install-keycloak.sh: complete install script. Compltete README to create new permanent admin user.

2025-03-17 19:57:09 +01:00 · 2025-03-17 19:57:09 +01:00 · 304b4a3445
commit 304b4a3445
parent 0e912c8ea8
3 changed files with 187 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,4 +6,4 @@ conf/*.conf
 crontab-*
-temporary-login-credentials.txt
+login-credentials-*
--- a/README.admin
+++ b/README.admin
@ -0,0 +1,39 @@
 # Login as temporary admin user
 #
 LOGIN_NAME=temp-admin
 LOGIN_PASS='0JP.k-K-/hd-h3g4'
 NEW_ADMIN=admin-nd
 NEW_ADMIN_PASS='u6V2.W.o7e-f+mY6'
 /opt/keycloak/bin/kcadm.sh config credentials \
   --server http://localhost:8080 \
   --realm master \
   --user ${LOGIN_NAME} \
   --password ${LOGIN_PASS}
 /opt/keycloak/bin/kcadm.sh create users \
   -r master \
   -s username=${NEW_ADMIN} \
   -s enabled=true \
   -o --fields id,username
 /opt/keycloak/bin/kcadm.sh set-password \
   --username ${NEW_ADMIN} \
   --new-password ${NEW_ADMIN_PASS}
 /opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename admin
 /opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename create-realm
 /opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename uma_authorization
 /opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename offline_access
 cat <<EOF > /usr/local/src/keycloak/login-credentials-${NEW_ADMIN}.txt
   Login into new Keycloak Service:
      URL:        https://keycloak-nd.oopen.de
      USER:       ${NEW_ADMIN}
      PASSSWORD:  ${NEW_ADMIN_PASS}
 EOF
--- a/install-keycloak.sh
+++ b/install-keycloak.sh
@ -1856,6 +1856,111 @@ else
   echo_skipped
 fi
 blank_line
 echononl "Wait until the Keycloak service has started completely."
 declare -i index=0
 declare -i _max_secs_waiting=20
 keycloak_service_started=false
 while true ; do
   # Try to establish a connection to localhost:8080
   #
   if $(curl -s -o /dev/null -I http://localhost:8080) ; then
      echo_ok
      keycloak_service_started=true
      break
   fi
   if [[ ${index} -gt ${_max_secs_waiting} ]]; then
      echo_failed
      error "Could not connect to loacalhost on port 8080 after about 20 seconds!"
      break
   fi
   (( index++ ))
   sleep 1
 done
 _admin_user_created=true
 echononl "Login as temporary admin user .."
 if ${keycloak_service_started} ; then
   export KC_CLI_PASSWORD=${ADMIN_PASS}
   /opt/keycloak/bin/kcadm.sh config credentials \
      --server http://localhost:8080 \
      --realm master \
      --user temp-admin  > "$log_file" 2>&1
   if [[ $? -eq 0 ]]; then
      echo_ok
   else
      echo_failed
      _admin_user_created=false
      error "$(cat $log_file)"
   fi
 else
   echo_skipped
 fi
 echononl "Create permanent user 'admin'.."
 if ${_admin_user_created} ; then
   /opt/keycloak/bin/kcadm.sh create users \
      -r master \
      -s username=admin \
      -s enabled=true \
      -o --fields id,username > "$log_file" 2>&1
   if [[ $? -eq 0 ]]; then
      echo_ok
   else
      echo_failed 
      _admin_user_created=false
      error "$(cat $log_file)"
   fi 
 else
   echo_skipped
 fi
 echononl "Set password for user 'admin'.."
 if ${_admin_user_created} ; then
   NEW_ADMIN_PASS="$(generate_random_string "16")"
   /opt/keycloak/bin/kcadm.sh set-password --username admin --new-password ${NEW_ADMIN_PASS}
   if [[ $? -eq 0 ]]; then
      echo_ok
   else
      echo_failed 
      _admin_user_created=false
      error "$(cat $log_file)"
   fi 
 else
   echo_skipped
 fi
 roles="admin create-realm uma_authorization offline_access"
 for _role in ${roles} ; do
   echononl "Add Role '${_role}' to user 'admin'.."
   if ${_admin_user_created} ; then
      if ${keycloak_service_started} ; then
         /opt/keycloak/bin/kcadm.sh add-roles --uusername admin --rolename ${_role}
         if [[ $? -eq 0 ]]; then
            echo_ok
         else
            echo_failed 
            _admin_user_created=false
            error "$(cat $log_file)"
         fi 
      else
         echo_skipped
      fi
   else
      echo_skipped
   fi
 done
 blank_line
 echononl "Remove previously saved crontab file '$(basename "${crontab_backup_file}")'.."
 if ${_cron_reenabled} ; then
   rm "${crontab_backup_file}" > $log_file 2>&1
@ -1872,8 +1977,8 @@ fi
 blank_line
-echononl "Save login credentials into file 'temporary-login-credentials.txt'.."
+echononl "Save credentials for 'temp-admin' into file 'temporary-login-credentials.txt'.."
-cat <<EOF > "${working_dir}/temporary-login-credentials.txt" 2> "$log_file"
+cat <<EOF > "${working_dir}/login-credentials-temp-admin.txt" 2> "$log_file"
   Login into new Keycloak Service:
@ -1889,15 +1994,53 @@ else
   echo_ok
 fi
-info "Login into new Keycloak Service:
+info "Login into new Keycloak Service as temporary admin user:
             URL:       https://${FQHN_HOSTNAME}
             USER:      temp-admin
             PASSSWORD: ${ADMIN_PASS}
-             see also:  ${working_dir}/temporary-login-credentials.txt
+             see also:  ${working_dir}/login-credentials-temp-admin.txt
 "
 if ${_admin_user_created} ; then
   echononl "Save credentials for permanent admin into file 'login-credentials-admin.txt'.."
   cat <<EOF > "${working_dir}/login-credentials-admin.txt" 2> "$log_file"
   Login into new Keycloak Service:
      URL:        https://${FQHN_HOSTNAME}
      USER:       admin
      PASSSWORD:  ${NEW_ADMIN_PASS}
 EOF
   if [[ $? -ne 0 ]]; then
      echo_failed
      error "$(cat "$log_file")"
   else
      echo_ok
      info "Login into new Keycloak Service as permanent admin user:
             URL:       https://${FQHN_HOSTNAME}
             USER:      admin
             PASSSWORD: ${NEW_ADMIN_PASS}
             see also:  ${working_dir}/login-credentials-admin.txt
 "
   fi
 else
   rm -r "${working_dir}/login-credentials-admin.txt" > /dev/null 2>&1
 fi
 clean_up 0
`@ -6,4 +6,4 @@ conf/*.conf`

	`crontab-*`	`crontab-*`

	`temporary-login-credentials.txt`	`login-credentials-*`