From f709ae99105978be5899f1d19c8e6adf3b31763b Mon Sep 17 00:00:00 2001
From: Temur Maisuradze <temur@grena.ge>
Date: Fri, 4 Dec 2020 16:17:12 +0400
Subject: [PATCH] logging for keycloak

---
 inventories/filebeat                         |  6 ++--
 roles/build/files/keycloaksupervisord.conf   | 32 ++++++++++++++++++++
 roles/build/templates/keycloak/Dockerfile.j2 |  6 ++--
 roles/docker/tasks/keycloak.yml              |  1 -
 roles/keycloak/tasks/main.yml                | 13 ++++++--
 5 files changed, 49 insertions(+), 9 deletions(-)
 create mode 100644 roles/build/files/keycloaksupervisord.conf

diff --git a/inventories/filebeat b/inventories/filebeat
index 66c6926..408bdd3 100644
--- a/inventories/filebeat
+++ b/inventories/filebeat
@@ -3,10 +3,10 @@ dsoclab-nifi-1 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-curren
 dsoclab-nifi-2 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log"]' FILEBEAT_LOG_TYPE="nifi" FILEBEAT_LOG_FORMAT="text"
 dsoclab-nifi-3 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log"]' FILEBEAT_LOG_TYPE="nifi" FILEBEAT_LOG_FORMAT="text"
 dsoclab-misp ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-php72/log/php-fpm/*.log","/var/opt/rh/rh-redis32/log/redis/redis.log","/var/log/httpd/*log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="misp" FILEBEAT_LOG_FORMAT="text"
-#dsoclab-odfe-1 ansible_connection=docker FILEBEAT_FILES='[""]'
-#dsoclab-odfe-2 ansible_connection=docker FILEBEAT_FILES='[""]'
+#dsoclab-odfe-1 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsearch/logs/dsoclab-cluster_server.json"]' FILEBEAT_LOG_TYPE="odfe1" FILEBEAT_LOG_FORMAT="json"
+#dsoclab-odfe-2 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsearch/logs/dsoclab-cluster_server.json"]' FILEBEAT_LOG_TYPE="odfe2" FILEBEAT_LOG_FORMAT="json"
 dsoclab-kibana ansible_connection=docker FILEBEAT_FILES='["/usr/share/kibana/kblog"]' FILEBEAT_LOG_TYPE="kibana" FILEBEAT_LOG_FORMAT="text"
-#dsoclab-keycloak ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-keycloak ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="keycloak" FILEBEAT_LOG_FORMAT="text"
 dsoclab-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log"]' FILEBEAT_LOG_TYPE="mysql" FILEBEAT_LOG_FORMAT="text"
 dsoclab-haproxy ansible_connection=docker FILEBEAT_SYSLOG_PORT=9000 FILEBEAT_LOG_TYPE="haproxy" FILEBEAT_LOG_FORMAT="text"
 #dsoclab-zookeeper ansible_connection=docker FILEBEAT_FILES='[""]'
diff --git a/roles/build/files/keycloaksupervisord.conf b/roles/build/files/keycloaksupervisord.conf
new file mode 100644
index 0000000..2695249
--- /dev/null
+++ b/roles/build/files/keycloaksupervisord.conf
@@ -0,0 +1,32 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:keycloak]
+directory=/opt/jboss/keycloak
+user=jboss
+group=jboss
+#command=/opt/jboss/keycloak/bin/standalone.sh -b 0.0.0.0
+command=/bin/bash -c '/docker-java-home/jre/bin/java -D[Standalone] -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Dorg.jboss.boot.log.file=/opt/jboss/keycloak/standalone/log/server.log -Dlogging.configuration=file:/opt/jboss/keycloak/standalone/configuration/logging.properties -jar /opt/jboss/keycloak/jboss-modules.jar -mp /opt/jboss/keycloak/modules org.jboss.as.standalone -Djboss.home.dir=/opt/jboss/keycloak -Djboss.server.base.dir=/opt/jboss/keycloak/standalone -b 0.0.0.0'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/keycloak_stderr.log
+stdout_logfile = /var/log/supervisor/keycloak_stdout.log
+
diff --git a/roles/build/templates/keycloak/Dockerfile.j2 b/roles/build/templates/keycloak/Dockerfile.j2
index 62b7c55..951493a 100644
--- a/roles/build/templates/keycloak/Dockerfile.j2
+++ b/roles/build/templates/keycloak/Dockerfile.j2
@@ -11,7 +11,7 @@ USER root
 #ADD /{{role_path}}/templates/keycloak/keycloak-tools /opt/jboss/tools
 ADD keycloak-tools /opt/jboss/tools
 #ADD ../templates/keycloak/keycloak-tools /opt/jboss/tools
-RUN yum -y install openssl && yum -y clean all && \
+RUN yum -y install openssl supervisor && yum -y clean all && \
     mkdir -p /opt/jboss/ && cd /opt/jboss/ && \
     curl -L $KEYCLOAK_DIST | tar zx && \
     mv /opt/jboss/keycloak-* /opt/jboss/keycloak && \
@@ -38,6 +38,6 @@ EXPOSE 8443
 
 RUN echo 'jboss ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
 
-USER jboss
-ENTRYPOINT ["/bin/bash"]
+COPY keycloaksupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
 
diff --git a/roles/docker/tasks/keycloak.yml b/roles/docker/tasks/keycloak.yml
index c910408..1fddf2a 100644
--- a/roles/docker/tasks/keycloak.yml
+++ b/roles/docker/tasks/keycloak.yml
@@ -10,7 +10,6 @@
     networks_cli_compatible: yes
     published_ports:
       - "12443:8443"
-    entrypoint: "/bin/bash"
     interactive: "yes"
   with_items: "{{ groups['keycloakcontainers'] }}"
   tags:
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 9c8f81e..e3955df 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 
 - name: Copy certificates in keycloak x509 conf dir
+  remote_user: jboss
   copy:
     src:  "{{ item.local }}"
     dest: "{{ item.remote }}"
@@ -22,6 +23,7 @@
     - start
 
 - name: Generate Keycloak secure config
+  remote_user: jboss
   command: "/opt/jboss/tools/x509.sh"
   environment:
     X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
@@ -29,11 +31,13 @@
     - start
 
 - name: Set admin password
+  remote_user: jboss
   command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{keycloak_adminpass}}"
   tags:
     - start
 
 - name: Configure Keycloak start script
+  remote_user: jboss
   template:
     src: "{{item}}.j2"
     dest: "/opt/jboss/tools/{{item}}"
@@ -46,11 +50,13 @@
 
 
 - name: Start Keycloak IdP
-  command: /opt/jboss/tools/startkeycloak.sh
+  remote_user: root
+  command: "supervisorctl start keycloak"
   tags:
     - start
 
 - name: Wait for Keycloak
+  remote_user: jboss
   wait_for:
     host: "{{groups['keycloakcontainers'][0]}}"
     port: 8443
@@ -60,11 +66,13 @@
     - start
 
 - name: Initialize Keycloak realm
+  remote_user: jboss
   command: /opt/jboss/tools/initkeycloakrealm.sh
   tags:
     - start
 
 - name: Copy secrets from Keycloak
+  remote_user: jboss
   fetch:
     src:  "{{ item.remote }}"
     dest: "{{ item.local }}"
@@ -78,6 +86,7 @@
     - start
 
 - name: Stop Keycloak
-  command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+  remote_user: root
+  command: "supervisorctl stop keycloak"
   tags:
     - stop
-- 
GitLab