diff --git a/install-keycloak.sh b/install-keycloak.sh index 1d78c25..66905e8 100755 --- a/install-keycloak.sh +++ b/install-keycloak.sh @@ -933,25 +933,34 @@ echo echo -e "\033[37m\033[1mSome pre-installation stuff..\033[m" echo -echononl "Backup crontab" -crontab -u root -l > ${crontab_backup_file} 2> $log_file -if [[ "$?" = "0" ]]; then - echo_ok +cron_root_is_empty=false +echononl "Backup crontab.." +if [[ $(crontab -u root -l 2> /dev/null | wc -c) -gt 0 ]] ; then + crontab -u root -l > ${crontab_backup_file} 2> $log_file + if [[ "$?" = "0" ]]; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi else - echo_failed - error "$(cat $log_file)" + cron_root_is_empty=true + echo_skipped fi echononl "Disable crontab for user root" -crontab -r -u root > ${log_file} 2>&1 -if [[ "$?" = "0" ]]; then - echo_ok +if ! ${cron_root_is_empty} ; then + crontab -r -u root > ${log_file} 2>&1 + if [[ "$?" = "0" ]]; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi else - echo_failed - error "$(cat $tmp_err_msg)" + echo_skipped fi - blank_line echononl "Stop Keycloak Service.." @@ -1285,11 +1294,7 @@ else fi - - -echo -echo -e "\033[37m\033[1mInstalling Keycloak Server..\033[m" -echo +blank_line echononl "Create the Keycloak (system) group.." if cat /etc/group | grep -e "^${KEYCLOAK_GROUP}:" > /dev/null 2>&1 ; then @@ -1317,6 +1322,7 @@ else fi fi +blank_line echononl "Download the latest version (${KEYCLOAK_VERSION}) of the Keycloak Server.." if [[ ! -f "${working_dir}/${DOWNLOAD_ARCHIVE}" ]]; then @@ -1336,37 +1342,6 @@ echo echo -e "\033[37m\033[1mInstalling Keycloak Service..\033[m" echo - -echononl "Create the Keycloak (system) group.." -if cat /etc/group | grep -e "^${KEYCLOAK_GROUP}:" > /dev/null 2>&1 ; then - echo_skipped -else - groupadd -r ${KEYCLOAK_GROUP} > "$log_file" 2>&1 - if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" - else - echo_ok - fi -fi - -echononl "Create the Keycloak (system) user.." -KEYCLOAK_HOME="${KEYCLOAK_BASE_INSTALL_PATH}/keycloak" -if id -u ${KEYCLOAK_USER} > /dev/null 2>&1; then - echo_skipped -else - useradd -r -M -d ${KEYCLOAK_HOME} -s /bin/false -g ${KEYCLOAK_GROUP} ${KEYCLOAK_USER} > "$log_file" 2>&1 - if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" - else - echo_ok - fi -fi - - -blank_line - echononl "Backup Keycloak Installation directory.." if [[ -n "${OLD_INSTALL_DIR}" ]]; then mv "${OLD_INSTALL_DIR}" "${OLD_INSTALL_DIR}.${backup_date}" > "$log_file" 2>&1 @@ -1406,25 +1381,6 @@ else fi -echononl "Set ownbership of installation directory '${KEYCLOAK_INSTALL_DIR}'.." -chown -R ${KEYCLOAK_USER}:${KEYCLOAK_GROUP} "${KEYCLOAK_INSTALL_DIR}" > "$log_file" 2>&1 -if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" -else - echo_ok -fi - -echononl "Give write permissions to the keycloak group.." -chmod -R g+w "${KEYCLOAK_INSTALL_DIR}" > "$log_file" 2>&1 -if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" -else - echo_ok -fi - - blank_line echononl "Symlink keycloak -> keycloak-${KEYCLOAK_VERSION} .." @@ -1447,79 +1403,6 @@ else fi -_certs_installed=false -echononl "Run script 'check_cert_for_keycloak.sh'.." -if [[ -x "/root/bin/monitoring/check_cert_for_keycloak.sh" ]] ; then - /root/bin/monitoring/check_cert_for_keycloak.sh > "$log_file" 2>&1 - if [[ $? -ne 0 ]]; then - echo_failed - cat "$log_file" - else - echo_ok - _certs_installed=true - fi -else - warn "Certificate/Key for ${FQHN_HOSTNAME} cannot be provided." -fi - - -echononl "Add a cronjob for checking cert.." -if [[ -f "$crontab_backup_file" ]]; then - if ! grep -iq -E "/root/bin/monitoring/check_cert_for_keycloak.sh" "$crontab_backup_file" > /dev/null 2>&1; then - cat <> $crontab_backup_file - -# Check if cert for Keycloak service is up-to-date -# -51 05 * * * /root/bin/monitoring/check_cert_for_keycloak.sh -EOF - if [[ "$?" -ne 0 ]] ; then - echo_failed - else - echo_ok - fi - - else - echo_skipped - fi - -elif [[ -f "/var/spool/cron/crontabs/root" ]] ; then - - if ! grep -i -E "/root/bin/monitoring/check_cert_for_keycloak.sh" /var/spool/cron/crontabs/root > /dev/null 2>&1; then - installation_failed=false - crontab -l > /tmp/tmp_crontab 2> $log_file - if [[ "$?" -ne 0 ]] ; then - installation_failed=true - fi - - cat << EOF >> /tmp/tmp_crontab 2>> $log_file - -# Check if cert for Keycloak service is up-to-date -# -51 05 * * * /root/bin/monitoring/check_cert_for_keycloak.sh -EOF - if [[ "$?" -ne 0 ]] ; then - installation_failed=true - fi - crontab /tmp/tmp_crontab > /dev/null 2>> $log_file - if [[ "$?" -ne 0 ]] ; then - installation_failed=true - fi - rm /tmp/tmp_crontab > /dev/null 2>> $log_file - if [[ "$?" -ne 0 ]] ; then - installation_failed=true - fi - if ! $installation_failed ; then - echo_ok - else - echo_failed - error "Adding cronjob for checking cert failed!" - fi - else - echo_skipped - fi -fi - - echononl "Create new configuration .." if [[ "${DB_TYPE}" = "pgsql" ]]; then _db_type="postgres" @@ -1581,7 +1464,6 @@ else fi - echo echo -e "\033[37m\033[1mSetup Keycloak to use systemd for starting and stopping..\033[m" echo @@ -1656,6 +1538,79 @@ else echo_ok fi +blank_line + +_certs_installed=false +echononl "Run script 'check_cert_for_keycloak.sh'.." +if [[ -x "/root/bin/monitoring/check_cert_for_keycloak.sh" ]] ; then + /root/bin/monitoring/check_cert_for_keycloak.sh > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + cat "$log_file" + else + echo_ok + _certs_installed=true + fi +else + warn "Certificate/Key for ${FQHN_HOSTNAME} cannot be provided." +fi + +echononl "Add a cronjob for checking cert.." +if [[ -f "$crontab_backup_file" ]]; then + if ! grep -iq -E "/root/bin/monitoring/check_cert_for_keycloak.sh" "$crontab_backup_file" > /dev/null 2>&1; then + cat <> $crontab_backup_file + +# Check if cert for Keycloak service is up-to-date +# +51 05 * * * /root/bin/monitoring/check_cert_for_keycloak.sh +EOF + if [[ "$?" -ne 0 ]] ; then + echo_failed + else + echo_ok + fi + + else + echo_skipped + fi + +elif [[ -f "/var/spool/cron/crontabs/root" ]] ; then + + if ! grep -i -E "/root/bin/monitoring/check_cert_for_keycloak.sh" /var/spool/cron/crontabs/root > /dev/null 2>&1; then + installation_failed=false + crontab -l > /tmp/tmp_crontab 2> $log_file + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + fi + + cat << EOF >> /tmp/tmp_crontab 2>> $log_file + +# Check if cert for Keycloak service is up-to-date +# +51 05 * * * /root/bin/monitoring/check_cert_for_keycloak.sh +EOF + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + fi + crontab /tmp/tmp_crontab > /dev/null 2>> $log_file + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + fi + rm /tmp/tmp_crontab > /dev/null 2>> $log_file + if [[ "$?" -ne 0 ]] ; then + installation_failed=true + fi + if ! $installation_failed ; then + echo_ok + else + echo_failed + error "Adding cronjob for checking cert failed!" + fi + else + echo_skipped + fi +fi + blank_line @@ -1673,6 +1628,7 @@ else fi blank_line + echononl "Creates a new and optimized server image.." ${KEYCLOAK_BASE_INSTALL_PATH}/keycloak/bin/kc.sh build > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -1693,8 +1649,26 @@ fi blank_line +echononl "Set ownbership of installation directory '${KEYCLOAK_INSTALL_DIR}'.." +chown -R ${KEYCLOAK_USER}:${KEYCLOAK_GROUP} "${KEYCLOAK_INSTALL_DIR}" > "$log_file" 2>&1 +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok +fi + +#echononl "Give write permissions to the keycloak group.." +#chmod -R g+w "${KEYCLOAK_INSTALL_DIR}" > "$log_file" 2>&1 +#if [[ $? -ne 0 ]]; then +# echo_failed +# error "$(cat "$log_file")" +#else +# echo_ok +#fi blank_line + echononl "Start Keycloak Service" systemctl start keycloak.service > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then @@ -1883,6 +1857,17 @@ while true ; do sleep 1 done +echononl "Save configuration to file 'current-configuration.txt'." +${KEYCLOAK_BASE_INSTALL_PATH}/keycloak/bin/kc.sh show-config > "${working_dir}/current-configuration.txt" 2> "$log_file" +if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" +else + echo_ok +fi + +blank_line + _admin_user_created=true echononl "Login as temporary admin user .." if ${keycloak_service_started} ; then