samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2026-06-23 13:50:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2aca8d1a6a051ce20e7bda508c97e185be3c3115
bridgehead/ovis/runtime/keycloak/keycloak-entrypoint.sh
T
tm16-medma 2aca8d1a6a Add general OVIS bridgehead project
2026-06-17 15:55:01 +02:00

70 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
IMPORT_DIR="${KEYCLOAK_IMPORT_DIR:-/opt/keycloak/data/import}"
export BASE_REALM="${BASE_REALM:-/realm-base/ovis-realm.json}"
export OUTPUT_REALM="${OUTPUT_REALM:-$IMPORT_DIR/ovis-realm.json}"
KEYCLOAK_HTTP_RELATIVE_PATH="${KEYCLOAK_HTTP_RELATIVE_PATH:-/keycloak}"
echo "=== Starting OVIS Keycloak bootstrap ==="
echo "Keycloak certificate directory:"
ls -lh /etc/keycloak/certs || true
mkdir -p "$IMPORT_DIR"
echo "Building dynamic realm configuration at $OUTPUT_REALM..."
tr -d '\r' < /build-realm.sh \
| sed 's|OUTPUT_REALM="/import/ovis-realm.json"|OUTPUT_REALM="${OUTPUT_REALM:-/opt/keycloak/data/import/ovis-realm.json}"|' \
| sh
if [ -n "${KEYCLOAK_ADMIN_CLIENT_SECRET:-}" ]; then
echo "Updating admin client secret for ${KEYCLOAK_ADMIN_CLIENT_ID:-admin-cli}..."
tmp_realm="${OUTPUT_REALM}.tmp"
sed "/\"clientId\"[[:space:]]*:[[:space:]]*\"${KEYCLOAK_ADMIN_CLIENT_ID:-admin-cli}\"/,/\"secret\"[[:space:]]*:/ s|\"secret\"[[:space:]]*:[[:space:]]*\"[^\"]*\"|\"secret\": \"${KEYCLOAK_ADMIN_CLIENT_SECRET}\"|" "$OUTPUT_REALM" > "$tmp_realm"
mv "$tmp_realm" "$OUTPUT_REALM"
fi
DB_HOST="${DB_ADDR:-postgres}"
DB_PORT="${DB_PORT:-5432}"
DB_WAIT_SECONDS="${KEYCLOAK_DB_WAIT_SECONDS:-120}"
DB_POLL_INTERVAL="${KEYCLOAK_DB_WAIT_POLL_INTERVAL:-2}"
echo "Waiting for PostgreSQL at ${DB_HOST}:${DB_PORT} (timeout: ${DB_WAIT_SECONDS}s)..."
elapsed=0
until timeout 1 bash -c "</dev/tcp/${DB_HOST}/${DB_PORT}" 2>/dev/null; do
elapsed=$((elapsed + DB_POLL_INTERVAL))
if [ "$elapsed" -ge "$DB_WAIT_SECONDS" ]; then
echo "ERROR: PostgreSQL did not become reachable within ${DB_WAIT_SECONDS}s"
exit 1
fi
echo "PostgreSQL not reachable yet (${elapsed}s elapsed); retrying in ${DB_POLL_INTERVAL}s..."
sleep "$DB_POLL_INTERVAL"
done
echo "Importing Keycloak realm from $IMPORT_DIR..."
/opt/keycloak/bin/kc.sh import --dir "$IMPORT_DIR" --override true
if [ "${OVIS_KEYCLOAK_USE_IMAGE_CMD:-false}" = "true" ] && [ "$#" -gt 0 ]; then
keycloak_args=("$@")
else
keycloak_hostname="${KEYCLOAK_HOSTNAME:-${APP_DOMAIN:-localhost}}"
keycloak_args=(
start
--http-enabled=true
--proxy-headers=xforwarded
--hostname="$keycloak_hostname"
--hostname-strict=true
--http-relative-path="$KEYCLOAK_HTTP_RELATIVE_PATH"
)
fi
if [ "${PUBLIC_LDAP_ENABLED:-}" = "true" ] && [ -n "${LDAP_CERTIFICATE_NAME:-}" ] && [ -f "/etc/keycloak/certs/${LDAP_CERTIFICATE_NAME}" ]; then
echo "LDAP enabled: loading certificate ${LDAP_CERTIFICATE_NAME}"
keycloak_args+=("--truststore-paths=/etc/keycloak/certs/${LDAP_CERTIFICATE_NAME}")
else
echo "LDAP disabled or certificate not found: skipping certificate loading"
fi
echo "Starting Keycloak..."
exec /opt/keycloak/bin/kc.sh "${keycloak_args[@]}"
Reference in New Issue View Git Blame Copy Permalink