42 lines
1.3 KiB
Markdown
42 lines
1.3 KiB
Markdown
|
I recently broke this by deleting the database and restarting it.
|
||
|
|
||
|
This was actually an accident.
|
||
|
|
||
|
Anyway, I had a backup but went ahead and rolled forward to test the
|
||
|
terraform-a-new-keycloak idea... and it worked, I think!
|
||
|
|
||
|
So I had a blank keycloak sitting in kubernetes based on the manifests here.
|
||
|
|
||
|
I then moved the tfstate away and reterraformed the oidc clients and ldap
|
||
|
configs back into existence.
|
||
|
|
||
|
HOWEVER: the oidc secrets will be different. To unscrew this up, the secrets
|
||
|
must be restored. This is most easily done by restoring the random password
|
||
|
from the previous state.
|
||
|
|
||
|
First, we'll delete the existing new secrets. Then we'll restore the others.
|
||
|
|
||
|
```bash
|
||
|
jq -c '.resources[]' terraform.tfstate.1681525339.backup | \
|
||
|
jq -r '
|
||
|
select(.type == "random_password")
|
||
|
| @sh "terraform state rm \(.module).\(.type).\(.name)\"[0]\""
|
||
|
' | sh -s
|
||
|
```
|
||
|
|
||
|
I screwed my system up on Friday, April 14 at 21:22:19 CDT in the year 2023.
|
||
|
|
||
|
Now we'll restore the good secrets.
|
||
|
|
||
|
```bash
|
||
|
jq -c '.resources[]' terraform.tfstate.1681525339.backup | \
|
||
|
jq -r '
|
||
|
select(.type == "random_password")
|
||
|
| @sh "terraform import \(.module).\(.type).\(.name)\"[0]\" \(.instances[0].attributes.result)"
|
||
|
' | sh -s
|
||
|
```
|
||
|
|
||
|
At least, I think this worked... I also had to set the epoch to 1 for all of
|
||
|
these (by modifying the state file by hand).
|
||
|
|