--- - name: Validate parameters assert: that: - keycloak_jboss_home is defined - keycloak_service_user is defined - keycloak_dest is defined - keycloak_archive is defined - keycloak_download_url is defined - keycloak_version is defined quiet: true - name: Check for an existing deployment become: yes stat: path: "{{ keycloak_jboss_home }}" register: existing_deploy - block: - name: Stop the old keycloak service become: yes ignore_errors: yes systemd: name: keycloak state: stopped - name: Remove the old Keycloak deployment become: yes file: path: "{{ keycloak_jboss_home }}" state: absent when: existing_deploy.stat.exists and keycloak_force_install|bool - name: check for an existing deployment after possible forced removal become: yes stat: path: "{{ keycloak_jboss_home }}" - name: create Keycloak service user/group become: yes user: name: "{{ keycloak_service_user }}" home: /opt/keycloak system: yes create_home: no - name: create Keycloak install location become: yes file: dest: "{{ keycloak_dest }}" state: directory owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: 0750 ## check remote archive - name: Set download archive path set_fact: archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}" - name: Check download archive path stat: path: "{{ archive }}" register: archive_path ## download to controller - name: Check load download archive path stat: path: "{{ lookup('env', 'PWD') }}" register: local_path delegate_to: localhost - name: Download keycloak archive get_url: url: "{{ keycloak_download_url }}" dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" delegate_to: localhost when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - not keycloak_rhsso_enable - not keycloak_offline_install - name: Performing download from RHN redhat_csp_download: url: "{{ keycloak_rhsso_download_url }}" dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" username: "{{ rhn_username }}" password: "{{ rhn_password }}" no_log: "{{ omit_rhn_output | default(true) }}" delegate_to: localhost when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - keycloak_rhsso_enable - not keycloak_offline_install - keycloak_rhn_url in keycloak_rhsso_download_url - name: Download rhsso archive from alternate location get_url: url: "{{ keycloak_rhsso_download_url }}" dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" delegate_to: localhost when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - keycloak_rhsso_enable - not keycloak_offline_install - not keycloak_rhn_url in keycloak_rhsso_download_url ## copy and unpack - name: Copy archive to target nodes copy: src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" dest: "{{ archive }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: 0750 register: new_version_downloaded become: yes - name: "Check work directory: {{ keycloak_dest }}" stat: path: "{{ keycloak_dest }}" register: path_to_workdir become: yes - name: "Create work directory {{ keycloak_dest }}" file: path: "{{ keycloak_dest }}" state: directory owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: 0750 become: yes when: not path_to_workdir.stat.exists - name: "Extract {{ 'Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Keycloak' }} archive on target" unarchive: remote_src: yes src: "{{ archive }}" dest: "{{ keycloak_dest }}" creates: "{{ keycloak.home }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" become: yes when: - new_version_downloaded.changed or not path_to_workdir.stat.exists notify: - restart keycloak - name: Inform decompression was not executed debug: msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression" when: - not new_version_downloaded.changed and path_to_workdir.stat.exists - name: "Reown installation directory to {{ keycloak_service_user }}" file: path: "{{ keycloak.home }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" recurse: true become: yes changed_when: false # driver and configuration - name: "Install {{ keycloak_jdbc_engine }} driver" include_role: name: wildfly_driver tasks_from: jdbc_driver.yml vars: wildfly_user: "{{ keycloak_service_user }}" jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}" jdbc_driver_version: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_version }}" jdbc_driver_jar_filename: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}" jdbc_driver_jar_url: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}" jdbc_driver_jar_installation_path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}" jdbc_driver_module_name: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" when: keycloak_jdbc[keycloak_jdbc_engine].enabled - name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" become: yes template: src: templates/standalone.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: 0640 notify: - restart keycloak when: not keycloak_remotecache.enabled - name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}" become: yes template: src: templates/standalone-infinispan.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: 0640 notify: - restart keycloak when: keycloak_remotecache.enabled