Extract vars, template fixes, add README

main
Guido Grazioli 2021-12-15 12:33:42 +01:00
parent 6e3a7989eb
commit ab35489f67
11 changed files with 100 additions and 19 deletions

View File

@ -6,3 +6,5 @@
- name: Include keycloak role - name: Include keycloak role
include_role: include_role:
name: ../../roles/keycloak name: ../../roles/keycloak
vars:
keycloak_admin_password: "changeme"

View File

@ -4,7 +4,7 @@
tasks: tasks:
- name: Populate service facts - name: Populate service facts
ansible.builtin.service_facts: ansible.builtin.service_facts:
- name: Check if infinispan service started - name: Check if keycloak service started
assert: assert:
that: that:
- ansible_facts.services["keycloak.service"]["state"] == "running" - ansible_facts.services["keycloak.service"]["state"] == "running"

View File

@ -9,3 +9,5 @@
- name: Keycloak Role - name: Keycloak Role
include_role: include_role:
name: keycloak name: keycloak
vars:
keycloak_admin_password: "changeme"

View File

@ -0,0 +1,75 @@
keycloak
========
Install [keycloak](https://keycloak.org/) or [Red Hat Single Sing-On](https://access.redhat.com/products/red-hat-single-sign-on) server configurations.
Role Defaults
-------------
| Variable | Description | Default |
|:---------|:------------|:---------|
|`keycloak_ha_enabled`| enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
|`keycloak_admin_user`| Administration console user account | `admin` |
Role Variables
--------------
The following are a set of required variables for the role:
| Variable | Description |
|:---------|:------------|
|`keycloak_admin_password`| Password for the administration console user account |
The following variables are required when keycloak_ha_enabled is True:
| Variable | Description | Default |
|:---------|:------------|:---------|
|`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
|`postgres_jdbc_url` | URL for the postgres backend database | `jdbc:postgresql://localhost:5432/keycloak` |
|`postgres_db_user` | username for connecting to postgres | `keycloak-user` |
|`postgres_db_pass` | password for connecting to postgres | `keycloak-pass` |
|`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
|`infinispan_user` | username for connecting to infinispan | `supervisor` |
|`infinispan_pass` | password for connecting to infinispan | `supervisor` |
Dependencies
------------
The roles depends on:
* the redhat_csp_download role of [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection
* the jcliff role of [middleware_automation.jcliff](https://github.com/ansible-middleware/ansible_collections_jcliff) collection
Example Playbook
----------------
The following is an example playbook that makes use of the role to install keycloak
```yaml
---
- hosts: ...
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
```
License
-------
Apache License 2.0
Author Information
------------------
* [Guido Grazioli](https://github.com/guidograzioli)
* [Romain Pelisse](https://github.com/rpelisse)

View File

@ -38,7 +38,6 @@ keycloak_ha_enabled: False
# keycloak administration console user # keycloak administration console user
keycloak_admin_user: admin keycloak_admin_user: admin
keycloak_admin_password: "password"
keycloak_auth_realm: master keycloak_auth_realm: master
keycloak_auth_client: admin-cli keycloak_auth_client: admin-cli
@ -47,14 +46,14 @@ keycloak_force_install: False
keycloak_modcluster: keycloak_modcluster:
enabled: "{{ keycloak_ha_enabled }}" enabled: "{{ keycloak_ha_enabled }}"
reverse_proxy_url: jbcs-0 reverse_proxy_url: "{{ keycloak_modcluster_url | default('localhost') }}"
keycloak_remotecache: keycloak_remotecache:
enabled: "{{ keycloak_ha_enabled }}" enabled: "{{ keycloak_ha_enabled }}"
username: supervisor username: "{{ infinispan_user | default('supervisor') }}"
password: itsme password: "{{ infinispan_pass | default('supervisor') }}"
realm: default realm: default
server_name: jdg-1 server_name: "{{ infinispan_url | default('localhost') }}"
trust_store_path: /path/to/jks/keystore trust_store_path: /path/to/jks/keystore
trust_store_password: changeme trust_store_password: changeme
@ -66,6 +65,6 @@ keycloak_jdbc:
driver_version: 9.4.1212 driver_version: 9.4.1212
driver_jar_filename: "postgresql-9.4.1212.jar" driver_jar_filename: "postgresql-9.4.1212.jar"
driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/9.4.1212/postgresql-9.4.1212.jar" driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/9.4.1212/postgresql-9.4.1212.jar"
connection_url: "jdbc:postgresql://pgsql-0:5432/keycloak" connection_url: "{{ postgres_jdbc_url | default('jdbc:postgresql://localhost:5432/keycloak') }}"
db_user: "keycloak-user" db_user: "{{ postgres_db_user | default('keycloak-user') }}"
db_password: "keycloak-pass" db_password: "{{ postgres_db_pass | default('keycloak-pass') }}"

View File

@ -14,7 +14,7 @@
- name: Configure firewall for jdg ports - name: Configure firewall for jdg ports
become: yes become: yes
ansible.posix.firewalld: firewalld:
port: "{{ item }}" port: "{{ item }}"
permanent: true permanent: true
state: enabled state: enabled
@ -22,4 +22,6 @@
loop: loop:
- "{{ keycloak_http_port }}/tcp" - "{{ keycloak_http_port }}/tcp"
- "{{ keycloak_https_port }}/tcp" - "{{ keycloak_https_port }}/tcp"
- "{{ keycloak_management_http_port }}/tcp"
- "{{ keycloak_management_https_port }}/tcp"
- "8009/tcp" - "8009/tcp"

View File

@ -709,11 +709,11 @@
</outbound-socket-binding> </outbound-socket-binding>
{% if keycloak_modcluster.enabled %} {% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1"> <outbound-socket-binding name="proxy1">
<remote-destination host="{{ (groups['jbcs'][0] if groups['jbcs'] | length > 0 else 'localhost') }}" port="6666"/> <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
</outbound-socket-binding> </outbound-socket-binding>
{% endif %} {% endif %}
<outbound-socket-binding name="remote-cache"> <outbound-socket-binding name="remote-cache">
<remote-destination host="{{ (groups['jdg'][0] if groups['jdg'] | length > 0 else 'localhost') }}" port="${remote.cache.port:11222}"/> <remote-destination host="{{ keycloak_remotecache.server_name | default('localhost') }}" port="${remote.cache.port:11222}"/>
</outbound-socket-binding> </outbound-socket-binding>
</socket-binding-group> </socket-binding-group>
</server> </server>

View File

@ -709,11 +709,11 @@
</outbound-socket-binding> </outbound-socket-binding>
{% if keycloak_modcluster.enabled %} {% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1"> <outbound-socket-binding name="proxy1">
<remote-destination host="{{ (groups['jbcs'][0] if groups['jbcs'] | length > 0 else 'localhost') }}" port="6666"/> <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
</outbound-socket-binding> </outbound-socket-binding>
{% endif %} {% endif %}
<outbound-socket-binding name="remote-cache"> <outbound-socket-binding name="remote-cache">
<remote-destination host="{{ (groups['jdg'][0] if groups['jdg'] | length > 0 else 'localhost') }}" port="${remote.cache.port:11222}"/> <remote-destination host="{{ keycloak_remotecache.server_name | default('localhost') }}" port="${remote.cache.port:11222}"/>
</outbound-socket-binding> </outbound-socket-binding>
</socket-binding-group> </socket-binding-group>
</server> </server>

View File

@ -625,7 +625,7 @@
</outbound-socket-binding> </outbound-socket-binding>
{% if keycloak_modcluster.enabled %} {% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1"> <outbound-socket-binding name="proxy1">
<remote-destination host="{{ (groups['jbcs'][0] if groups['jbcs'] | length > 0 else 'localhost') }}" port="6666"/> <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
</outbound-socket-binding> </outbound-socket-binding>
{% endif %} {% endif %}
</socket-binding-group> </socket-binding-group>

View File

@ -607,7 +607,7 @@
</outbound-socket-binding> </outbound-socket-binding>
{% if keycloak_modcluster.enabled %} {% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1"> <outbound-socket-binding name="proxy1">
<remote-destination host="{{ (groups['jbcs'][0] if groups['jbcs'] | length > 0 else 'localhost') }}" port="6666"/> <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
</outbound-socket-binding> </outbound-socket-binding>
{% endif %} {% endif %}
</socket-binding-group> </socket-binding-group>

View File

@ -1,2 +1,3 @@
--- ---
# vars file for keycloak # vars file for keycloak
keycloak_admin_password: