From 4cb021fe2c4340e8d2ab29a8afd1043e6c543e73 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 6 Jan 2022 19:58:27 -0600 Subject: [PATCH 1/3] Separate playbooks for installation and configuration --- ansible_hosts | 2 ++ playbooks/keycloak-realm.yml | 27 +++++++++++++++++++++++++++ playbooks/keycloak.yml | 25 +------------------------ 3 files changed, 30 insertions(+), 24 deletions(-) create mode 100644 ansible_hosts create mode 100644 playbooks/keycloak-realm.yml diff --git a/ansible_hosts b/ansible_hosts new file mode 100644 index 0000000..fcd3222 --- /dev/null +++ b/ansible_hosts @@ -0,0 +1,2 @@ +[keycloak] +localhost ansible_connection=local diff --git a/playbooks/keycloak-realm.yml b/playbooks/keycloak-realm.yml new file mode 100644 index 0000000..ec8de4a --- /dev/null +++ b/playbooks/keycloak-realm.yml @@ -0,0 +1,27 @@ +--- +- name: Playbook for Keycloak Hosts + hosts: keycloak + tasks: + - name: Keycloak Realm Role + include_role: + name: keycloak_realm + vars: + keycloak_admin_password: "changeme" + keycloak_realm: TestRealm + keycloak_clients: + - name: TestClient1 + roles: + - TestClient1Admin + - TestClient1User + realm: "{{ keycloak_realm }}" + public_client: True + web_origins: + - http://testclient1origin/application + - http://testclient1origin/other + users: + - username: TestUser + password: password + client_roles: + - client: TestClient1 + role: TestClient1User + realm: "{{ keycloak_realm }}" diff --git a/playbooks/keycloak.yml b/playbooks/keycloak.yml index e0c8ac4..c40d219 100644 --- a/playbooks/keycloak.yml +++ b/playbooks/keycloak.yml @@ -10,27 +10,4 @@ include_role: name: keycloak vars: - keycloak_admin_password: "changeme" - - name: Keycloak Realm Role - include_role: - name: keycloak_realm - vars: - keycloak_admin_password: "changeme" - keycloak_realm: TestRealm - keycloak_clients: - - name: TestClient1 - roles: - - TestClient1Admin - - TestClient1User - realm: "{{ keycloak_realm }}" - public_client: True - web_origins: - - http://testclient1origin/application - - http://testclient1origin/other - users: - - username: TestUser - password: password - client_roles: - - client: TestClient1 - role: TestClient1User - realm: "{{ keycloak_realm }}" + keycloak_admin_password: "changeme" \ No newline at end of file From 00e6b3601b4ef232f19ce3a52d30e076943e3437 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 6 Jan 2022 20:24:04 -0600 Subject: [PATCH 2/3] Updated README.md --- README.md | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6013ae2..194e2ec 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ This collection has been tested against following Ansible versions: **>=2.9.10** Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. -## Installation and Usage +## Installation ### Installing the Collection from Ansible Galaxy @@ -29,6 +29,10 @@ collections: - name: middleware_automation.keycloak ``` +### Install Playbook + +`playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On based on the defined variables. + ### Choosing between Red Hat products and upstream project The roles supports installing Red Hat Single Sign-On from the Customer Portal, when the following variables are defined: @@ -41,12 +45,35 @@ rhsso_rhn_id: '' where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_) - -## Included roles +### Install role * [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service. _Requires: python3-netaddr_ + +### Example installation command + +Execute the following command from the source root directory + +``` +ansible-playbook -i ansible_hosts -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=` +``` + +## Configuration + +### Config Playbook + +`playbooks/keycloak-realm.yml` creates the realm, provided client(s), client role(s) and client user(s) if they don't exist. + +### Config role + * [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, with clients and users, in an installed service. +### Example configuration command + +Execute the following command from the source root directory + +``` +ansible-playbook -i ansible_hosts -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password= -e keycloak_realm=test` +``` ## License From c78aaece81365f0dff91ed64735e6c5ab677858d Mon Sep 17 00:00:00 2001 From: root Date: Fri, 7 Jan 2022 10:09:25 -0600 Subject: [PATCH 3/3] Removed anisble_hosts file & Updated README.md --- README.md | 23 ++++++++++++++++++++--- ansible_hosts | 2 -- 2 files changed, 20 insertions(+), 5 deletions(-) delete mode 100644 ansible_hosts diff --git a/README.md b/README.md index 194e2ec..a25bead 100644 --- a/README.md +++ b/README.md @@ -54,14 +54,22 @@ where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version Execute the following command from the source root directory ``` -ansible-playbook -i ansible_hosts -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=` +ansible-playbook -i -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password= ``` +- `keycloak_admin_password` Password for the administration console user account. +- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost + + ``` + [keycloak] + localhost ansible_connection=local + ``` + ## Configuration ### Config Playbook -`playbooks/keycloak-realm.yml` creates the realm, provided client(s), client role(s) and client user(s) if they don't exist. +`playbooks/keycloak-realm.yml` creates provided realm, client(s), client role(s) and client user(s) if they don't exist. ### Config role @@ -72,9 +80,18 @@ ansible-playbook -i ansible_hosts -e @rhn-creds.yml playbooks/keycloak.yml -e ke Execute the following command from the source root directory ``` -ansible-playbook -i ansible_hosts -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password= -e keycloak_realm=test` +ansible-playbook -i -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password= -e keycloak_realm=test ``` +- `keycloak_admin_password` password for the administration console user account. +- `keycloak_realm` name of the realm to be created/used. +- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost + + ``` + [keycloak] + localhost ansible_connection=local + ``` + ## License Apache License v2.0 or later diff --git a/ansible_hosts b/ansible_hosts deleted file mode 100644 index fcd3222..0000000 --- a/ansible_hosts +++ /dev/null @@ -1,2 +0,0 @@ -[keycloak] -localhost ansible_connection=local