From 419c862341b35c621e5d55c154c9f7145a2b0c2c Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Thu, 7 Apr 2022 14:07:08 +0200 Subject: [PATCH] add role keycloak_quarkus --- roles/keycloak_quarkus/defaults/main.yml | 70 ++++++ roles/keycloak_quarkus/handlers/main.yml | 4 + .../keycloak_quarkus/meta/argument_specs.yml | 203 ++++++++++++++++++ roles/keycloak_quarkus/meta/main.yml | 28 +++ roles/keycloak_quarkus/tasks/fastpackages.yml | 21 ++ roles/keycloak_quarkus/tasks/firewalld.yml | 25 +++ roles/keycloak_quarkus/tasks/install.yml | 110 ++++++++++ roles/keycloak_quarkus/tasks/main.yml | 41 ++++ roles/keycloak_quarkus/tasks/prereqs.yml | 34 +++ roles/keycloak_quarkus/tasks/restart.yml | 7 + roles/keycloak_quarkus/tasks/start.yml | 15 ++ roles/keycloak_quarkus/tasks/systemd.yml | 29 +++ .../templates/keycloak-sysconfig.j2 | 3 + .../templates/keycloak.conf.j2 | 51 +++++ .../templates/keycloak.service.j2 | 14 ++ roles/keycloak_quarkus/vars/main.yml | 11 + 16 files changed, 666 insertions(+) create mode 100644 roles/keycloak_quarkus/defaults/main.yml create mode 100644 roles/keycloak_quarkus/handlers/main.yml create mode 100644 roles/keycloak_quarkus/meta/argument_specs.yml create mode 100644 roles/keycloak_quarkus/meta/main.yml create mode 100644 roles/keycloak_quarkus/tasks/fastpackages.yml create mode 100644 roles/keycloak_quarkus/tasks/firewalld.yml create mode 100644 roles/keycloak_quarkus/tasks/install.yml create mode 100644 roles/keycloak_quarkus/tasks/main.yml create mode 100644 roles/keycloak_quarkus/tasks/prereqs.yml create mode 100644 roles/keycloak_quarkus/tasks/restart.yml create mode 100644 roles/keycloak_quarkus/tasks/start.yml create mode 100644 roles/keycloak_quarkus/tasks/systemd.yml create mode 100644 roles/keycloak_quarkus/templates/keycloak-sysconfig.j2 create mode 100644 roles/keycloak_quarkus/templates/keycloak.conf.j2 create mode 100644 roles/keycloak_quarkus/templates/keycloak.service.j2 create mode 100644 roles/keycloak_quarkus/vars/main.yml diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml new file mode 100644 index 0000000..6778308 --- /dev/null +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -0,0 +1,70 @@ +--- +### Configuration specific to keycloak +keycloak_quarkus_version: 17.0.1 +keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip" +keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}" +keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}" + +# whether to install from local archive +keycloak_quarkus_offline_install: False + +### Install location and service settings +keycloak_quarkus_jvm_package: java-11-openjdk-headless +keycloak_quarkus_dest: /opt/keycloak +keycloak_quarkus_home: "{{ keycloak_quarkus_installdir }}" +keycloak_quarkus_config_dir: "{{ keycloak_quarkus_home }}/conf" +keycloak_quarkus_service_user: keycloak +keycloak_quarkus_service_group: keycloak +keycloak_quarkus_service_pidfile: "/run/keycloak.pid" +keycloak_quarkus_configure_firewalld: False + +### administrator console password +keycloak_quarkus_admin_user: admin +keycloak_quarkus_admin_pass: '' +keycloak_quarkus_master_realm: master + +### Configuration settings +keycloak_quarkus_bind_address: 0.0.0.0 +keycloak_quarkus_host: localhost +keycloak_quarkus_http_port: 8080 +keycloak_quarkus_https_port: 8443 +keycloak_quarkus_ajp_port: 8009 +keycloak_quarkus_jgroups_port: 7600 +keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m" + +### Enable configuration for database backend, clustering and remote caches on infinispan +keycloak_quarkus_ha_enabled: False +### Enable database configuration, must be enabled when HA is configured +keycloak_quarkus_db_enabled: "{{ True if keycloak_quarkus_ha_enabled else False }}" + +### keycloak frontend url +keycloak_quarkus_http_relative_path: auth +keycloak_quarkus_frontend_url: http://localhost:8080/auth + +keycloak_quarkus_metrics_enabled: False + +### infinispan remote caches access (hotrod) +keycloak_quarkus_ispn_user: supervisor +keycloak_quarkus_ispn_pass: supervisor +keycloak_quarkus_ispn_url: localhost +keycloak_quarkus_ispn_sasl_mechanism: SCRAM-SHA-512 +keycloak_quarkus_ispn_use_ssl: False +# if ssl is enabled, import ispn server certificate here +keycloak_quarkus_ispn_trust_store_path: /etc/pki/java/cacerts +keycloak_quarkus_ispn_trust_store_password: changeit + +### database backend engine: values [ 'postgres', 'mariadb' ] +keycloak_quarkus_jdbc_engine: postgres +### database backend credentials +keycloak_quarkus_db_user: keycloak-user +keycloak_quarkus_db_pass: keycloak-pass +keycloak_quarkus_jdbc_url: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].url }}" +keycloak_quarkus_jdbc_driver_version: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].version }}" +# override the variables above, following defaults show minimum supported versions +keycloak_quarkus_default_jdbc: + postgres: + url: 'jdbc:postgresql://localhost:5432/keycloak' + version: 9.4.1212 + mariadb: + url: 'jdbc:mariadb://localhost:3306/keycloak' + version: 2.7.4 \ No newline at end of file diff --git a/roles/keycloak_quarkus/handlers/main.yml b/roles/keycloak_quarkus/handlers/main.yml new file mode 100644 index 0000000..00cab00 --- /dev/null +++ b/roles/keycloak_quarkus/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: "Restart {{ keycloak.service_name }}" + ansible.builtin.include_tasks: restart.yml + listen: "restart keycloak" \ No newline at end of file diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml new file mode 100644 index 0000000..cc94017 --- /dev/null +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -0,0 +1,203 @@ +argument_specs: + main: + options: + keycloak_quarkus_version: + # line 3 of defaults/main.yml + default: "17.0.1" + description: "TODO document argument" + type: "str" + keycloak_quarkus_archive: + # line 4 of defaults/main.yml + default: "keycloak-{{ keycloak_quarkus_version }}.zip" + description: "TODO document argument" + type: "str" + keycloak_quarkus_download_url: + # line 5 of defaults/main.yml + default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}" + description: "TODO document argument" + type: "str" + keycloak_quarkus_installdir: + # line 6 of defaults/main.yml + default: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}" + description: "TODO document argument" + type: "str" + keycloak_quarkus_offline_install: + # line 9 of defaults/main.yml + default: false + description: "TODO document argument" + type: "bool" + keycloak_quarkus_jvm_package: + # line 12 of defaults/main.yml + default: "java-11-openjdk-headless" + description: "TODO document argument" + type: "str" + keycloak_quarkus_dest: + # line 13 of defaults/main.yml + default: "/opt/keycloak" + description: "TODO document argument" + type: "str" + keycloak_quarkus_home: + # line 14 of defaults/main.yml + default: "{{ keycloak_quarkus_installdir }}" + description: "TODO document argument" + type: "str" + keycloak_quarkus_config_dir: + # line 15 of defaults/main.yml + default: "{{ keycloak_quarkus_home }}/conf" + description: "TODO document argument" + type: "str" + keycloak_quarkus_service_user: + # line 16 of defaults/main.yml + default: "keycloak" + description: "TODO document argument" + type: "str" + keycloak_quarkus_service_group: + # line 17 of defaults/main.yml + default: "keycloak" + description: "TODO document argument" + type: "str" + keycloak_quarkus_service_pidfile: + # line 18 of defaults/main.yml + default: "/run/keycloak.pid" + description: "TODO document argument" + type: "str" + keycloak_quarkus_configure_firewalld: + # line 19 of defaults/main.yml + default: false + description: "TODO document argument" + type: "bool" + keycloak_quarkus_admin_user: + # line 22 of defaults/main.yml + default: "admin" + description: "TODO document argument" + type: "str" + keycloak_quarkus_admin_pass: + # line 23 of defaults/main.yml + default: "" + description: "TODO document argument" + type: "str" + keycloak_quarkus_master_realm: + # line 24 of defaults/main.yml + default: "master" + description: "TODO document argument" + type: "str" + keycloak_quarkus_bind_address: + # line 27 of defaults/main.yml + default: "0.0.0.0" + description: "TODO document argument" + type: "str" + keycloak_quarkus_host: + # line 28 of defaults/main.yml + default: "localhost" + description: "TODO document argument" + type: "str" + keycloak_quarkus_http_port: + # line 29 of defaults/main.yml + default: 8080 + description: "TODO document argument" + type: "int" + keycloak_quarkus_https_port: + # line 30 of defaults/main.yml + default: 8443 + description: "TODO document argument" + type: "int" + keycloak_quarkus_ajp_port: + # line 31 of defaults/main.yml + default: 8009 + description: "TODO document argument" + type: "int" + keycloak_quarkus_jgroups_port: + # line 32 of defaults/main.yml + default: 7600 + description: "TODO document argument" + type: "int" + keycloak_quarkus_java_opts: + # line 33 of defaults/main.yml + default: "-Xms1024m -Xmx2048m" + description: "TODO document argument" + type: "str" + keycloak_quarkus_ha_enabled: + # line 36 of defaults/main.yml + default: false + description: "TODO document argument" + type: "bool" + keycloak_quarkus_db_enabled: + # line 38 of defaults/main.yml + default: "{{ True if keycloak_quarkus_ha_enabled else False }}" + description: "TODO document argument" + type: "str" + keycloak_quarkus_http_relative_path: + # line 41 of defaults/main.yml + default: "auth" + description: "TODO document argument" + type: "str" + keycloak_quarkus_frontend_url: + # line 41 of defaults/main.yml + default: "http://localhost:8080/auth" + description: "TODO document argument" + type: "str" + keycloak_quarkus_metrics_enabled: + # line 43 of defaults/main.yml + default: false + description: "TODO document argument" + type: "bool" + keycloak_quarkus_ispn_user: + # line 46 of defaults/main.yml + default: "supervisor" + description: "TODO document argument" + type: "str" + keycloak_quarkus_ispn_pass: + # line 47 of defaults/main.yml + default: "supervisor" + description: "TODO document argument" + type: "str" + keycloak_quarkus_ispn_url: + # line 48 of defaults/main.yml + default: "localhost" + description: "TODO document argument" + type: "str" + keycloak_quarkus_ispn_sasl_mechanism: + # line 49 of defaults/main.yml + default: "SCRAM-SHA-512" + description: "TODO document argument" + type: "str" + keycloak_quarkus_ispn_use_ssl: + # line 50 of defaults/main.yml + default: false + description: "TODO document argument" + type: "bool" + keycloak_quarkus_ispn_trust_store_path: + # line 52 of defaults/main.yml + default: "/etc/pki/java/cacerts" + description: "TODO document argument" + type: "str" + keycloak_quarkus_ispn_trust_store_password: + # line 53 of defaults/main.yml + default: "changeit" + description: "TODO document argument" + type: "str" + keycloak_quarkus_jdbc_engine: + # line 56 of defaults/main.yml + default: "postgres" + description: "TODO document argument" + type: "str" + keycloak_quarkus_db_user: + # line 58 of defaults/main.yml + default: "keycloak-user" + description: "TODO document argument" + type: "str" + keycloak_quarkus_db_pass: + # line 59 of defaults/main.yml + default: "keycloak-pass" + description: "TODO document argument" + type: "str" + keycloak_quarkus_jdbc_url: + # line 60 of defaults/main.yml + default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].url }}" + description: "TODO document argument" + type: "str" + keycloak_quarkus_jdbc_driver_version: + # line 61 of defaults/main.yml + default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].version }}" + description: "TODO document argument" + type: "str" diff --git a/roles/keycloak_quarkus/meta/main.yml b/roles/keycloak_quarkus/meta/main.yml new file mode 100644 index 0000000..fd6a110 --- /dev/null +++ b/roles/keycloak_quarkus/meta/main.yml @@ -0,0 +1,28 @@ +--- +collections: + +galaxy_info: + role_name: keycloak_quarkus + namespace: middleware_automation + author: Guido Grazioli + description: Install keycloak on quarkus server configurations + company: Red Hat, Inc. + + license: Apache License 2.0 + + min_ansible_version: "2.9" + + platforms: + - name: EL + versions: + - 8 + + galaxy_tags: + - keycloak + - quarkus + - redhat + - rhel + - sso + - authentication + - identity + - security diff --git a/roles/keycloak_quarkus/tasks/fastpackages.yml b/roles/keycloak_quarkus/tasks/fastpackages.yml new file mode 100644 index 0000000..29155f9 --- /dev/null +++ b/roles/keycloak_quarkus/tasks/fastpackages.yml @@ -0,0 +1,21 @@ +--- +- block: + - name: "Check if packages are already installed" + ansible.builtin.command: "rpm -q {{ packages_list | join(' ') }}" + args: + warn: no + register: rpm_info + changed_when: rpm_info.failed + + rescue: + - name: "Add missing packages to the yum install list" + ansible.builtin.set_fact: + packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | flatten }}" + when: rpm_info.failed + +- name: "Install packages: {{ packages_to_install }}" + become: yes + ansible.builtin.yum: + name: "{{ packages_to_install }}" + state: present + when: packages_to_install | default([]) | length > 0 \ No newline at end of file diff --git a/roles/keycloak_quarkus/tasks/firewalld.yml b/roles/keycloak_quarkus/tasks/firewalld.yml new file mode 100644 index 0000000..772ba3c --- /dev/null +++ b/roles/keycloak_quarkus/tasks/firewalld.yml @@ -0,0 +1,25 @@ +--- +- name: Ensure required package firewalld are installed + ansible.builtin.include_tasks: fastpackages.yml + vars: + packages_list: + - firewalld + +- name: Enable and start the firewalld service + become: yes + ansible.builtin.systemd: + name: firewalld + enabled: yes + state: started + +- name: "Configure firewall for {{ keycloak.service_name }} ports" + become: yes + firewalld: + port: "{{ item }}" + permanent: true + state: enabled + immediate: yes + loop: + - "{{ keycloak_quarkus_http_port }}/tcp" + - "{{ keycloak_quarkus_https_port }}/tcp" + - "{{ keycloak_quarkus_jgroups_port }}/tcp" diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml new file mode 100644 index 0000000..c8e5b73 --- /dev/null +++ b/roles/keycloak_quarkus/tasks/install.yml @@ -0,0 +1,110 @@ +--- +- name: Validate parameters + ansible.builtin.assert: + that: + - keycloak.home is defined + - keycloak_quarkus_service_user is defined + - keycloak_quarkus_dest is defined + - keycloak_quarkus_archive is defined + - keycloak_quarkus_download_url is defined + - keycloak_quarkus_version is defined + quiet: true + +- name: Check for an existing deployment + become: yes + ansible.builtin.stat: + path: "{{ keycloak.home }}" + register: existing_deploy + +- name: "Create {{ keycloak.service_name }} service user/group" + become: yes + ansible.builtin.user: + name: "{{ keycloak.service_user }}" + home: /opt/keycloak + system: yes + create_home: no + +- name: "Create {{ keycloak.service_name }} install location" + become: yes + ansible.builtin.file: + dest: "{{ keycloak_quarkus_dest }}" + state: directory + owner: "{{ keycloak.service_user }}" + group: "{{ keycloak.service_group }}" + mode: 0750 + +## check remote archive +- name: Set download archive path + ansible.builtin.set_fact: + archive: "{{ keycloak_quarkus_dest }}/{{ keycloak.bundle }}" + +- name: Check download archive path + become: yes + ansible.builtin.stat: + path: "{{ archive }}" + register: archive_path + +## download to controller +- name: Check local download archive path + ansible.builtin.stat: + path: "{{ lookup('env', 'PWD') }}" + register: local_path + delegate_to: localhost + +- name: Download keycloak archive + ansible.builtin.get_url: + url: "{{ keycloak_quarkus_download_url }}" + dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + delegate_to: localhost + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - not keycloak.offline_install + +- name: Check downloaded archive + ansible.builtin.stat: + path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + register: local_archive_path + delegate_to: localhost + +## copy and unpack +- name: Copy archive to target nodes + ansible.builtin.copy: + src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + dest: "{{ archive }}" + owner: "{{ keycloak.service_user }}" + group: "{{ keycloak.service_group }}" + mode: 0750 + register: new_version_downloaded + when: + - not archive_path.stat.exists + - local_archive_path.stat is defined + - local_archive_path.stat.exists + become: yes + +- name: "Check target directory: {{ keycloak.home }}" + ansible.builtin.stat: + path: "{{ keycloak.home }}" + register: path_to_workdir + become: yes + +- name: "Extract Keycloak archive on target" + ansible.builtin.unarchive: + remote_src: yes + src: "{{ archive }}" + dest: "{{ keycloak_quarkus_dest }}" + creates: "{{ keycloak.home }}" + owner: "{{ keycloak.service_user }}" + group: "{{ keycloak.service_group }}" + become: yes + when: + - new_version_downloaded.changed or not path_to_workdir.stat.exists + notify: + - restart keycloak + +- name: Inform decompression was not executed + ansible.builtin.debug: + msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression" + when: + - not new_version_downloaded.changed and path_to_workdir.stat.exists diff --git a/roles/keycloak_quarkus/tasks/main.yml b/roles/keycloak_quarkus/tasks/main.yml new file mode 100644 index 0000000..d350f6f --- /dev/null +++ b/roles/keycloak_quarkus/tasks/main.yml @@ -0,0 +1,41 @@ +--- +# tasks file for keycloak + +- name: Check prerequisites + ansible.builtin.include_tasks: prereqs.yml + tags: + - prereqs + +- name: Include firewall config tasks + ansible.builtin.include_tasks: firewalld.yml + when: keycloak_quarkus_configure_firewalld + tags: + - firewall + +- name: Include install tasks + ansible.builtin.include_tasks: install.yml + tags: + - install + +- name: Include systemd tasks + ansible.builtin.include_tasks: systemd.yml + tags: + - systemd + +- name: "Configure config for keycloak service" + ansible.builtin.template: + src: keycloak.conf.j2 + dest: "{{ keycloak.home }}/conf/keycloak.conf" + owner: "{{ keycloak.service_user }}" + group: "{{ keycloak.service_group }}" + mode: 0644 + notify: + - restart keycloak + +- name: "Start and wait for keycloak service" + ansible.builtin.include_tasks: start.yml + +- name: Check service status + ansible.builtin.command: "systemctl status keycloak" + register: keycloak_service_status + changed_when: False \ No newline at end of file diff --git a/roles/keycloak_quarkus/tasks/prereqs.yml b/roles/keycloak_quarkus/tasks/prereqs.yml new file mode 100644 index 0000000..ea2b8f4 --- /dev/null +++ b/roles/keycloak_quarkus/tasks/prereqs.yml @@ -0,0 +1,34 @@ +--- +- name: Validate admin console password + ansible.builtin.assert: + that: + - keycloak_quarkus_admin_pass | length > 12 + quiet: True + fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass variable to a 12+ char long string" + success_msg: "{{ 'Console administrator password OK' }}" + +- name: Validate configuration + ansible.builtin.assert: + that: + - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled) + quiet: True + fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled" + success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}" + +# - name: Validate credentials +# ansible.builtin.assert: +# that: +# - (rhn_username is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install +# - (rhn_password is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install +# quiet: True +# fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined" +# success_msg: "{{ 'Installing Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Installing keycloak.org' }}" + +- name: Ensure required packages are installed + ansible.builtin.include_tasks: fastpackages.yml + vars: + packages_list: + - "{{ keycloak_quarkus_jvm_package }}" + - unzip + - procps-ng + - initscripts \ No newline at end of file diff --git a/roles/keycloak_quarkus/tasks/restart.yml b/roles/keycloak_quarkus/tasks/restart.yml new file mode 100644 index 0000000..eff9ddf --- /dev/null +++ b/roles/keycloak_quarkus/tasks/restart.yml @@ -0,0 +1,7 @@ +--- +- name: "Restart and enable {{ keycloak.service_name }} service" + ansible.builtin.systemd: + name: keycloak + enabled: yes + state: restarted + become: yes diff --git a/roles/keycloak_quarkus/tasks/start.yml b/roles/keycloak_quarkus/tasks/start.yml new file mode 100644 index 0000000..bdf42f9 --- /dev/null +++ b/roles/keycloak_quarkus/tasks/start.yml @@ -0,0 +1,15 @@ +--- +- name: "Start {{ keycloak.service_name }} service" + ansible.builtin.systemd: + name: keycloak + enabled: yes + state: started + become: yes + +- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" + ansible.builtin.uri: + url: "{{ keycloak.health_url }}" + register: keycloak_status + until: keycloak_status.status == 200 + retries: 25 + delay: 10 \ No newline at end of file diff --git a/roles/keycloak_quarkus/tasks/systemd.yml b/roles/keycloak_quarkus/tasks/systemd.yml new file mode 100644 index 0000000..578802c --- /dev/null +++ b/roles/keycloak_quarkus/tasks/systemd.yml @@ -0,0 +1,29 @@ +--- +- name: "Configure sysconfig file for keycloak service" + become: yes + ansible.builtin.template: + src: keycloak-sysconfig.j2 + dest: /etc/sysconfig/keycloak + owner: root + group: root + mode: 0644 + notify: + - restart keycloak + +- name: "Configure systemd unit file for keycloak service" + ansible.builtin.template: + src: keycloak.service.j2 + dest: /etc/systemd/system/keycloak.service + owner: root + group: root + mode: 0644 + become: yes + register: systemdunit + notify: + - restart keycloak + +- name: Reload systemd + become: yes + ansible.builtin.systemd: + daemon_reload: yes + when: systemdunit.changed diff --git a/roles/keycloak_quarkus/templates/keycloak-sysconfig.j2 b/roles/keycloak_quarkus/templates/keycloak-sysconfig.j2 new file mode 100644 index 0000000..13a589e --- /dev/null +++ b/roles/keycloak_quarkus/templates/keycloak-sysconfig.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} +KEYCLOAK_ADMIN={{ keycloak_quarkus_admin_user }} +KEYCLOAK_ADMIN_PASSWORD='{{ keycloak_quarkus_admin_pass }}' \ No newline at end of file diff --git a/roles/keycloak_quarkus/templates/keycloak.conf.j2 b/roles/keycloak_quarkus/templates/keycloak.conf.j2 new file mode 100644 index 0000000..59d82a2 --- /dev/null +++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2 @@ -0,0 +1,51 @@ +# {{ ansible_managed }} + +# Database +# Database vendor [dev-file, dev-mem, mariadb, mssql, mysql, oracle, postgres] +#db=postgres +# The username of the database user. +#db-username=keycloak +# The password of the database user. +#db-password=password +# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor. +#db-url=jdbc:postgresql://localhost/keycloak + +# Observability +# If the server should expose metrics and healthcheck endpoints. +#metrics-enabled=true + +# HTTP +http-enabled=true +http-port=8080 +https-port=8443 +# The file path to a server certificate or certificate chain in PEM format. +#https-certificate-file=${kc.home.dir}conf/server.crt.pem +# The file path to a private key in PEM format. +#https-certificate-key-file=${kc.home.dir}conf/server.key.pem +# The proxy address forwarding mode if the server is behind a reverse proxy. +#proxy=reencrypt +# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy +#spi-sticky-session-encoder-infinispan-should-attach-route=false + +# Hostname for the Keycloak server. +hostname={{ keycloak_quarkus_host }} +hostname-path={{ keycloak_quarkus_http_relative_path }} + +# Cluster +#cache=ispn +#Defines the cache mechanism for high-availability. [local, ispn] +#cache-config-file=conf/cache-ispn.xml +#Defines the file from which cache configuration should be loaded from. +#cache-stack=tcp +#Define the default stack to use for cluster communication and node discovery. [tcp, udp, kubernetes, ec2, azure, google] + +# Proxy +# The proxy address forwarding mode if the server is behind a reverse proxy. [edge, reencrypt, passthrough] +#proxy= + +# Logging +# The format of log entries. +#log-format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n +# The log level of the root category or a comma-separated list of individual categories and their levels. +#log-level=info + diff --git a/roles/keycloak_quarkus/templates/keycloak.service.j2 b/roles/keycloak_quarkus/templates/keycloak.service.j2 new file mode 100644 index 0000000..a710ee2 --- /dev/null +++ b/roles/keycloak_quarkus/templates/keycloak.service.j2 @@ -0,0 +1,14 @@ +# {{ ansible_managed }} +[Unit] +Description=Keycloak Server +After=network.target + +[Service] +Type=simple +EnvironmentFile=-/etc/sysconfig/keycloak +PIDFile={{ keycloak_quarkus_service_pidfile }} +ExecStart={{ keycloak.home }}/bin/kc.sh start +#--http-relative-path={{ keycloak_quarkus_http_relative_path }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/keycloak_quarkus/vars/main.yml b/roles/keycloak_quarkus/vars/main.yml new file mode 100644 index 0000000..bca7d88 --- /dev/null +++ b/roles/keycloak_quarkus/vars/main.yml @@ -0,0 +1,11 @@ +--- +keycloak: + home: "{{ keycloak_quarkus_home }}" + config_dir: "{{ keycloak_quarkus_config_dir }}" + bundle: "{{ keycloak_quarkus_archive }}" + service_name: "keycloak" + health_url: "http://localhost:8080/realms/master/.well-known/openid-configuration" + cli_path: "{{ keycloak_quarkus_home }}/bin/kcadm.sh" + service_user: "{{ keycloak_quarkus_service_user }}" + service_group: "{{ keycloak_quarkus_service_group }}" + offline_install: "{{ keycloak_quarkus_offline_install }}" \ No newline at end of file