ansible-keycloak/roles/keycloak/tasks/install.yml

210 lines
7.0 KiB
YAML
Raw Normal View History

---
- name: Validate parameters
2022-02-24 14:00:10 +00:00
ansible.builtin.assert:
that:
- keycloak_jboss_home is defined
- keycloak_service_user is defined
- keycloak_dest is defined
- keycloak_archive is defined
- keycloak_download_url is defined
- keycloak_version is defined
quiet: true
- name: Check for an existing deployment
become: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.stat:
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
2022-05-11 09:33:52 +00:00
- name: Stop and restart if existing deployment exists and install forced
block:
2022-03-17 09:45:55 +00:00
- name: "Stop the old {{ keycloak.service_name }} service"
become: yes
ignore_errors: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.systemd:
name: keycloak
state: stopped
2022-03-17 09:45:55 +00:00
- name: "Remove the old {{ keycloak.service_name }} deployment"
become: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.file:
path: "{{ keycloak_jboss_home }}"
state: absent
when: existing_deploy.stat.exists and keycloak_force_install|bool
- name: Check for an existing deployment after possible forced removal
become: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.stat:
path: "{{ keycloak_jboss_home }}"
2022-03-17 09:45:55 +00:00
- name: "Create {{ keycloak.service_name }} service user/group"
become: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.user:
name: "{{ keycloak_service_user }}"
home: /opt/keycloak
system: yes
create_home: no
2022-03-17 09:45:55 +00:00
- name: "Create {{ keycloak.service_name }} install location"
become: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.file:
dest: "{{ keycloak_dest }}"
state: directory
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
2021-12-14 10:34:41 +00:00
mode: 0750
## check remote archive
- name: Set download archive path
2022-02-24 14:00:10 +00:00
ansible.builtin.set_fact:
archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"
- name: Check download archive path
2022-03-17 09:45:55 +00:00
become: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.stat:
path: "{{ archive }}"
register: archive_path
## download to controller
2022-02-15 09:14:44 +00:00
- name: Check local download archive path
2022-02-24 14:00:10 +00:00
ansible.builtin.stat:
path: "{{ lookup('env', 'PWD') }}"
register: local_path
delegate_to: localhost
- name: Download keycloak archive
2022-04-28 09:58:29 +00:00
ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
url: "{{ keycloak_download_url }}"
dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
mode: 0644
delegate_to: localhost
when:
- archive_path is defined
- archive_path.stat is defined
- not archive_path.stat.exists
2022-09-19 14:02:55 +00:00
- not sso_enable is defined or not sso_enable
- not keycloak_offline_install
2022-02-15 12:14:36 +00:00
- name: Perform download from RHN
2022-02-24 14:00:10 +00:00
middleware_automation.redhat_csp_download.redhat_csp_download:
url: "{{ keycloak_rhsso_download_url }}"
dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
username: "{{ rhn_username }}"
password: "{{ rhn_password }}"
no_log: "{{ omit_rhn_output | default(true) }}"
delegate_to: localhost
when:
- archive_path is defined
- archive_path.stat is defined
- not archive_path.stat.exists
2022-09-19 14:02:55 +00:00
- sso_enable is defined and sso_enable
- not keycloak_offline_install
2022-09-19 14:02:55 +00:00
- keycloak_rhn_url in keycloak_download_url
- name: Download rhsso archive from alternate location
2022-04-28 09:58:29 +00:00
ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
url: "{{ keycloak_rhsso_download_url }}"
dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
mode: 0644
delegate_to: localhost
when:
- archive_path is defined
- archive_path.stat is defined
- not archive_path.stat.exists
2022-09-19 14:02:55 +00:00
- sso_enable is defined and sso_enable
- not keycloak_offline_install
2022-09-19 14:02:55 +00:00
- not keycloak_rhn_url in keycloak_download_url
- name: Check downloaded archive
2022-02-24 14:00:10 +00:00
ansible.builtin.stat:
path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
register: local_archive_path
delegate_to: localhost
## copy and unpack
- name: Copy archive to target nodes
2022-02-24 14:00:10 +00:00
ansible.builtin.copy:
src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
dest: "{{ archive }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
mode: 0640
register: new_version_downloaded
when:
- not archive_path.stat.exists
- local_archive_path.stat is defined
- local_archive_path.stat.exists
become: yes
2022-01-28 14:18:49 +00:00
- name: "Check target directory: {{ keycloak.home }}"
2022-02-24 14:00:10 +00:00
ansible.builtin.stat:
2022-01-28 14:18:49 +00:00
path: "{{ keycloak.home }}"
register: path_to_workdir
become: yes
2022-09-19 14:02:55 +00:00
- name: "Extract {{ keycloak_service_desc }} archive on target"
2022-02-24 14:00:10 +00:00
ansible.builtin.unarchive:
remote_src: yes
src: "{{ archive }}"
dest: "{{ keycloak_dest }}"
creates: "{{ keycloak.home }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
become: yes
when:
- new_version_downloaded.changed or not path_to_workdir.stat.exists
notify:
- restart keycloak
- name: Inform decompression was not executed
2022-02-24 14:00:10 +00:00
ansible.builtin.debug:
msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
when:
- not new_version_downloaded.changed and path_to_workdir.stat.exists
- name: "Reown installation directory to {{ keycloak_service_user }}"
2022-02-24 14:00:10 +00:00
ansible.builtin.file:
path: "{{ keycloak.home }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
recurse: true
become: yes
changed_when: false
# driver and configuration
- name: "Install {{ keycloak_jdbc_engine }} driver"
2022-02-24 14:00:10 +00:00
ansible.builtin.include_role:
name: middleware_automation.wildfly.wildfly_driver
vars:
wildfly_user: "{{ keycloak_service_user }}"
jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
jdbc_driver_version: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_version }}"
jdbc_driver_jar_filename: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
jdbc_driver_jar_url: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
jdbc_driver_jar_installation_path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
jdbc_driver_module_name: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}"
when: keycloak_jdbc[keycloak_jdbc_engine].enabled
- name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak.config_template_source }}"
become: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.template:
src: "templates/{{ keycloak.config_template_source }}"
dest: "{{ keycloak_config_path_to_standalone_xml }}"
2021-12-14 10:34:41 +00:00
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
mode: 0640
notify:
- restart keycloak
when: not keycloak_remotecache.enabled or keycloak_config_override_template|length > 0
- name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
become: yes
2022-02-24 14:00:10 +00:00
ansible.builtin.template:
src: templates/standalone-infinispan.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}"
2021-12-14 10:34:41 +00:00
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
mode: 0640
notify:
- restart keycloak
when: keycloak_remotecache.enabled