ansible-keycloak/README.md

# Ansible Collection - keycloak

[![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml)


Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on). 

<!--start requires_ansible-->
## Ansible version compatibility

This collection has been tested against following Ansible versions: **>=2.9.10**.

Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
<!--end requires_ansible-->

## Installation

### Installing the Collection from Ansible Galaxy

Before using the collection, you need to install it with the Ansible Galaxy CLI:

    ansible-galaxy collection install middleware_automation.keycloak

You can also include it in a `requirements.yml` file and install it via `ansible-galaxy collection install -r requirements.yml`, using the format:

```yaml
---
collections:
  - name: middleware_automation.keycloak
```

The keycloak collection also depends on the following python packages to be present on the controller host:

* netaddr

A requirement file is provided to install:

    pip install -r requirements.txt


### Included roles

* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service.
* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service.


## Usage

### Install Playbook

`playbooks/keycloak.yml` installs the upstream(Keycloak) based on the defined variables.
`playbooks/rhsso.yml` installs Red Hat Single Sign-On(RHSSO) based on defined variables.

### Choosing between upstream(Keycloak) project and Red Hat Single Sign-On(RHSSO)

The roles supports installing upstream(Keycloak) or Red Hat Single Sign-On in the following ways

#### Install upstream(Keycloak) from remote source

This is default approach, there is one required variable

```
keycloak_admin_password: "<changeme>"
```

#### Install upstream(Keycloak) from local source when the following variable is defined

```
keycloak_admin_password: "<changeme>"
zip_file_local_path: <keycloak zip file on Ansible control node local path>
```

#### Install RHSSO from the Red Hat Customer Support Portal, when the following variables are defined

```
keycloak_admin_password: "<changeme>"
rhn_username: '<customer_portal_username>'
rhn_password: '<customer_portal_password>'
rhsso_rhn_id: '<sso_product_id>'
```

where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)

#### Install RHSSO from remote sources like Nexus etc, when the following variables are defined

```
keycloak_admin_password: "<changeme>"
keycloak_rhsso_enable: True
rhsso_source_download_url: '<url to download RHSSO zip file>'
```

#### Install RHSSO from local source when the following variable is defined

```
keycloak_admin_password: "<changeme>"
keycloak_rhsso_enable: True
zip_file_local_path: <rhsso zip file on Ansible control node local path>
```

### Example installation command

Execute the following command from the source root directory 

```
ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme>
``` 

- `keycloak_admin_password` Password for the administration console user account.
- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost

  ```
  [keycloak]
  localhost ansible_connection=local
  ```

## Configuration

### Config Playbook

`playbooks/keycloak-realm.yml` creates provided realm, user federation(s), client(s), client role(s) and client user(s) if they don't exist.

### Example configuration command

Execute the following command from the source root directory

```
ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
```

- `keycloak_admin_password` password for the administration console user account.
- `keycloak_realm` name of the realm to be created/used.
- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost

  ```
  [keycloak]
  localhost ansible_connection=local
  ```

## License

Apache License v2.0 or later

See [LICENSE](LICENSE) to view the full text.
Initial commit 2021-12-14 08:54:49 +00:00			`# Ansible Collection - keycloak`

			`[![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml)`


			`Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on).`

			`<!--start requires_ansible-->`
			`## Ansible version compatibility`

			`This collection has been tested against following Ansible versions: >=2.9.10.`

			`Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.`
			`<!--end requires_ansible-->`

Updated README.md 2022-01-07 02:24:04 +00:00			`## Installation`
Initial commit 2021-12-14 08:54:49 +00:00
			`### Installing the Collection from Ansible Galaxy`

			`Before using the collection, you need to install it with the Ansible Galaxy CLI:`

			`ansible-galaxy collection install middleware_automation.keycloak`

			You can also include it in a `requirements.yml` file and install it via `ansible-galaxy collection install -r requirements.yml`, using the format:

			```yaml
			`---`
			`collections:`
			`- name: middleware_automation.keycloak`
			```

rework docs, add python requirements 2022-01-27 10:59:35 +00:00			`The keycloak collection also depends on the following python packages to be present on the controller host:`

			`* netaddr`

			`A requirement file is provided to install:`

			`pip install -r requirements.txt`


			`### Included roles`

			* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service.
			* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service.


			`## Usage`

Updated README.md 2022-01-07 02:24:04 +00:00			`### Install Playbook`

Code review comments 2022-01-14 19:54:10 +00:00			`playbooks/keycloak.yml` installs the upstream(Keycloak) based on the defined variables.
			`playbooks/rhsso.yml` installs Red Hat Single Sign-On(RHSSO) based on defined variables.
Updated README.md 2022-01-07 02:24:04 +00:00
Code review comments 2022-01-14 19:54:10 +00:00			`### Choosing between upstream(Keycloak) project and Red Hat Single Sign-On(RHSSO)`
Add instructions for installing RH SSO 2021-12-14 15:47:36 +00:00
Code review comments 2022-01-14 19:54:10 +00:00			`The roles supports installing upstream(Keycloak) or Red Hat Single Sign-On in the following ways`
Local path installation support 2022-01-11 07:34:06 +00:00
Code review comments 2022-01-14 19:54:10 +00:00			`#### Install upstream(Keycloak) from remote source`
Local path installation support 2022-01-11 07:34:06 +00:00
Code review comments 2022-01-14 19:54:10 +00:00			`This is default approach, there is one required variable`
Local path installation support 2022-01-11 07:34:06 +00:00
Code review comments 2022-01-14 19:54:10 +00:00			```
			`keycloak_admin_password: "<changeme>"`
			```

			`#### Install upstream(Keycloak) from local source when the following variable is defined`
Local path installation support 2022-01-11 07:34:06 +00:00
			```
Code review comments 2022-01-14 19:54:10 +00:00			`keycloak_admin_password: "<changeme>"`
			`zip_file_local_path: <keycloak zip file on Ansible control node local path>`
Local path installation support 2022-01-11 07:34:06 +00:00			```

Code review comments 2022-01-14 19:54:10 +00:00			`#### Install RHSSO from the Red Hat Customer Support Portal, when the following variables are defined`
Add instructions for installing RH SSO 2021-12-14 15:47:36 +00:00
			```
Code review comments 2022-01-14 19:54:10 +00:00			`keycloak_admin_password: "<changeme>"`
Add instructions for installing RH SSO 2021-12-14 15:47:36 +00:00			`rhn_username: '<customer_portal_username>'`
			`rhn_password: '<customer_portal_password>'`
			`rhsso_rhn_id: '<sso_product_id>'`
			```

			where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)

Download source via url 2022-01-12 15:13:53 +00:00			`#### Install RHSSO from remote sources like Nexus etc, when the following variables are defined`

			```
Code review comments 2022-01-14 19:54:10 +00:00			`keycloak_admin_password: "<changeme>"`
			`keycloak_rhsso_enable: True`
			`rhsso_source_download_url: '<url to download RHSSO zip file>'`
Download source via url 2022-01-12 15:13:53 +00:00			```

Local path installation support 2022-01-11 07:34:06 +00:00			`#### Install RHSSO from local source when the following variable is defined`

			```
Code review comments 2022-01-14 19:54:10 +00:00			`keycloak_admin_password: "<changeme>"`
			`keycloak_rhsso_enable: True`
			`zip_file_local_path: <rhsso zip file on Ansible control node local path>`
Local path installation support 2022-01-11 07:34:06 +00:00			```

Updated README.md 2022-01-07 02:24:04 +00:00			`### Example installation command`

			`Execute the following command from the source root directory`

			```
Removed anisble_hosts file & Updated README.md 2022-01-07 16:09:25 +00:00			`ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme>`
Updated README.md 2022-01-07 02:24:04 +00:00			```

Removed anisble_hosts file & Updated README.md 2022-01-07 16:09:25 +00:00			- `keycloak_admin_password` Password for the administration console user account.
			- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost

			```
			`[keycloak]`
			`localhost ansible_connection=local`
			```

Updated README.md 2022-01-07 02:24:04 +00:00			`## Configuration`

			`### Config Playbook`

User Federation changes 2022-01-17 21:53:16 +00:00			`playbooks/keycloak-realm.yml` creates provided realm, user federation(s), client(s), client role(s) and client user(s) if they don't exist.
Updated README.md 2022-01-07 02:24:04 +00:00
			`### Example configuration command`

			`Execute the following command from the source root directory`

			```
User Federation changes 2022-01-17 21:53:16 +00:00			`ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test`
Updated README.md 2022-01-07 02:24:04 +00:00			```
Update READMEs 2021-12-22 13:02:13 +00:00
Removed anisble_hosts file & Updated README.md 2022-01-07 16:09:25 +00:00			- `keycloak_admin_password` password for the administration console user account.
			- `keycloak_realm` name of the realm to be created/used.
			- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost

			```
			`[keycloak]`
			`localhost ansible_connection=local`
			```

Initial commit 2021-12-14 08:54:49 +00:00			`## License`

			`Apache License v2.0 or later`

rework docs, add python requirements 2022-01-27 10:59:35 +00:00			`See [LICENSE](LICENSE) to view the full text.`
Initial commit 2021-12-14 08:54:49 +00:00