keycloak_quarkus: add https to molecule test setup (#36)
* keycloak_quarkus: add https to molecule test setup * move converge pre_tasks to prepare phase * Update zipfile unarchive to cater for existing certsmain
parent
469036e9e7
commit
76cbb4c676
|
@ -9,3 +9,4 @@ docs/_build/
|
||||||
.mypy_cache/
|
.mypy_cache/
|
||||||
*.retry
|
*.retry
|
||||||
changelogs/.plugin-cache.yaml
|
changelogs/.plugin-cache.yaml
|
||||||
|
*.pem
|
||||||
|
|
|
@ -2,10 +2,6 @@
|
||||||
- name: Prepare
|
- name: Prepare
|
||||||
hosts: all
|
hosts: all
|
||||||
tasks:
|
tasks:
|
||||||
- name: Disable beta repos
|
|
||||||
ansible.builtin.command: yum config-manager --disable '*beta*'
|
|
||||||
ignore_errors: yes
|
|
||||||
|
|
||||||
- name: Install sudo
|
- name: Install sudo
|
||||||
ansible.builtin.yum:
|
ansible.builtin.yum:
|
||||||
name:
|
name:
|
||||||
|
|
|
@ -5,6 +5,12 @@
|
||||||
keycloak_quarkus_admin_pass: "remembertochangeme"
|
keycloak_quarkus_admin_pass: "remembertochangeme"
|
||||||
keycloak_admin_password: "remembertochangeme"
|
keycloak_admin_password: "remembertochangeme"
|
||||||
keycloak_realm: TestRealm
|
keycloak_realm: TestRealm
|
||||||
|
keycloak_quarkus_host: instance:8443
|
||||||
|
keycloak_quarkus_http_relative_path: ''
|
||||||
|
keycloak_quarkus_log: file
|
||||||
|
keycloak_quarkus_https_enabled: True
|
||||||
|
keycloak_quarkus_key_file: conf/key.pem
|
||||||
|
keycloak_quarkus_cert_file: conf/cert.pem
|
||||||
roles:
|
roles:
|
||||||
- role: keycloak_quarkus
|
- role: keycloak_quarkus
|
||||||
- role: keycloak_realm
|
- role: keycloak_realm
|
||||||
|
|
|
@ -16,7 +16,9 @@ platforms:
|
||||||
port_bindings:
|
port_bindings:
|
||||||
- "8080/tcp"
|
- "8080/tcp"
|
||||||
- "8443/tcp"
|
- "8443/tcp"
|
||||||
- "8009/tcp"
|
- "8009/tcp"
|
||||||
|
published_ports:
|
||||||
|
- 0.0.0.0:8443:8443/tcp
|
||||||
provisioner:
|
provisioner:
|
||||||
name: ansible
|
name: ansible
|
||||||
config_options:
|
config_options:
|
||||||
|
|
|
@ -6,3 +6,21 @@
|
||||||
ansible.builtin.yum:
|
ansible.builtin.yum:
|
||||||
name: sudo
|
name: sudo
|
||||||
state: present
|
state: present
|
||||||
|
- command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance'
|
||||||
|
delegate_to: localhost
|
||||||
|
- lineinfile:
|
||||||
|
dest: /etc/hosts
|
||||||
|
line: "127.0.0.1 instance"
|
||||||
|
state: present
|
||||||
|
delegate_to: localhost
|
||||||
|
become: yes
|
||||||
|
- file:
|
||||||
|
state: directory
|
||||||
|
path: /opt/keycloak/keycloak-18.0.0/conf/
|
||||||
|
- copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}"
|
||||||
|
mode: 0444
|
||||||
|
loop:
|
||||||
|
- cert.pem
|
||||||
|
- key.pem
|
||||||
|
|
|
@ -9,3 +9,19 @@
|
||||||
that:
|
that:
|
||||||
- ansible_facts.services["keycloak.service"]["state"] == "running"
|
- ansible_facts.services["keycloak.service"]["state"] == "running"
|
||||||
- ansible_facts.services["keycloak.service"]["status"] == "enabled"
|
- ansible_facts.services["keycloak.service"]["status"] == "enabled"
|
||||||
|
- name: Fetch openID config
|
||||||
|
shell: |
|
||||||
|
curl https://instance:8443/realms/master/.well-known/openid-configuration -k | jq .
|
||||||
|
delegate_to: localhost
|
||||||
|
register: openid_config
|
||||||
|
- debug:
|
||||||
|
msg: " {{ openid_config.stdout | from_json }}"
|
||||||
|
delegate_to: localhost
|
||||||
|
- name: Verify endpoint URLs
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- (openid_config.stdout | from_json)["backchannel_authentication_endpoint"] == 'https://instance:8443/realms/master/protocol/openid-connect/ext/ciba/auth'
|
||||||
|
- (openid_config.stdout | from_json)['issuer'] == 'https://instance:8443/realms/master'
|
||||||
|
- (openid_config.stdout | from_json)['authorization_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/auth'
|
||||||
|
- (openid_config.stdout | from_json)['token_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/token'
|
||||||
|
delegate_to: localhost
|
||||||
|
|
|
@ -3,7 +3,13 @@
|
||||||
hosts: all
|
hosts: all
|
||||||
vars:
|
vars:
|
||||||
keycloak_admin_password: "remembertochangeme"
|
keycloak_admin_password: "remembertochangeme"
|
||||||
|
keycloak_quarkus_host: localhost:8443
|
||||||
|
keycloak_quarkus_http_relative_path: ''
|
||||||
|
keycloak_quarkus_log: file
|
||||||
|
keycloak_quarkus_https_enabled: True
|
||||||
|
keycloak_quarkus_key_file: conf/key.pem
|
||||||
|
keycloak_quarkus_cert_file: conf/cert.pem
|
||||||
collections:
|
collections:
|
||||||
- middleware_automation.keycloak
|
- middleware_automation.keycloak
|
||||||
roles:
|
roles:
|
||||||
- keycloak_quarkus
|
- keycloak_quarkus
|
||||||
|
|
|
@ -84,9 +84,9 @@
|
||||||
- local_archive_path.stat.exists
|
- local_archive_path.stat.exists
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: "Check target directory: {{ keycloak.home }}"
|
- name: "Check target directory: {{ keycloak.home }}/bin/"
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "{{ keycloak.home }}"
|
path: "{{ keycloak.home }}/bin/"
|
||||||
register: path_to_workdir
|
register: path_to_workdir
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
|
@ -95,12 +95,12 @@
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
src: "{{ archive }}"
|
src: "{{ archive }}"
|
||||||
dest: "{{ keycloak_quarkus_dest }}"
|
dest: "{{ keycloak_quarkus_dest }}"
|
||||||
creates: "{{ keycloak.home }}"
|
creates: "{{ keycloak.home }}/bin/"
|
||||||
owner: "{{ keycloak.service_user }}"
|
owner: "{{ keycloak.service_user }}"
|
||||||
group: "{{ keycloak.service_group }}"
|
group: "{{ keycloak.service_group }}"
|
||||||
become: yes
|
become: yes
|
||||||
when:
|
when:
|
||||||
- new_version_downloaded.changed or not path_to_workdir.stat.exists
|
- (not path_to_workdir.stat.exists) or new_version_downloaded.changed
|
||||||
notify:
|
notify:
|
||||||
- restart keycloak
|
- restart keycloak
|
||||||
|
|
||||||
|
@ -108,4 +108,4 @@
|
||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
|
msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
|
||||||
when:
|
when:
|
||||||
- not new_version_downloaded.changed and path_to_workdir.stat.exists
|
- (not new_version_downloaded.changed) and path_to_workdir.stat.exists
|
||||||
|
|
|
@ -41,6 +41,14 @@
|
||||||
notify:
|
notify:
|
||||||
- restart keycloak
|
- restart keycloak
|
||||||
|
|
||||||
|
- name: Ensure logdirectory exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ keycloak.home }}/{{ keycloak.log.file | dirname }}"
|
||||||
|
owner: "{{ keycloak.service_user }}"
|
||||||
|
group: "{{ keycloak.service_group }}"
|
||||||
|
mode: 0775
|
||||||
|
|
||||||
- name: "Start and wait for keycloak service"
|
- name: "Start and wait for keycloak service"
|
||||||
ansible.builtin.include_tasks: start.yml
|
ansible.builtin.include_tasks: start.yml
|
||||||
|
|
||||||
|
@ -52,6 +60,6 @@
|
||||||
- name: Link default logs directory
|
- name: Link default logs directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
state: link
|
state: link
|
||||||
src: "{{ keycloak.home }}/{{ keycloak.log.file }}"
|
src: "{{ keycloak.home }}/{{ keycloak.log.file | dirname }}"
|
||||||
dest: /var/log/keycloak
|
dest: /var/log/keycloak
|
||||||
force: yes
|
force: yes
|
||||||
|
|
Loading…
Reference in New Issue