diff --git a/README.md b/README.md index a25bead..5a7a810 100644 --- a/README.md +++ b/README.md @@ -31,13 +31,32 @@ collections: ### Install Playbook -`playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On based on the defined variables. +`playbooks/keycloak.yml` installs the upstream(Keycloak) based on the defined variables. +`playbooks/rhsso.yml` installs Red Hat Single Sign-On(RHSSO) based on defined variables. -### Choosing between Red Hat products and upstream project +### Choosing between upstream(Keycloak) project and Red Hat Single Sign-On(RHSSO) -The roles supports installing Red Hat Single Sign-On from the Customer Portal, when the following variables are defined: +The roles supports installing upstream(Keycloak) or Red Hat Single Sign-On in the following ways + +#### Install upstream(Keycloak) from remote source + +This is default approach, there is one required variable ``` +keycloak_admin_password: "" +``` + +#### Install upstream(Keycloak) from local source when the following variable is defined + +``` +keycloak_admin_password: "" +zip_file_local_path: +``` + +#### Install RHSSO from the Red Hat Customer Support Portal, when the following variables are defined + +``` +keycloak_admin_password: "" rhn_username: '' rhn_password: '' rhsso_rhn_id: '' @@ -45,6 +64,22 @@ rhsso_rhn_id: '' where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_) +#### Install RHSSO from remote sources like Nexus etc, when the following variables are defined + +``` +keycloak_admin_password: "" +keycloak_rhsso_enable: True +rhsso_source_download_url: '' +``` + +#### Install RHSSO from local source when the following variable is defined + +``` +keycloak_admin_password: "" +keycloak_rhsso_enable: True +zip_file_local_path: +``` + ### Install role * [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service. _Requires: python3-netaddr_ diff --git a/playbooks/keycloak.yml b/playbooks/keycloak.yml index c40d219..2bfcac0 100644 --- a/playbooks/keycloak.yml +++ b/playbooks/keycloak.yml @@ -2,11 +2,9 @@ - name: Playbook for Keycloak Hosts hosts: keycloak collections: - - middleware_automation.redhat_csp_download - roles: - - redhat_csp_download + - middleware_automation.keycloak tasks: - - name: Keycloak Role + - name: Include keycloak role include_role: name: keycloak vars: diff --git a/playbooks/rhsso.yml b/playbooks/rhsso.yml new file mode 100644 index 0000000..95382e3 --- /dev/null +++ b/playbooks/rhsso.yml @@ -0,0 +1,14 @@ +--- +- name: Playbook for Keycloak Hosts + hosts: keycloak + collections: + - middleware_automation.redhat_csp_download + roles: + - redhat_csp_download + tasks: + - name: Keycloak Role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" + keycloak_rhsso_enable: True \ No newline at end of file diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 3f3c269..392705c 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -18,6 +18,7 @@ Role Defaults | Variable | Description | Default | |:---------|:------------|:---------| +|`keycloak_rhsso_enable`| Enable Red Hat Single Sign-on installation | `False` | |`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` | |`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` | |`keycloak_admin_user`| Administration console user account | `admin` | @@ -66,20 +67,29 @@ The following variables are _required_ only when `keycloak_db_enabled` is True: |`keycloak_db_user` | username for connecting to postgres | `keycloak-user` | |`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` | +The following variable can be used to install Keycloak or Red Hat Single Sign-On from local path: +| Variable | Description | Example | +|:---------|:------------|:---------| +|`zip_file_local_path` | Full local path of upstream(Keycloak) or Red Hat Single Sign-On zip file on Ansible control plane | `tmp/rhsso/rh-sso-7.5-server-dist.zip` | + +The following variable can be used to install Red Hat Single Sign-On from source via url, auth support is not added right now. +| Variable | Description | Example | +|:---------|:------------|:---------| +|`rhsso_source_download_url` | URL to download Red Hat Single Sign-On zip file from source | `http://localhost:8081/nexus/rhsso/rh-sso-7.5-server-dist.zip` | Dependencies ------------ The roles depends on: -* the `redhat_csp_download` role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection -* the `wildfly_driver` role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection +* the redhat_csp_download role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection if Red Hat Single Sign-on zip have to be downloaded from RHN. +* the wildfly_driver role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection Example Playbook ---------------- -The following is an example playbook that makes use of the role to install keycloak +The following is an example playbook that makes use of the role to install keycloak from remote ```yaml --- @@ -94,6 +104,75 @@ The following is an example playbook that makes use of the role to install keycl keycloak_admin_password: "changeme" ``` +The following is an example playbook that makes use of the role to install keycloak from local path on Ansible node + +```yaml +--- +- hosts: ... + collections: + - middleware_automation.keycloak + tasks: + - name: Include keycloak role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" + zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip" # This should be local path on Ansible node of upstream(keycloak) zip file +``` + +The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN + +```yaml +--- +- name: Playbook for RHSSO + hosts: keycloak + collections: + - middleware_automation.redhat_csp_download + roles: + - redhat_csp_download + tasks: + - name: Keycloak Role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" + keycloak_rhsso_enable: True +``` + +The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from source url + +```yaml +--- +- hosts: keycloak + collections: + - middleware_automation.keycloak + tasks: + - name: Keycloak Role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" + keycloak_rhsso_enable: True + rhsso_source_download_url: "" # This should be the full of remote source rhsso zip file +``` + +The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path on Ansible node + +```yaml +--- +- hosts: keycloak + collections: + - middleware_automation.keycloak + tasks: + - name: Keycloak Role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" + keycloak_rhsso_enable: True + zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path on Ansible node of rhsso zip file +``` + License ------- diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index b2f45e8..2ea1d9a 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -6,7 +6,7 @@ keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" ### Configuration specific to Red Hat Single Sing-On -keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}" +keycloak_rhsso_enable: False keycloak_rhsso_version: 7.5 keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}" @@ -15,7 +15,7 @@ keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/soft ### Install location and service settings jvm_package: java-1.8.0-openjdk-devel keycloak_dest: /opt/keycloak -keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined else keycloak_installdir }}" +keycloak_jboss_home: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}" keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration" keycloak_config_standalone_xml: "keycloak.xml" diff --git a/roles/keycloak/tasks/download_from_rhn.yml b/roles/keycloak/tasks/get_rhsso.yml similarity index 57% rename from roles/keycloak/tasks/download_from_rhn.yml rename to roles/keycloak/tasks/get_rhsso.yml index 6ac9029..fa3fc2b 100644 --- a/roles/keycloak/tasks/download_from_rhn.yml +++ b/roles/keycloak/tasks/get_rhsso.yml @@ -2,20 +2,20 @@ - assert: that: - zipfile_dest is defined - - rhn_id_file is defined - - rhn_username is defined - - rhn_password is defined + - keycloak_rhsso_enable quiet: true - set_fact: - rhn_download_url: "{{ keycloak_rhsso_base_url }}{{ rhn_id_file }}" + rhn_download_url: "{{ keycloak_rhsso_base_url }}{{ rhsso_rhn_id }}" + when: + - rhsso_rhn_id is defined - name: "Check zipfile dest directory {{ zipfile_dest }}" stat: path: "{{ zipfile_dest }}" register: archive_path -- name: "Install zipfile from RHN: {{ rhn_download_url }}" +- name: "Download zipfile from RHN: {{ rhn_download_url }}" redhat_csp_download: url: "{{ rhn_download_url }}" dest: "{{ zipfile_dest }}" @@ -26,11 +26,40 @@ - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists + - rhn_username is defined + - rhn_password is defined + - rhsso_rhn_id is defined + +- name: "Copy zipfile from source like Nexus etc : {{ rhsso_source_download_url }}" + get_url: + url: "{{ rhsso_source_download_url }}" + dest: "{{ zipfile_dest }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - rhsso_source_download_url is defined + +- name: "Copy zipfile from local source: {{ zip_file_local_path }}" + ansible.builtin.copy: + src: "{{ zip_file_local_path }}" + dest: "{{ zipfile_dest }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - zip_file_local_path is defined - name: "Check zipfile dest directory {{ zipfile_dest }}" stat: path: "{{ zipfile_dest }}" - register: path_to_downloaded_artefact + register: path_to_downloaded_artifact - block: - file: @@ -68,8 +97,8 @@ when: - target_dir_state.stat.exists when: - - path_to_downloaded_artefact is defined - - path_to_downloaded_artefact.stat is defined - - path_to_downloaded_artefact.stat.exists + - path_to_downloaded_artifact is defined + - path_to_downloaded_artifact.stat is defined + - path_to_downloaded_artifact.stat.exists - target_dir is defined - work_dir is defined diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 88a0ab4..6faafe0 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -74,6 +74,20 @@ - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists + - not keycloak_rhsso_enable and not zip_file_local_path is defined + + - name: "Copy zipfile from local source: {{ zip_file_local_path }}" + ansible.builtin.copy: + src: "{{ zip_file_local_path }}" + dest: "{{ keycloak_dest }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - not keycloak_rhsso_enable and zip_file_local_path is defined - name: extract Keycloak archive on target unarchive: @@ -91,9 +105,9 @@ - block: - assert: that: - - rhsso_rhn_id is defined + - rhsso_rhn_id is defined or zip_file_local_path is defined quiet: true - fail_msg: "Can't install RHSSO without RHN ID." + fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file located on Ansible node" - name: create download directory file: @@ -103,9 +117,8 @@ group: "{{ keycloak_service_group }}" mode: 0750 - - include_tasks: download_from_rhn.yml + - include_tasks: get_rhsso.yml vars: - rhn_id_file: "{{ rhsso_rhn_id }}" zipfile_dest: "{{ keycloak_dest }}/{{ keycloak_rhsso_archive }}" work_dir: "{{ keycloak_dest }}" target_dir: "{{ keycloak_jboss_home }}"