ansible-keycloak/roles/keycloak/tasks/install.yml

---
- name: Validate parameters
  ansible.builtin.assert:
    that:
      - keycloak_jboss_home is defined
      - keycloak_service_user is defined
      - keycloak_dest is defined
      - keycloak_archive is defined
      - keycloak_download_url is defined
      - keycloak_version is defined
    quiet: true

- name: Check for an existing deployment
  become: yes
  ansible.builtin.stat:
    path: "{{ keycloak_jboss_home }}"
  register: existing_deploy

- name: Stop and restart if existing deployment exists and install forced
  block:
    - name: "Stop the old {{ keycloak.service_name }} service"
      become: yes
      ignore_errors: yes
      ansible.builtin.systemd:
        name: keycloak
        state: stopped
    - name: "Remove the old {{ keycloak.service_name }} deployment"
      become: yes
      ansible.builtin.file:
        path: "{{ keycloak_jboss_home }}"
        state: absent
  when: existing_deploy.stat.exists and keycloak_force_install|bool

- name: Check for an existing deployment after possible forced removal
  become: yes
  ansible.builtin.stat:
    path: "{{ keycloak_jboss_home }}"

- name: "Create {{ keycloak.service_name }} service user/group"
  become: yes
  ansible.builtin.user:
    name: "{{ keycloak_service_user }}"
    home: /opt/keycloak
    system: yes
    create_home: no

- name: "Create {{ keycloak.service_name }} install location"
  become: yes
  ansible.builtin.file:
    dest: "{{ keycloak_dest }}"
    state: directory
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
    mode: 0750

## check remote archive
- name: Set download archive path
  ansible.builtin.set_fact:
    archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"

- name: Check download archive path
  become: yes
  ansible.builtin.stat:
    path: "{{ archive }}"
  register: archive_path

## download to controller
- name: Check local download archive path
  ansible.builtin.stat:
    path: "{{ lookup('env', 'PWD') }}"
  register: local_path
  delegate_to: localhost

- name: Download keycloak archive
  ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
    url: "{{ keycloak_download_url }}"
    dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
    mode: 0644
  delegate_to: localhost
  when:
    - archive_path is defined
    - archive_path.stat is defined
    - not archive_path.stat.exists
    - not sso_enable is defined or not sso_enable
    - not keycloak_offline_install

- name: Perform download from RHN
  middleware_automation.redhat_csp_download.redhat_csp_download:
    url: "{{ keycloak_rhsso_download_url }}"
    dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
    username: "{{ rhn_username }}"
    password: "{{ rhn_password }}"
  no_log: "{{ omit_rhn_output | default(true) }}"
  delegate_to: localhost
  when:
    - archive_path is defined
    - archive_path.stat is defined
    - not archive_path.stat.exists
    - sso_enable is defined and sso_enable
    - not keycloak_offline_install
    - keycloak_rhn_url in keycloak_download_url

- name: Download rhsso archive from alternate location
  ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
    url: "{{ keycloak_rhsso_download_url }}"
    dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
    mode: 0644
  delegate_to: localhost
  when:
    - archive_path is defined
    - archive_path.stat is defined
    - not archive_path.stat.exists
    - sso_enable is defined and sso_enable
    - not keycloak_offline_install
    - not keycloak_rhn_url in keycloak_download_url

- name: Check downloaded archive
  ansible.builtin.stat:
    path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
  register: local_archive_path
  delegate_to: localhost

## copy and unpack
- name: Copy archive to target nodes
  ansible.builtin.copy:
    src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
    dest: "{{ archive }}"
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
    mode: 0640
  register: new_version_downloaded
  when:
    - not archive_path.stat.exists
    - local_archive_path.stat is defined
    - local_archive_path.stat.exists
  become: yes

- name: "Check target directory: {{ keycloak.home }}"
  ansible.builtin.stat:
    path: "{{ keycloak.home }}"
  register: path_to_workdir
  become: yes

- name: "Extract {{ keycloak_service_desc }} archive on target"
  ansible.builtin.unarchive:
    remote_src: yes
    src: "{{ archive }}"
    dest: "{{ keycloak_dest }}"
    creates: "{{ keycloak.home }}"
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
  become: yes
  when:
    - new_version_downloaded.changed or not path_to_workdir.stat.exists
  notify:
    - restart keycloak

- name: Inform decompression was not executed
  ansible.builtin.debug:
    msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
  when:
    - not new_version_downloaded.changed and path_to_workdir.stat.exists

- name: "Reown installation directory to {{ keycloak_service_user }}"
  ansible.builtin.file:
    path: "{{ keycloak.home }}"
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
    recurse: true
  become: yes
  changed_when: false

# driver and configuration
- name: "Install {{ keycloak_jdbc_engine }} driver"
  ansible.builtin.include_tasks: jdbc_driver.yml
  when: keycloak_jdbc[keycloak_jdbc_engine].enabled

- name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak.config_template_source }}"
  become: yes
  ansible.builtin.template:
    src: "templates/{{ keycloak.config_template_source }}"
    dest: "{{ keycloak_config_path_to_standalone_xml }}"
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
    mode: 0640
  notify:
    - restart keycloak
  when: not keycloak_remotecache.enabled or keycloak_config_override_template|length > 0

- name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
  become: yes
  ansible.builtin.template:
    src: templates/standalone-infinispan.xml.j2
    dest: "{{ keycloak_config_path_to_standalone_xml }}"
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
    mode: 0640
  notify:
    - restart keycloak
  when: keycloak_remotecache.enabled
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`---`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`- name: Validate parameters`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.assert:`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`that:`
			`- keycloak_jboss_home is defined`
			`- keycloak_service_user is defined`
			`- keycloak_dest is defined`
			`- keycloak_archive is defined`
			`- keycloak_download_url is defined`
			`- keycloak_version is defined`
			`quiet: true`

simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`- name: Check for an existing deployment`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.stat:`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`path: "{{ keycloak_jboss_home }}"`
			`register: existing_deploy`

ci: linter version update fixes 2022-05-11 11:33:52 +02:00			`- name: Stop and restart if existing deployment exists and install forced`
			`block:`
use proper service name in task names 2022-03-17 10:45:55 +01:00			`- name: "Stop the old {{ keycloak.service_name }} service"`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
			`ignore_errors: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.systemd:`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`name: keycloak`
			`state: stopped`
use proper service name in task names 2022-03-17 10:45:55 +01:00			`- name: "Remove the old {{ keycloak.service_name }} deployment"`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.file:`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`path: "{{ keycloak_jboss_home }}"`
			`state: absent`
			`when: existing_deploy.stat.exists and keycloak_force_install\|bool`

misc: simply fastpackages logic and reduce play time 2022-03-11 15:08:53 +01:00			`- name: Check for an existing deployment after possible forced removal`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.stat:`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`path: "{{ keycloak_jboss_home }}"`

use proper service name in task names 2022-03-17 10:45:55 +01:00			`- name: "Create {{ keycloak.service_name }} service user/group"`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.user:`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`name: "{{ keycloak_service_user }}"`
			`home: /opt/keycloak`
			`system: yes`
			`create_home: no`

use proper service name in task names 2022-03-17 10:45:55 +01:00			`- name: "Create {{ keycloak.service_name }} install location"`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.file:`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`dest: "{{ keycloak_dest }}"`
			`state: directory`
			`owner: "{{ keycloak_service_user }}"`
			`group: "{{ keycloak_service_group }}"`
Fix linter warnings 2021-12-14 11:34:41 +01:00			`mode: 0750`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`## check remote archive`
			`- name: Set download archive path`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.set_fact:`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"`

			`- name: Check download archive path`
use proper service name in task names 2022-03-17 10:45:55 +01:00			`become: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.stat:`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`path: "{{ archive }}"`
			`register: archive_path`

			`## download to controller`
READMEs updated by helper scripts 2022-02-15 10:14:44 +01:00			`- name: Check local download archive path`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.stat:`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`path: "{{ lookup('env', 'PWD') }}"`
			`register: local_path`
			`delegate_to: localhost`

			`- name: Download keycloak archive`
fix: linter 2022-04-28 11:58:29 +02:00			`ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`url: "{{ keycloak_download_url }}"`
			`dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"`
fix incorrect downloaded archive filemode 2022-05-11 10:38:52 +02:00			`mode: 0644`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`delegate_to: localhost`
			`when:`
			`- archive_path is defined`
			`- archive_path.stat is defined`
			`- not archive_path.stat.exists`
Downstream variables 2022-09-19 16:02:55 +02:00			`- not sso_enable is defined or not sso_enable`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`- not keycloak_offline_install`

Fix linter errors 2022-02-15 13:14:36 +01:00			`- name: Perform download from RHN`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`middleware_automation.redhat_csp_download.redhat_csp_download:`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`url: "{{ keycloak_rhsso_download_url }}"`
			`dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"`
			`username: "{{ rhn_username }}"`
			`password: "{{ rhn_password }}"`
			`no_log: "{{ omit_rhn_output \| default(true) }}"`
			`delegate_to: localhost`
			`when:`
			`- archive_path is defined`
			`- archive_path.stat is defined`
			`- not archive_path.stat.exists`
Downstream variables 2022-09-19 16:02:55 +02:00			`- sso_enable is defined and sso_enable`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`- not keycloak_offline_install`
Downstream variables 2022-09-19 16:02:55 +02:00			`- keycloak_rhn_url in keycloak_download_url`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00
			`- name: Download rhsso archive from alternate location`
fix: linter 2022-04-28 11:58:29 +02:00			`ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`url: "{{ keycloak_rhsso_download_url }}"`
			`dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"`
fix incorrect downloaded archive filemode 2022-05-11 10:38:52 +02:00			`mode: 0644`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`delegate_to: localhost`
			`when:`
			`- archive_path is defined`
			`- archive_path.stat is defined`
			`- not archive_path.stat.exists`
Downstream variables 2022-09-19 16:02:55 +02:00			`- sso_enable is defined and sso_enable`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`- not keycloak_offline_install`
Downstream variables 2022-09-19 16:02:55 +02:00			`- not keycloak_rhn_url in keycloak_download_url`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00
fix: copy from local only if target not existing 2022-02-09 15:06:40 +01:00			`- name: Check downloaded archive`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.stat:`
fix: copy from local only if target not existing 2022-02-09 15:06:40 +01:00			`path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"`
			`register: local_archive_path`
			`delegate_to: localhost`

simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`## copy and unpack`
			`- name: Copy archive to target nodes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.copy:`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"`
			`dest: "{{ archive }}"`
			`owner: "{{ keycloak_service_user }}"`
			`group: "{{ keycloak_service_group }}"`
fix incorrect downloaded archive filemode 2022-05-11 10:38:52 +02:00			`mode: 0640`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`register: new_version_downloaded`
fix: copy from local only if target not existing 2022-02-09 15:06:40 +01:00			`when:`
			`- not archive_path.stat.exists`
			`- local_archive_path.stat is defined`
			`- local_archive_path.stat.exists`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`

fix: unpack archive only if needed 2022-01-28 15:18:49 +01:00			`- name: "Check target directory: {{ keycloak.home }}"`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.stat:`
fix: unpack archive only if needed 2022-01-28 15:18:49 +01:00			`path: "{{ keycloak.home }}"`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`register: path_to_workdir`
			`become: yes`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00
Downstream variables 2022-09-19 16:02:55 +02:00			`- name: "Extract {{ keycloak_service_desc }} archive on target"`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.unarchive:`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`remote_src: yes`
			`src: "{{ archive }}"`
			`dest: "{{ keycloak_dest }}"`
			`creates: "{{ keycloak.home }}"`
			`owner: "{{ keycloak_service_user }}"`
			`group: "{{ keycloak_service_group }}"`
			`become: yes`
			`when:`
			`- new_version_downloaded.changed or not path_to_workdir.stat.exists`
			`notify:`
			`- restart keycloak`

			`- name: Inform decompression was not executed`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.debug:`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"`
			`when:`
			`- not new_version_downloaded.changed and path_to_workdir.stat.exists`

			`- name: "Reown installation directory to {{ keycloak_service_user }}"`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.file:`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`path: "{{ keycloak.home }}"`
			`owner: "{{ keycloak_service_user }}"`
			`group: "{{ keycloak_service_group }}"`
			`recurse: true`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`changed_when: false`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`# driver and configuration`
Add mariadb default, add config validation 2021-12-17 14:56:28 +01:00			`- name: "Install {{ keycloak_jdbc_engine }} driver"`
Break dependency on wildfly/eap 2022-09-19 22:07:23 +02:00			`ansible.builtin.include_tasks: jdbc_driver.yml`
Add mariadb default, add config validation 2021-12-17 14:56:28 +01:00			`when: keycloak_jdbc[keycloak_jdbc_engine].enabled`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00
Add custom xml parameter and test scenario 2022-04-12 12:07:06 +02:00			`- name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak.config_template_source }}"`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.template:`
Add custom xml parameter and test scenario 2022-04-12 12:07:06 +02:00			`src: "templates/{{ keycloak.config_template_source }}"`
Allow to change default standalone.xml path and name 2021-12-30 16:22:41 +01:00			`dest: "{{ keycloak_config_path_to_standalone_xml }}"`
Fix linter warnings 2021-12-14 11:34:41 +01:00			`owner: "{{ keycloak_service_user }}"`
			`group: "{{ keycloak_service_group }}"`
			`mode: 0640`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`notify:`
			`- restart keycloak`
Add custom xml parameter and test scenario 2022-04-12 12:07:06 +02:00			`when: not keycloak_remotecache.enabled or keycloak_config_override_template\|length > 0`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00
simplify download logic, merge remaining install tasks 2022-01-27 14:24:10 +01:00			`- name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`become: yes`
fix: use FQCN 2022-02-24 15:00:10 +01:00			`ansible.builtin.template:`
Rename/merge templates and update install task 2022-01-14 10:09:10 +01:00			`src: templates/standalone-infinispan.xml.j2`
Allow to change default standalone.xml path and name 2021-12-30 16:22:41 +01:00			`dest: "{{ keycloak_config_path_to_standalone_xml }}"`
Fix linter warnings 2021-12-14 11:34:41 +01:00			`owner: "{{ keycloak_service_user }}"`
			`group: "{{ keycloak_service_group }}"`
			`mode: 0640`
Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00			`notify:`
			`- restart keycloak`
			`when: keycloak_remotecache.enabled`