From 4883e14195043ed6998a513e7fc32d14af26908d Mon Sep 17 00:00:00 2001
From: demx8as6 <martin.skorupski@highstreet-technologies.com>
Date: Thu, 15 Sep 2022 14:59:39 +0200
Subject: [PATCH] update identity service

- update OAM environment variables for new image
- update OAM centric docker-compose for identity

IssueID: OAM-296
Change-Id: I806c03c4c92b6b5be3996bfe4e36b82db8e0cd40
Signed-off-by: demx8as6 <martin.skorupski@highstreet-technologies.com>
---
 solution/operation-and-maintenance/smo/common/.env |  8 ++--
 .../smo/common/docker-compose.yml                  | 44 +++++++++++++++++++---
 2 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/solution/operation-and-maintenance/smo/common/.env b/solution/operation-and-maintenance/smo/common/.env
index 4971bf7..2a184db 100644
--- a/solution/operation-and-maintenance/smo/common/.env
+++ b/solution/operation-and-maintenance/smo/common/.env
@@ -14,7 +14,7 @@
 # limitations under the License.
 #
 
-COMPOSE_PROJECT_NAME=o-ran-sc-f-release
+COMPOSE_PROJECT_NAME=o-ran-sc-g-release
 
 # Credentials
 
@@ -28,8 +28,10 @@ NETWORK_SUBNET_SMO=2001:db8:1:40::/96
 NETWORK_GATEWAY_SMO=2001:db8:1:40::1
 
 # Identity server
-IDENTITY_IMAGE=quay.io/keycloak/keycloak:12.0.4
-IDENTITY_PORT=8463
+IDENTITY_IMAGE=bitnami/keycloak:18.0.2
+IDENTITY_MGMT_USERNAME=manager
+IDENTITY_MGMT_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+IDENTITY_PORT_HTTPS=8463
 IDENTITY_PROVIDER_URL=https://identity:8463
 
 # PERSISTENCE (including SDN-R Database)
diff --git a/solution/operation-and-maintenance/smo/common/docker-compose.yml b/solution/operation-and-maintenance/smo/common/docker-compose.yml
index 8cc6f3b..2d65a9f 100755
--- a/solution/operation-and-maintenance/smo/common/docker-compose.yml
+++ b/solution/operation-and-maintenance/smo/common/docker-compose.yml
@@ -20,14 +20,46 @@ services:
     image: ${IDENTITY_IMAGE}
     container_name: identity
     ports:
-      - ${IDENTITY_PORT}:8443
+      - ${IDENTITY_PORT_HTTPS}:${IDENTITY_PORT_HTTPS}
     environment:
-      - KEYCLOAK_USER=${ADMIN_USERNAME}
-      - KEYCLOAK_PASSWORD=${ADMIN_PASSWORD}
-      - JAVA_OPTS=-Djboss.bind.address.private=[::1] -Djboss.bind.address=[::1] -Djava.net.preferIPv6Addresses=true -Djava.net.preferIPv4Stack=false
-      - DB_VENDOR=h2
+      - KEYCLOAK_HTTPS_PORT=${IDENTITY_PORT_HTTPS}
+      - KEYCLOAK_CREATE_ADMIN_USER=true
+      - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME}
+      - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD}
+      - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME}
+      - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD}
+      - KEYCLOAK_DATABASE_HOST=identitydb
+      - KEYCLOAK_DATABASE_NAME=keycloak
+      - KEYCLOAK_DATABASE_USER=keycloak
+      - KEYCLOAK_DATABASE_PASSWORD=keycloak
+      - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000
+      - KEYCLOAK_PRODUCTION=false
+      - KEYCLOAK_ENABLE_TLS=true
+      - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks
+      - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks
+      - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password
+      - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
+      - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks
+      - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks
+    depends_on:
+      - identitydb
+    networks:
+      - dmz
+
+  identitydb:
+    image: docker.io/bitnami/postgresql:13
+    container_name: identitydb
+    environment:
+      - ALLOW_EMPTY_PASSWORD=no
+      - POSTGRESQL_USERNAME=keycloak
+      - POSTGRESQL_DATABASE=keycloak
+      - POSTGRESQL_PASSWORD=keycloak
     networks:
-      dmz:
+      - dmz
+
 
   persistence:
     image: ${PERSISTENCE_IMAGE}
-- 
2.16.6