Keycloak running on ovirt engine wildfly

The goal of this patch is to setup Keycloak overlay to run on Ovirt Engine's Wildfly/EAP instance. The activation takes place automatically when engine-setup is run and ovirt-engine-keyclaok-setup & ovirt-engine-keycloak packages are installed. As a prerequisite ovirt-engine's patch [1] providing Wildfly/EAP configuration template must be installed. [1] https://gerrit.ovirt.org/c/ovirt-engine/+/117722 Bug-Url: https://bugzilla.redhat.com/2021497 Signed-off-by: Artur Socha <[email protected]>
oVirt · Dec 17, 2021 · aac14ea · aac14ea
1 parent a2282ab
commit aac14ea
Show file tree

Hide file tree

Showing 15 changed files with 593 additions and 52 deletions.
diff --git a/.automation/build-srpm.sh b/.automation/build-srpm.sh
@@ -7,49 +7,15 @@ export ARTIFACTS_DIR
 # Prepare source archive
 [[ -d rpmbuild/SOURCES ]] || mkdir -p rpmbuild/SOURCES
 
+# Clean leftovers from previous builds
+rm -rf rpmbuild/SOURCES/*
+make clean
 
-# Keycloak version specification
-KEYCLOAK_VERSION="15.0.2"
+# Get the tarball
+make dist
 
-# RPM version specification
-RPM_VERSION="${KEYCLOAK_VERSION}"
-RPM_RELEASE="1"
-
-export KEYCLOAK_VERSION RPM_VERSION RPM_RELEASE
-
-# Cleanup
-#rm -rf $ARTIFACTS_DIR
-
-# The name and source of the package
-name="ovirt-engine-keycloak"
-src="keycloak-overlay-$KEYCLOAK_VERSION.zip"
-url="https://github.com/keycloak/keycloak/releases/download/${KEYCLOAK_VERSION}/keycloak-overlay-${KEYCLOAK_VERSION}.zip"
-
-# Download the source:
-if [ ! -f "${src}" ]
-then
-    curl -L -o "rpmbuild/SOURCES/${src}" "${url}"
-fi
-
-# Generate the spec from the template:
-sed \
-    -e "s/@VERSION@/${RPM_VERSION}/g" \
-    -e "s/@RELEASE@/${RPM_RELEASE}/g" \
-    -e "s/@SRC@/${src}/g" \
-    < "${name}.spec.in" \
-    > "${name}.spec"
-
-cp "${name}.spec.in" rpmbuild/SOURCES
-cp "${name}.spec" rpmbuild/SOURCES
-cp "README.md" rpmbuild/SOURCES
 
 # Build SRPMs
 rpmbuild \
     -D "_topdir rpmbuild" \
-    -bs "${name}.spec"
-
-
-
-
-
-
+    -ts ./*.tar.gz
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+# https://help.github.com/en/articles/about-code-owners
+# Default reviewers for everything
+* @arso @mwperina
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -50,11 +50,11 @@ jobs:
       run: |
         dnf install -y \
           createrepo_c \
-          curl \
           dnf-utils \
           findutils \
           git \
           make \
+          python3-devel \
           rpm-build \
           sed
 

diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,11 @@
 output
 *.zip
+*.tar.gz
+exported-artifacts
+rpmbuild
+.idea
+
+# template generated resources
 ovirt-engine-keycloak.spec
+packaging/setup/ovirt_engine_setup/keycloak/config.py
+build/python-check.sh
diff --git a/Makefile b/Makefile
@@ -0,0 +1,144 @@
+# ====================================================================
+# Copyright oVirt Authors
+# SPDX-License-Identifier: Apache-2.0
+# ====================================================================
+
+#
+# CUSTOMIZATION-BEGIN
+#
+# Keycloak version specification
+KEYCLOAK_VERSION="15.0.2"
+
+# RPM version specification
+RPM_VERSION="${KEYCLOAK_VERSION}"
+RPM_RELEASE="1"
+
+EXTRA_BUILD_FLAGS=
+BUILD_VALIDATION=1
+
+PACKAGE_NAME=ovirt-engine-keycloak
+
+PYTHON=$(shell which python3 2> /dev/null)
+PREFIX=/usr/local
+DATAROOT_DIR=$(PREFIX)/share
+PKG_DATA_DIR=$(DATAROOT_DIR)/ovirt-engine-keycloak
+KEYCLOAK_OVERLAY_ZIP="keycloak-overlay-$(KEYCLOAK_VERSION).zip"
+KEYCLOAK_OVERLAY_URL="https://github.com/keycloak/keycloak/releases/download/${KEYCLOAK_VERSION}/${KEYCLOAK_OVERLAY_ZIP}"
+#
+# CUSTOMIZATION-END
+#
+BUILD_FLAGS:=$(BUILD_FLAGS) $(EXTRA_BUILD_FLAGS)
+
+TARBALL=$(PACKAGE_NAME)-$(RPM_VERSION).tar.gz
+BUILD_FILE=tmp.built
+
+
+.SUFFIXES:
+.SUFFIXES: .in
+
+.in:
+	sed \
+	-e "s|@KEYCLOAK_VERSION@|$(KEYCLOAK_VERSION)|g" \
+	-e "s|@KEYCLOAK_OVERLAY_ZIP@|$(KEYCLOAK_OVERLAY_ZIP)|g" \
+	-e "s|@DATAROOT_DIR@|$(DATAROOT_DIR)|g" \
+	-e "s|@PKG_DATA_DIR@|$(PKG_DATA_DIR)|g" \
+	-e "s|@RPM_VERSION@|$(RPM_VERSION)|g" \
+	-e "s|@RPM_RELEASE@|$(RPM_RELEASE)|g" \
+	-e "s|@PACKAGE_NAME@|$(PACKAGE_NAME)|g" \
+	$< > $@
+
+
+GENERATED = \
+	build/python-check.sh \
+	ovirt-engine-keycloak.spec \
+	packaging/setup/ovirt_engine_setup/keycloak/config.py \
+	$(NULL)
+
+
+all:	\
+	generated-files \
+	validations \
+	$(BUILD_FILE) \
+	$(NULL)
+
+generated-files:	$(GENERATED)
+	chmod a+x build/python-check.sh
+
+$(BUILD_FILE):
+	touch $(BUILD_FILE)
+
+clean:
+	rm -rf $(BUILD_FILE)
+	rm -rf tmp.dev.flist
+	rm -rf $(GENERATED)
+	rm -f "$(PACKAGE_NAME)-*.tar.gz"
+
+install: \
+	all \
+	install-packaging-files \
+	$(NULL)
+
+.PHONY: ovirt-engine-keycloak.spec.in
+
+dist:	ovirt-engine-keycloak.spec \
+	download-keycloak \
+	$(NULL)
+
+	git ls-files | tar --files-from /proc/self/fd/0 -czf \
+		"$(TARBALL)" \
+		ovirt-engine-keycloak.spec \
+		$(KEYCLOAK_OVERLAY_ZIP)
+	@echo
+	@echo For distro specific packaging refer to https://www.ovirt.org/develop/dev-process/build-binary-package.html
+	@echo
+
+download-keycloak:
+	if [ ! -f "$(KEYCLOAK_OVERLAY_ZIP)" ]; then \
+		curl -L -o "$(KEYCLOAK_OVERLAY_ZIP)" "$(KEYCLOAK_OVERLAY_URL)"; \
+	fi
+
+# copy SOURCEDIR to TARGETDIR
+# exclude EXCLUDEGEN a list of files to exclude with .in
+# exclude EXCLUDE a list of files.
+copy-recursive:
+	( cd "$(SOURCEDIR)" && find . -type d -printf '%P\n' ) | while read d; do \
+		install -d -m 755 "$(TARGETDIR)/$${d}"; \
+	done
+	( \
+		cd "$(SOURCEDIR)" && find . -type f -printf '%P\n' | \
+		while read f; do \
+			exclude=false; \
+			for x in $(EXCLUDE_GEN); do \
+				if [ "$(SOURCEDIR)/$${f}" = "$${x}.in" ]; then \
+					exclude=true; \
+					break; \
+				fi; \
+			done; \
+			for x in $(EXCLUDE); do \
+				if [ "$(SOURCEDIR)/$${f}" = "$${x}" ]; then \
+					exclude=true; \
+					break; \
+				fi; \
+			done; \
+			$${exclude} || echo "$${f}"; \
+		done \
+	) | while read f; do \
+		src="$(SOURCEDIR)/$${f}"; \
+		dst="$(TARGETDIR)/$${f}"; \
+		[ -x "$${src}" ] && MASK=0755 || MASK=0644; \
+		[ -n "$(DEV_FLIST)" ] && echo "$${dst}" | sed 's#^$(PREFIX)/##' >> "$(DEV_FLIST)"; \
+		install -T -m "$${MASK}" "$${src}" "$${dst}"; \
+	done
+
+
+validations:	generated-files
+	if [ "$(BUILD_VALIDATION)" != 0 ]; then \
+		build/python-check.sh; \
+	fi
+
+install-packaging-files: \
+		$(GENERATED) \
+		$(NULL)
+	$(MAKE) copy-recursive SOURCEDIR=packaging/setup TARGETDIR="$(DESTDIR)$(PKG_DATA_DIR)/../ovirt-engine/setup" EXCLUDE_GEN="$(GENERATED)"
+	$(MAKE) copy-recursive SOURCEDIR=packaging/conf TARGETDIR="$(DESTDIR)$(PKG_DATA_DIR)/conf" EXCLUDE_GEN="$(GENERATED)"
+
diff --git a/build/python-check.sh.in b/build/python-check.sh.in
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+PEP8="@PEP8@"
+PYFLAKES="@PYFLAKES@"
+SRCDIR="$(dirname "$0")/.."
+
+cd "${SRCDIR}"
+
+ret=0
+FILES="$(
+	find build packaging -name '*.py' | while read f; do
+		[ -e "${f}.in" ] || echo "${f}"
+	done
+)"
+
+for exe in "${PYFLAKES}" "${PEP8}"; do
+	if ! which "${exe}" > /dev/null 2>&1; then
+		echo "WARNING: tool '${exe}' is missing" >&2
+	else
+		"${exe}" ${FILES} || ret=1
+	fi
+done
+exit ${ret}
diff --git a/ovirt-engine-keycloak.spec.in b/ovirt-engine-keycloak.spec.in
@@ -1,38 +1,109 @@
 %global __jar_repack 0
 
+%global product_name Keycloak SSO for oVirt Engine
+
+%global ovirt_engine_wildfly_data %{_datadir}/ovirt-engine-wildfly
+%global ovirt_engine_data %{_datadir}/ovirt-engine
+
+%global make_common_opts \\\
+	-j1 \\\
+	BUILD_VALIDATION=0 \\\
+	PACKAGE_NAME=%{name} \\\
+	RPM_VERSION=%{version} \\\
+	RPM_RELEASE=%{release} \\\
+	PREFIX=%{_prefix} \\\
+	DATAROOT_DIR=%{_datadir} \\\
+	%{?EXTRA_BUILD_FLAGS:EXTRA_BUILD_FLAGS="%{EXTRA_BUILD_FLAGS}"}
+
+
+
+########################################################
+#  Keycloak overlay package
+########################################################
 Name:		ovirt-engine-keycloak
-Version:	@VERSION@
-Release:	@RELEASE@%{?dist}
-Summary:	Keycloak SSO for oVirt Engine
+Version:	@RPM_VERSION@
+Release:	@RPM_RELEASE@%{?dist}
+Summary:	%{product_name}
 Group:		Virtualization/Management
 License:	ASL 2.0
 URL:		http://keycloak.org
 BuildArch:	noarch
-Source:		@SRC@
-Source1:	README.md
+Source:		%{name}-@[email protected]
 
-BuildRequires:	curl
 BuildRequires:	unzip
 
-Requires: ovirt-engine-wildfly
-
+Requires:	%{name}-setup >= %{version}
 
 %description
 Keycloak SSO for oVirt Engine.
 
+########################################################
+#  Keycloak overlay setup package
+########################################################
+%package setup
+Summary:	%{product_name} setup
+Group:		Virtualization/Management
+
+BuildRequires:	python3
+BuildRequires:	python3-devel
+
+Requires:	ovirt-engine-setup-plugin-ovirt-engine-common >= 4.5.0
+Requires:	python%{python3_pkgversion}-ovirt-setup-lib
+
+%description setup
+Keycloak SSO for oVirt Engine installation setup package.
+
+
+########################################################
+#  Package customizations
+########################################################
+%prep
+%setup -cq
+
+%build
+make %{make_common_opts}
 
 %install
+rm -fr "%{buildroot}"
+make %{make_common_opts} install DESTDIR=%{buildroot}
+
+# Unzip downloaded keycloak overlay package
 mkdir -p %{buildroot}%{_datadir}
-unzip -d %{buildroot}%{_datadir}/%{name} %{SOURCE0}
+unzip -d %{buildroot}%{_datadir}/%{name} @KEYCLOAK_OVERLAY_ZIP@
 
+# install Readme
 install -d -m 0755 "%{buildroot}%{_docdir}/%{name}"
-install -m 0644 "%{SOURCE1}" "%{buildroot}%{_docdir}/%{name}/README.md"
-install -d -m 0755 "%{buildroot}%{_datadir}/%{name}/modules"
+install -m 0644 "%{_builddir}/%{name}-%{version}/README.md" "%{buildroot}%{_docdir}/%{name}/README.md"
+
+# prepare sym links from ovirt-engine-wildfly to relevant ovirt-engine-keycloak artifacts
+# that is required because keycloak overlay is supposed to be extracted inside Wildfly/EAP location
+# and for ease of future management we do not want to mix them, symlinks here is an acceptable trade off
+mkdir -p %{buildroot}%{ovirt_engine_wildfly_data }/modules/system/layers
+ln -sf %{_datadir}/%{name}/themes %{buildroot}%{ovirt_engine_wildfly_data}/themes
+ln -sf %{_datadir}/%{name}/modules/layers.conf %{buildroot}%{ovirt_engine_wildfly_data}/modules/layers.conf
+ln -sf %{_datadir}/%{name}/modules/system/layers/keycloak %{buildroot}%{ovirt_engine_wildfly_data}/modules/system/layers/keycloak
+
+mkdir -p %{buildroot}%{_datadir}/ovirt-engine-wildfly/bin/client
+ln -sf %{_datadir}/%{name}/bin/add-user-keycloak.sh %{buildroot}%{ovirt_engine_wildfly_data}/bin/add-user-keycloak.sh
+ln -sf %{_datadir}/%{name}/bin/client/keycloak-admin-cli-@[email protected] %{buildroot}%{ovirt_engine_wildfly_data}/bin/client/keycloak-admin-cli-@[email protected]
+ln -sf %{_datadir}/%{name}/bin/client/keycloak-client-registration-cli-@[email protected] %{buildroot}%{ovirt_engine_wildfly_data}/bin/client/keycloak-client-registration-cli-@[email protected]
+
 
 %files
 %{_datadir}/%{name}/
+%{ovirt_engine_wildfly_data}/modules/layers.conf
+%{ovirt_engine_wildfly_data}/modules/system/layers/keycloak
+%{ovirt_engine_wildfly_data}/themes
+%{ovirt_engine_wildfly_data}/bin/client/keycloak-admin-cli-@[email protected]
+%{ovirt_engine_wildfly_data}/bin/client/keycloak-client-registration-cli-@[email protected]
+%{ovirt_engine_wildfly_data}/bin/add-user-keycloak.sh
 %{_docdir}/%{name}/
 
+%files setup
+%{ovirt_engine_data}/setup/ovirt_engine_setup/keycloak/
+%{ovirt_engine_data}/setup/plugins/*/ovirt-engine-keycloak/apache
+%{ovirt_engine_data}/setup/plugins/*/ovirt-engine-keycloak/ovirt-engine
+
 
 %changelog
 * Wed Nov 10 2021 Artur Socha <[email protected]> 15.0.2-1