ansible-keycloak/roles/keycloak/tasks/main.yml

---
# tasks file for keycloak

- name: Check prerequisites
  ansible.builtin.include_tasks: prereqs.yml
  tags:
    - prereqs

- name: Include firewall config tasks
  ansible.builtin.include_tasks: firewalld.yml
  when: keycloak_configure_firewalld
  tags:
    - firewall

- name: Include install tasks
  ansible.builtin.include_tasks: install.yml
  tags:
    - install

- name: Include systemd tasks
  ansible.builtin.include_tasks: systemd.yml
  tags:
    - systemd

- name: Include patch install tasks
  ansible.builtin.include_tasks: rhsso_patch.yml
  when: keycloak_rhsso_apply_patches and keycloak_rhsso_enable
  tags:
    - install
    - patch

- name: Link default logs directory
  ansible.builtin.file:
    state: link
    src: "{{ keycloak_jboss_home }}/standalone/log"
    dest: /var/log/keycloak

- block:
    - name: Check admin credentials by generating a token (supposed to fail on first installation)
      ansible.builtin.uri:
        url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
        method: POST
        body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
        validate_certs: no
      register: keycloak_auth_response
      until: keycloak_auth_response.status == 200
      retries: 2
      delay: 2
  rescue:
    - name: "Create {{ keycloak.service_name }} admin user"
      ansible.builtin.command:
      args:
        argv:
          - "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
          - "-rmaster"
          - "-u{{ keycloak_admin_user }}"
          - "-p{{ keycloak_admin_password }}"
      changed_when: yes
      become: yes
    - name: "Restart {{ keycloak.service_name }}"
      ansible.builtin.include_tasks: tasks/restart_keycloak.yml
    - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
      ansible.builtin.uri:
        url: "{{ keycloak.health_url }}"
      register: keycloak_status
      until: keycloak_status.status == 200
      retries: 25
      delay: 10
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`---`
			`# tasks file for keycloak`

drop ansible-lint offline option 2022-02-15 13:24:03 +00:00			`- name: Check prerequisites`
fix: use FQCN 2022-02-24 14:00:10 +00:00			`ansible.builtin.include_tasks: prereqs.yml`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`tags:`
			`- prereqs`

Update docs, fix patch apply steps and cli vars 2022-03-11 13:44:19 +00:00			`- name: Include firewall config tasks`
			`ansible.builtin.include_tasks: firewalld.yml`
			`when: keycloak_configure_firewalld`
			`tags:`
			`- firewall`

Drop service logfile, symlink log directory instead 2022-01-14 09:14:24 +00:00			`- name: Include install tasks`
Replace use of serial with run_once run_once on first node when database config enabled (so the first node creates the tables), then wakeup all other nodes 2022-03-08 11:08:40 +00:00			`ansible.builtin.include_tasks: install.yml`
Update docs, fix patch apply steps and cli vars 2022-03-11 13:44:19 +00:00			`tags:`
			`- install`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00
Drop service logfile, symlink log directory instead 2022-01-14 09:14:24 +00:00			`- name: Include systemd tasks`
Replace use of serial with run_once run_once on first node when database config enabled (so the first node creates the tables), then wakeup all other nodes 2022-03-08 11:08:40 +00:00			`ansible.builtin.include_tasks: systemd.yml`
Update docs, fix patch apply steps and cli vars 2022-03-11 13:44:19 +00:00			`tags:`
			`- systemd`

			`- name: Include patch install tasks`
			`ansible.builtin.include_tasks: rhsso_patch.yml`
			`when: keycloak_rhsso_apply_patches and keycloak_rhsso_enable`
			`tags:`
			`- install`
			`- patch`
Drop service logfile, symlink log directory instead 2022-01-14 09:14:24 +00:00
			`- name: Link default logs directory`
fix: use FQCN 2022-02-24 14:00:10 +00:00			`ansible.builtin.file:`
Drop service logfile, symlink log directory instead 2022-01-14 09:14:24 +00:00			`state: link`
move health url fact to variables 2022-01-27 13:23:11 +00:00			`src: "{{ keycloak_jboss_home }}/standalone/log"`
Drop service logfile, symlink log directory instead 2022-01-14 09:14:24 +00:00			`dest: /var/log/keycloak`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00
Make admin account creation idempotent 2021-12-16 13:24:06 +00:00			`- block:`
use proper service name in task names 2022-03-17 09:45:55 +00:00			`- name: Check admin credentials by generating a token (supposed to fail on first installation)`
fix: use FQCN 2022-02-24 14:00:10 +00:00			`ansible.builtin.uri:`
Make admin account creation idempotent 2021-12-16 13:24:06 +00:00			`url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"`
			`method: POST`
			`body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"`
			`validate_certs: no`
			`register: keycloak_auth_response`
			`until: keycloak_auth_response.status == 200`
			`retries: 2`
			`delay: 2`
			`rescue:`
move health url fact to variables 2022-01-27 13:23:11 +00:00			`- name: "Create {{ keycloak.service_name }} admin user"`
fix: use FQCN 2022-02-24 14:00:10 +00:00			`ansible.builtin.command:`
Make admin account creation idempotent 2021-12-16 13:24:06 +00:00			`args:`
			`argv:`
			`- "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"`
Template preferIPv4Stack, add health check after handler 2022-01-10 16:37:14 +00:00			`- "-rmaster"`
			`- "-u{{ keycloak_admin_user }}"`
			`- "-p{{ keycloak_admin_password }}"`
Fix linter errors 2022-02-15 12:14:36 +00:00			`changed_when: yes`
Make admin account creation idempotent 2021-12-16 13:24:06 +00:00			`become: yes`
move health url fact to variables 2022-01-27 13:23:11 +00:00			`- name: "Restart {{ keycloak.service_name }}"`
fix: use FQCN 2022-02-24 14:00:10 +00:00			`ansible.builtin.include_tasks: tasks/restart_keycloak.yml`
move health url fact to variables 2022-01-27 13:23:11 +00:00			`- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"`
fix: use FQCN 2022-02-24 14:00:10 +00:00			`ansible.builtin.uri:`
move health url fact to variables 2022-01-27 13:23:11 +00:00			`url: "{{ keycloak.health_url }}"`
Template preferIPv4Stack, add health check after handler 2022-01-10 16:37:14 +00:00			`register: keycloak_status`
			`until: keycloak_status.status == 200`
			`retries: 25`
			`delay: 10`