keycloak_quarkus: add https to molecule test setup (#36)
* keycloak_quarkus: add https to molecule test setup * move converge pre_tasks to prepare phase * Update zipfile unarchive to cater for existing certsmain
parent
469036e9e7
commit
76cbb4c676
|
@ -9,3 +9,4 @@ docs/_build/
|
|||
.mypy_cache/
|
||||
*.retry
|
||||
changelogs/.plugin-cache.yaml
|
||||
*.pem
|
||||
|
|
|
@ -2,10 +2,6 @@
|
|||
- name: Prepare
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Disable beta repos
|
||||
ansible.builtin.command: yum config-manager --disable '*beta*'
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Install sudo
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
|
|
|
@ -5,6 +5,12 @@
|
|||
keycloak_quarkus_admin_pass: "remembertochangeme"
|
||||
keycloak_admin_password: "remembertochangeme"
|
||||
keycloak_realm: TestRealm
|
||||
keycloak_quarkus_host: instance:8443
|
||||
keycloak_quarkus_http_relative_path: ''
|
||||
keycloak_quarkus_log: file
|
||||
keycloak_quarkus_https_enabled: True
|
||||
keycloak_quarkus_key_file: conf/key.pem
|
||||
keycloak_quarkus_cert_file: conf/cert.pem
|
||||
roles:
|
||||
- role: keycloak_quarkus
|
||||
- role: keycloak_realm
|
||||
|
|
|
@ -16,7 +16,9 @@ platforms:
|
|||
port_bindings:
|
||||
- "8080/tcp"
|
||||
- "8443/tcp"
|
||||
- "8009/tcp"
|
||||
- "8009/tcp"
|
||||
published_ports:
|
||||
- 0.0.0.0:8443:8443/tcp
|
||||
provisioner:
|
||||
name: ansible
|
||||
config_options:
|
||||
|
|
|
@ -6,3 +6,21 @@
|
|||
ansible.builtin.yum:
|
||||
name: sudo
|
||||
state: present
|
||||
- command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance'
|
||||
delegate_to: localhost
|
||||
- lineinfile:
|
||||
dest: /etc/hosts
|
||||
line: "127.0.0.1 instance"
|
||||
state: present
|
||||
delegate_to: localhost
|
||||
become: yes
|
||||
- file:
|
||||
state: directory
|
||||
path: /opt/keycloak/keycloak-18.0.0/conf/
|
||||
- copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}"
|
||||
mode: 0444
|
||||
loop:
|
||||
- cert.pem
|
||||
- key.pem
|
||||
|
|
|
@ -9,3 +9,19 @@
|
|||
that:
|
||||
- ansible_facts.services["keycloak.service"]["state"] == "running"
|
||||
- ansible_facts.services["keycloak.service"]["status"] == "enabled"
|
||||
- name: Fetch openID config
|
||||
shell: |
|
||||
curl https://instance:8443/realms/master/.well-known/openid-configuration -k | jq .
|
||||
delegate_to: localhost
|
||||
register: openid_config
|
||||
- debug:
|
||||
msg: " {{ openid_config.stdout | from_json }}"
|
||||
delegate_to: localhost
|
||||
- name: Verify endpoint URLs
|
||||
assert:
|
||||
that:
|
||||
- (openid_config.stdout | from_json)["backchannel_authentication_endpoint"] == 'https://instance:8443/realms/master/protocol/openid-connect/ext/ciba/auth'
|
||||
- (openid_config.stdout | from_json)['issuer'] == 'https://instance:8443/realms/master'
|
||||
- (openid_config.stdout | from_json)['authorization_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/auth'
|
||||
- (openid_config.stdout | from_json)['token_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/token'
|
||||
delegate_to: localhost
|
||||
|
|
|
@ -3,7 +3,13 @@
|
|||
hosts: all
|
||||
vars:
|
||||
keycloak_admin_password: "remembertochangeme"
|
||||
keycloak_quarkus_host: localhost:8443
|
||||
keycloak_quarkus_http_relative_path: ''
|
||||
keycloak_quarkus_log: file
|
||||
keycloak_quarkus_https_enabled: True
|
||||
keycloak_quarkus_key_file: conf/key.pem
|
||||
keycloak_quarkus_cert_file: conf/cert.pem
|
||||
collections:
|
||||
- middleware_automation.keycloak
|
||||
roles:
|
||||
- keycloak_quarkus
|
||||
- keycloak_quarkus
|
||||
|
|
|
@ -84,9 +84,9 @@
|
|||
- local_archive_path.stat.exists
|
||||
become: yes
|
||||
|
||||
- name: "Check target directory: {{ keycloak.home }}"
|
||||
- name: "Check target directory: {{ keycloak.home }}/bin/"
|
||||
ansible.builtin.stat:
|
||||
path: "{{ keycloak.home }}"
|
||||
path: "{{ keycloak.home }}/bin/"
|
||||
register: path_to_workdir
|
||||
become: yes
|
||||
|
||||
|
@ -95,12 +95,12 @@
|
|||
remote_src: yes
|
||||
src: "{{ archive }}"
|
||||
dest: "{{ keycloak_quarkus_dest }}"
|
||||
creates: "{{ keycloak.home }}"
|
||||
creates: "{{ keycloak.home }}/bin/"
|
||||
owner: "{{ keycloak.service_user }}"
|
||||
group: "{{ keycloak.service_group }}"
|
||||
become: yes
|
||||
when:
|
||||
- new_version_downloaded.changed or not path_to_workdir.stat.exists
|
||||
- (not path_to_workdir.stat.exists) or new_version_downloaded.changed
|
||||
notify:
|
||||
- restart keycloak
|
||||
|
||||
|
@ -108,4 +108,4 @@
|
|||
ansible.builtin.debug:
|
||||
msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
|
||||
when:
|
||||
- not new_version_downloaded.changed and path_to_workdir.stat.exists
|
||||
- (not new_version_downloaded.changed) and path_to_workdir.stat.exists
|
||||
|
|
|
@ -41,6 +41,14 @@
|
|||
notify:
|
||||
- restart keycloak
|
||||
|
||||
- name: Ensure logdirectory exists
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ keycloak.home }}/{{ keycloak.log.file | dirname }}"
|
||||
owner: "{{ keycloak.service_user }}"
|
||||
group: "{{ keycloak.service_group }}"
|
||||
mode: 0775
|
||||
|
||||
- name: "Start and wait for keycloak service"
|
||||
ansible.builtin.include_tasks: start.yml
|
||||
|
||||
|
@ -52,6 +60,6 @@
|
|||
- name: Link default logs directory
|
||||
ansible.builtin.file:
|
||||
state: link
|
||||
src: "{{ keycloak.home }}/{{ keycloak.log.file }}"
|
||||
src: "{{ keycloak.home }}/{{ keycloak.log.file | dirname }}"
|
||||
dest: /var/log/keycloak
|
||||
force: yes
|
||||
|
|
Loading…
Reference in New Issue