diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..fa1f1fc --- /dev/null +++ b/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable \ No newline at end of file diff --git a/roles/keycloak/meta/main.yml b/roles/keycloak/meta/main.yml index 2cc2def..5e86d39 100644 --- a/roles/keycloak/meta/main.yml +++ b/roles/keycloak/meta/main.yml @@ -1,56 +1,3 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.9 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. - collections: - middleware_automation.redhat_csp_download - middleware_automation.jcliff diff --git a/roles/keycloak/tasks/download_from_rhn.yml b/roles/keycloak/tasks/download_from_rhn.yml index edfcf01..04dcc84 100644 --- a/roles/keycloak/tasks/download_from_rhn.yml +++ b/roles/keycloak/tasks/download_from_rhn.yml @@ -37,8 +37,12 @@ - file: path: "{{ work_dir }}" state: directory + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 - - stat: + - name: "Check directory {{ target_dir }}" + stat: path: "{{ target_dir }}" register: target_dir_state diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 120ad46..599a380 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -54,6 +54,7 @@ state: directory owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" + mode: 0750 - block: - set_fact: @@ -98,6 +99,9 @@ file: path: /opt/apps state: directory + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 - include_tasks: download_from_rhn.yml vars: @@ -127,6 +131,9 @@ template: src: "{{ 'templates/standalone-rhsso.xml.j2' if keycloak_rhsso_enable else 'templates/standalone.xml.j2' }}" dest: "{{ keycloak_jboss_home }}/standalone/configuration/standalone.xml" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0640 notify: - restart keycloak when: not keycloak_remotecache.enabled @@ -136,6 +143,9 @@ template: src: "{{ 'templates/standalone-rhsso-jdg.xml.j2' if keycloak_rhsso_enable else 'templates/standalone-infinispan.xml.j2' }}" dest: "{{ keycloak_jboss_home }}/standalone/configuration/standalone.xml" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0640 notify: - restart keycloak when: keycloak_remotecache.enabled diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 97407c9..ce8b8b5 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -19,6 +19,4 @@ creates: "{{ keycloak_config_dir }}/keycloak-add-user.json" become: yes -- include_tasks: tasks/systemd.yml - - +- include_tasks: tasks/systemd.yml \ No newline at end of file