="sso2_cache")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=jdbc/table=string:write-attribute(name=create-on-start,value="true")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=jdbc/table=string:write-attribute(name=data-column,value={"name" => "DATA","type" => "BYTEA"})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=jdbc/table=string:write-attribute(name=id-column,value={"name" => "ID","type" => "VARCHAR(255)"})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=jdbc/table=string:write-attribute(name=timestamp-column,value={"name" => "TIMESTAMP","type" => "BIGINT"})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=jdbc/write=behind:add(thread-pool-size=20)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=jdbc/table=string:write-attribute(name=prefix,value="sso2_cache")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=jdbc/table=string:write-attribute(name=create-on-start,value="true")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=jdbc/table=string:write-attribute(name=data-column,value={"name" => "DATA","type" => "BYTEA"})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=jdbc/table=string:write-attribute(name=id-column,value={"name" => "ID","type" => "VARCHAR(255)"})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=jdbc/table=string:write-attribute(name=timestamp-column,value={"name" => "TIMESTAMP","type" => "BIGINT"})
startupScripts:
mystartup.sh: |
#!/bin/sh
echo 'Running my custom mystartup script!'
echo 'Setting variables'
SSO2_PROVIDERS=/opt/jboss/sso2-provider
SSO2_PROVIDERS_MODULES=$SSO2_PROVIDERS/modules
SSO2_PROVIDERS_INFINISPAN=$SSO2_PROVIDERS_MODULES/custom/infinispan
SSO2_PROVIDERS_CORE=$SSO2_PROVIDERS_MODULES/custom/core
KEYCLOAK_HOME=/opt/jboss/keycloak/
KEYCLOAK_SYSTEM_LAYER=/opt/jboss/keycloak/modules/system/layers
# sso2 providers base modules
echo 'Copying sso2 dependent jars'
cp -r $SSO2_PROVIDERS_MODULES/com/google/phonenumbers $KEYCLOAK_SYSTEM_LAYER/base/com/google/
cp -r $SSO2_PROVIDERS_MODULES/com/twilio $KEYCLOAK_SYSTEM_LAYER/base/com/
cp -r $SSO2_PROVIDERS_MODULES/io/jjwt $KEYCLOAK_SYSTEM_LAYER/base/io/
# cache persistence
cp $SSO2_PROVIDERS_INFINISPAN/keycloak-model-infinispan-8.0.1.jar $KEYCLOAK_SYSTEM_LAYER/keycloak/org/keycloak/keycloak-model-infinispan/main/
cp $SSO2_PROVIDERS_INFINISPAN/sso2-jdbc-cachestore-mapper.jar $KEYCLOAK_SYSTEM_LAYER/base/org/infinispan/persistence/jdbc/main/
cp $SSO2_PROVIDERS_INFINISPAN/module.xml $KEYCLOAK_SYSTEM_LAYER/base/org/infinispan/persistence/jdbc/main/
# getExpectedCEKLength = 32 bit
cp $SSO2_PROVIDERS_CORE/keycloak-core-8.0.1.jar $KEYCLOAK_SYSTEM_LAYER/keycloak/org/keycloak/keycloak-core/main/
# DEFAULT_DERIVED_KEY_SIZE = 512;
cp $SSO2_PROVIDERS_CORE/keycloak-server-spi-private-8.0.1.jar $KEYCLOAK_SYSTEM_LAYER/keycloak/org/keycloak/keycloak-server-spi-private/main/
cp $SSO2_PROVIDERS/target/sso2-providers.jar $KEYCLOAK_HOME/standalone/deployments/sso2-providers.jar
echo 'Custom mystartup script executed successfully!'
extraEnv: |
- name: KEYCLOAK_LOGLEVEL
value: INFO
- name: WILDFLY_LOGLEVEL
value: INFO
- name: CACHE_OWNERS
value: "2"
- name: CACHE_OWNERS_COUNT
value: "2"
- name: CACHE_OWNERS_AUTH_SESSIONS_COUNT
value: "2"
extraInitContainers: |
- name: theme-provider
image: docker.local:5000/hd/keycloak-sso-theme:1.0
command:
- sh
args:
- -c
- |
echo "Copying theme..."
cp -R /var/www/dish/* /theme
volumeMounts:
- name: theme
mountPath: /theme
- name: sso-provider
image: docker.local:5000/hd/keycloak-sso2-provider:1.0
command:
- sh
args:
- -c
- |
echo "Copying sso2-provider..."
cp -r /kc-sso-v2/* /sso2-provider
volumeMounts:
- name: sso2-provider
mountPath: /sso2-provider
extraVolumeMounts: |
- name: theme
mountPath: /opt/jboss/keycloak/themes/theme-1
- name: sso2-provider
mountPath: /opt/jboss/sso2-provider
extraVolumes: |
- name: theme
emptyDir: {}
- name: sso2-provider
emptyDir: {}
@GeorgFleig
Copy link

Hi Abdullah,

while looking for information on how to persist the session store of Keycloak in a database I stumbled upon this gist. Thank you very much for sharing it!

It helped me a lot the get the configuration going, however I am now facing the issue with the string to key mapper that does not support simple UUIDs. It was recently added to the infinispan code, but is not yet available in Keycloak (https://github.com/infinispan/infinispan/pull/8736/files).

I have implemented my custom mapper as well but I am failing to load it into Keycloak. As it is not an SPI the usual way does not seem to work. I would very much appreciate if you could share some more details about the content of the files sso2-jdbc-cachestore-mapper.jar and module.xml and whether you had to do other steps to get your jar loaded.

I've already patched Keycloak so it does not skip the cache store. Works perfectly well for file cache store. But my final goal is JDBC, once I get the string mapper running.

Cheers,
Georg

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment