diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 01fc624..9aa106a 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -1,5 +1,6 @@ --- -- assert: +- name: Validate parameters + assert: that: - keycloak_jboss_home is defined - keycloak_service_user is defined @@ -9,20 +10,20 @@ - keycloak_version is defined quiet: true -- name: check for an existing deployment +- name: Check for an existing deployment become: yes stat: path: "{{ keycloak_jboss_home }}" register: existing_deploy - block: - - name: stop the old keycloak service + - name: Stop the old keycloak service become: yes ignore_errors: yes systemd: name: keycloak state: stopped - - name: remove the old Keycloak deployment + - name: Remove the old Keycloak deployment become: yes file: path: "{{ keycloak_jboss_home }}" @@ -51,75 +52,121 @@ group: "{{ keycloak_service_group }}" mode: 0750 -- block: - - set_fact: - archive: "{{ keycloak_dest }}/{{ keycloak_archive }}" - - name: "Check archive directory {{ archive }}" - stat: - path: "{{ archive }}" - register: archive_path +## check remote archive +- name: Set download archive path + set_fact: + archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}" - - name: download Keycloak archive to target - get_url: - url: "{{ keycloak_download_url }}" - dest: "{{ keycloak_dest }}" - owner: "{{ keycloak_service_user }}" - group: "{{ keycloak_service_group }}" - when: - - archive_path is defined - - archive_path.stat is defined - - not archive_path.stat.exists - - not keycloak_rhsso_enable and not zip_file_local_path is defined +- name: Check download archive path + stat: + path: "{{ archive }}" + register: archive_path - - name: "Copy zipfile from local source: {{ zip_file_local_path }}" - ansible.builtin.copy: - src: "{{ zip_file_local_path }}" - dest: "{{ keycloak_dest }}" - owner: "{{ keycloak_service_user }}" - group: "{{ keycloak_service_group }}" - mode: 0750 - when: - - archive_path is defined - - archive_path.stat is defined - - not archive_path.stat.exists - - not keycloak_rhsso_enable and zip_file_local_path is defined +## download to controller +- name: Check load download archive path + stat: + path: "{{ lookup('env', 'PWD') }}" + register: local_path + delegate_to: localhost - - name: extract Keycloak archive on target - unarchive: - remote_src: yes - src: "{{ archive }}" - dest: "{{ keycloak_dest }}" - creates: "{{ keycloak_jboss_home }}" - owner: "{{ keycloak_service_user }}" - group: "{{ keycloak_service_group }}" - notify: - - restart keycloak +- name: Download keycloak archive + get_url: + url: "{{ keycloak_download_url }}" + dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + delegate_to: localhost + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - not keycloak_rhsso_enable + - not keycloak_offline_install + +- name: Performing download from RHN + redhat_csp_download: + url: "{{ keycloak_rhsso_download_url }}" + dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + username: "{{ rhn_username }}" + password: "{{ rhn_password }}" + no_log: "{{ omit_rhn_output | default(true) }}" + delegate_to: localhost + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - keycloak_rhsso_enable + - not keycloak_offline_install + - keycloak_rhsso_download_url is match(keycloak_rhn_url+".*") + +- name: Download rhsso archive from alternate location + get_url: + url: "{{ keycloak_rhsso_download_url }}" + dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + delegate_to: localhost + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - keycloak_rhsso_enable + - not keycloak_offline_install + - not keycloak_rhsso_download_url is match(keycloak_rhn_url+".*") + +## copy and unpack +- name: Copy archive to target nodes + copy: + src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + dest: "{{ archive }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 + register: new_version_downloaded become: yes - when: not keycloak_rhsso_enable -- block: - - assert: - that: - - rhsso_rhn_id is defined or zip_file_local_path is defined - quiet: true - fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file located on Ansible node" - - - name: create download directory - file: - path: /opt/apps - state: directory - owner: "{{ keycloak_service_user }}" - group: "{{ keycloak_service_group }}" - mode: 0750 - - - include_tasks: get_rhsso.yml - vars: - zipfile_dest: "{{ keycloak_dest }}/{{ keycloak_rhsso_archive }}" - work_dir: "{{ keycloak_dest }}" - target_dir: "{{ keycloak_jboss_home }}" +- name: "Check work directory: {{ keycloak_dest }}" + stat: + path: "{{ keycloak_dest }}" + register: path_to_workdir become: yes - when: keycloak_rhsso_enable +- name: "Create work directory {{ keycloak_dest }}" + file: + path: "{{ keycloak_dest }}" + state: directory + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 + become: yes + when: not path_to_workdir.stat.exists + +- name: "Extract {{ 'Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Keycloak' }} archive on target" + unarchive: + remote_src: yes + src: "{{ archive }}" + dest: "{{ keycloak_dest }}" + creates: "{{ keycloak.home }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + become: yes + when: + - new_version_downloaded.changed or not path_to_workdir.stat.exists + notify: + - restart keycloak + +- name: Inform decompression was not executed + debug: + msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression" + when: + - not new_version_downloaded.changed and path_to_workdir.stat.exists + +- name: "Reown installation directory to {{ keycloak_service_user }}" + file: + path: "{{ keycloak.home }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + recurse: true + become: yes + changed_when: false + +# driver and configuration - name: "Install {{ keycloak_jdbc_engine }} driver" include_role: name: wildfly_driver @@ -134,7 +181,7 @@ jdbc_driver_module_name: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" when: keycloak_jdbc[keycloak_jdbc_engine].enabled -- name: "Deploy Keycloak's standalone.xml" +- name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" become: yes template: src: templates/standalone.xml.j2 @@ -146,7 +193,7 @@ - restart keycloak when: not keycloak_remotecache.enabled -- name: "Deploy Keycloak's standalone.xml with remote cache store" +- name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}" become: yes template: src: templates/standalone-infinispan.xml.j2 diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml index 094b453..43ece24 100644 --- a/roles/keycloak/vars/main.yml +++ b/roles/keycloak/vars/main.yml @@ -17,7 +17,7 @@ keycloak: home: "{{ keycloak_jboss_home }}" config_dir: "{{ keycloak_config_dir }}" bundle: "{{ keycloak_rhsso_archive if keycloak_rhsso_enable else keycloak_archive }}" - service_name: "{{ 'rhsso' if keycloak_rhsso_enable else 'keycloak') }}" + service_name: "{{ 'rhsso' if keycloak_rhsso_enable else 'keycloak' }}" health_url: "{{ keycloak_management_url }}/health" # database