guillaume
/
ansible-keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3 from motaparthipavankumar/local-source-support 

Local path & source URL installation support
main
Pavan Kumar Motaparthi 2022-01-18 11:22:44 -06:00 committed by GitHub
parent ead4688ce6 ce26ceeed0
commit 59618c7c0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 193 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -31,13 +31,32 @@ collections:
### Install Playbook
`playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On based on the defined variables.
`playbooks/keycloak.yml` installs the upstream(Keycloak) based on the defined variables.
`playbooks/rhsso.yml` installs Red Hat Single Sign-On(RHSSO) based on defined variables.
### Choosing between Red Hat products and upstream project
### Choosing between upstream(Keycloak) project and Red Hat Single Sign-On(RHSSO)
The roles supports installing Red Hat Single Sign-On from the Customer Portal, when the following variables are defined:
The roles supports installing upstream(Keycloak) or Red Hat Single Sign-On in the following ways
#### Install upstream(Keycloak) from remote source
This is default approach, there is one required variable
```
keycloak_admin_password: "<changeme>"
```
#### Install upstream(Keycloak) from local source when the following variable is defined
```
keycloak_admin_password: "<changeme>"
zip_file_local_path: <keycloak zip file on Ansible control node local path>
```
#### Install RHSSO from the Red Hat Customer Support Portal, when the following variables are defined
```
keycloak_admin_password: "<changeme>"
rhn_username: '<customer_portal_username>'
rhn_password: '<customer_portal_password>'
rhsso_rhn_id: '<sso_product_id>'
@ -45,6 +64,22 @@ rhsso_rhn_id: '<sso_product_id>'
where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)
#### Install RHSSO from remote sources like Nexus etc, when the following variables are defined
```
keycloak_admin_password: "<changeme>"
keycloak_rhsso_enable: True
rhsso_source_download_url: '<url to download RHSSO zip file>'
```
#### Install RHSSO from local source when the following variable is defined
```
keycloak_admin_password: "<changeme>"
keycloak_rhsso_enable: True
zip_file_local_path: <rhsso zip file on Ansible control node local path>
```
### Install role
* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service. _Requires: python3-netaddr_

6
playbooks/keycloak.yml
View File

@ -2,11 +2,9 @@
- name: Playbook for Keycloak Hosts
hosts: keycloak
collections:
- middleware_automation.redhat_csp_download
roles:
- redhat_csp_download
- middleware_automation.keycloak
tasks:
- name: Keycloak Role
- name: Include keycloak role
include_role:
name: keycloak
vars:

14
playbooks/rhsso.yml 100644
View File

@ -0,0 +1,14 @@
---
- name: Playbook for Keycloak Hosts
hosts: keycloak
collections:
- middleware_automation.redhat_csp_download
roles:
- redhat_csp_download
tasks:
- name: Keycloak Role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
keycloak_rhsso_enable: True

85
roles/keycloak/README.md
View File

@ -18,6 +18,7 @@ Role Defaults
| Variable | Description | Default |
|:---------|:------------|:---------|
|`keycloak_rhsso_enable`| Enable Red Hat Single Sign-on installation | `False` |
|`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
|`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` |
|`keycloak_admin_user`| Administration console user account | `admin` |
@ -66,20 +67,29 @@ The following variables are _required_ only when `keycloak_db_enabled` is True:
|`keycloak_db_user` | username for connecting to postgres | `keycloak-user` |
|`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` |
The following variable can be used to install Keycloak or Red Hat Single Sign-On from local path:
| Variable | Description | Example |
|:---------|:------------|:---------|
|`zip_file_local_path` | Full local path of upstream(Keycloak) or Red Hat Single Sign-On zip file on Ansible control plane | `tmp/rhsso/rh-sso-7.5-server-dist.zip` |
The following variable can be used to install Red Hat Single Sign-On from source via url, auth support is not added right now.
| Variable | Description | Example |
|:---------|:------------|:---------|
|`rhsso_source_download_url` | URL to download Red Hat Single Sign-On zip file from source | `http://localhost:8081/nexus/rhsso/rh-sso-7.5-server-dist.zip` |
Dependencies
------------
The roles depends on:
* the `redhat_csp_download` role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection
* the `wildfly_driver` role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection
* the redhat_csp_download role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection if Red Hat Single Sign-on zip have to be downloaded from RHN.
* the wildfly_driver role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection
Example Playbook
----------------
The following is an example playbook that makes use of the role to install keycloak
The following is an example playbook that makes use of the role to install keycloak from remote
```yaml
---
@ -94,6 +104,75 @@ The following is an example playbook that makes use of the role to install keycl
keycloak_admin_password: "changeme"
```
The following is an example playbook that makes use of the role to install keycloak from local path on Ansible node
```yaml
---
- hosts: ...
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip" # This should be local path on Ansible node of upstream(keycloak) zip file
```
The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN
```yaml
---
- name: Playbook for RHSSO
hosts: keycloak
collections:
- middleware_automation.redhat_csp_download
roles:
- redhat_csp_download
tasks:
- name: Keycloak Role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
keycloak_rhsso_enable: True
```
The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from source url
```yaml
---
- hosts: keycloak
collections:
- middleware_automation.keycloak
tasks:
- name: Keycloak Role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
keycloak_rhsso_enable: True
rhsso_source_download_url: "<REPLACE with - Source download url>" # This should be the full of remote source rhsso zip file
```
The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path on Ansible node
```yaml
---
- hosts: keycloak
collections:
- middleware_automation.keycloak
tasks:
- name: Keycloak Role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
keycloak_rhsso_enable: True
zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path on Ansible node of rhsso zip file
```
License
-------

4
roles/keycloak/defaults/main.yml
View File

@ -6,7 +6,7 @@ keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
### Configuration specific to Red Hat Single Sing-On
keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}"
keycloak_rhsso_enable: False
keycloak_rhsso_version: 7.5
keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip
keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}"
@ -15,7 +15,7 @@ keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/soft
### Install location and service settings
jvm_package: java-1.8.0-openjdk-devel
keycloak_dest: /opt/keycloak
keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined else keycloak_installdir }}"
keycloak_jboss_home: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}"
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
keycloak_config_standalone_xml: "keycloak.xml"

47
roles/keycloak/tasks/download_from_rhn.yml → roles/keycloak/tasks/get_rhsso.yml
View File

@ -2,20 +2,20 @@
- assert:
that:
- zipfile_dest is defined
- rhn_id_file is defined
- rhn_username is defined
- rhn_password is defined
- keycloak_rhsso_enable
quiet: true
- set_fact:
rhn_download_url: "{{ keycloak_rhsso_base_url }}{{ rhn_id_file }}"
rhn_download_url: "{{ keycloak_rhsso_base_url }}{{ rhsso_rhn_id }}"
when:
- rhsso_rhn_id is defined
- name: "Check zipfile dest directory {{ zipfile_dest }}"
stat:
path: "{{ zipfile_dest }}"
register: archive_path
- name: "Install zipfile from RHN: {{ rhn_download_url }}"
- name: "Download zipfile from RHN: {{ rhn_download_url }}"
redhat_csp_download:
url: "{{ rhn_download_url }}"
dest: "{{ zipfile_dest }}"
@ -26,11 +26,40 @@
- archive_path is defined
- archive_path.stat is defined
- not archive_path.stat.exists
- rhn_username is defined
- rhn_password is defined
- rhsso_rhn_id is defined
- name: "Copy zipfile from source like Nexus etc : {{ rhsso_source_download_url }}"
get_url:
url: "{{ rhsso_source_download_url }}"
dest: "{{ zipfile_dest }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
mode: 0750
when:
- archive_path is defined
- archive_path.stat is defined
- not archive_path.stat.exists
- rhsso_source_download_url is defined
- name: "Copy zipfile from local source: {{ zip_file_local_path }}"
ansible.builtin.copy:
src: "{{ zip_file_local_path }}"
dest: "{{ zipfile_dest }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
mode: 0750
when:
- archive_path is defined
- archive_path.stat is defined
- not archive_path.stat.exists
- zip_file_local_path is defined
- name: "Check zipfile dest directory {{ zipfile_dest }}"
stat:
path: "{{ zipfile_dest }}"
register: path_to_downloaded_artefact
register: path_to_downloaded_artifact
- block:
- file:
@ -68,8 +97,8 @@
when:
- target_dir_state.stat.exists
when:
- path_to_downloaded_artefact is defined
- path_to_downloaded_artefact.stat is defined
- path_to_downloaded_artefact.stat.exists
- path_to_downloaded_artifact is defined
- path_to_downloaded_artifact.stat is defined
- path_to_downloaded_artifact.stat.exists
- target_dir is defined
- work_dir is defined

21
roles/keycloak/tasks/install.yml
View File

@ -74,6 +74,20 @@
- archive_path is defined
- archive_path.stat is defined
- not archive_path.stat.exists
- not keycloak_rhsso_enable and not zip_file_local_path is defined
- name: "Copy zipfile from local source: {{ zip_file_local_path }}"
ansible.builtin.copy:
src: "{{ zip_file_local_path }}"
dest: "{{ keycloak_dest }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
mode: 0750
when:
- archive_path is defined
- archive_path.stat is defined
- not archive_path.stat.exists
- not keycloak_rhsso_enable and zip_file_local_path is defined
- name: extract Keycloak archive on target
unarchive:
@ -91,9 +105,9 @@
- block:
- assert:
that:
- rhsso_rhn_id is defined
- rhsso_rhn_id is defined or zip_file_local_path is defined
quiet: true
fail_msg: "Can't install RHSSO without RHN ID."
fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file located on Ansible node"
- name: create download directory
file:
@ -103,9 +117,8 @@
group: "{{ keycloak_service_group }}"
mode: 0750
- include_tasks: download_from_rhn.yml
- include_tasks: get_rhsso.yml
vars:
rhn_id_file: "{{ rhsso_rhn_id }}"
zipfile_dest: "{{ keycloak_dest }}/{{ keycloak_rhsso_archive }}"
work_dir: "{{ keycloak_dest }}"
target_dir: "{{ keycloak_jboss_home }}"