guillaume
/
ansible-keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-keycloak/README.md

4.5 KiB
Raw Blame History

Ansible Collection - keycloak

Build Status

Collection to install and configure Keycloak or Red Hat Single Sign-On.

Ansible version compatibility

This collection has been tested against following Ansible versions: >=2.9.10.

Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.

Installation

Installing the Collection from Ansible Galaxy

Before using the collection, you need to install it with the Ansible Galaxy CLI:

ansible-galaxy collection install middleware_automation.keycloak

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml, using the format:

---
collections:
  - name: middleware_automation.keycloak

The keycloak collection also depends on the following python packages to be present on the controller host:

  • netaddr

A requirement file is provided to install:

pip install -r requirements.txt

Included roles

  • keycloak: role for installing the service.
  • keycloak_realm: role for configuring a realm, user federation(s), clients and users, in an installed service.

Usage

Install Playbook

playbooks/keycloak.yml installs the upstream(Keycloak) based on the defined variables. playbooks/rhsso.yml installs Red Hat Single Sign-On(RHSSO) based on defined variables.

Choosing between upstream(Keycloak) project and Red Hat Single Sign-On(RHSSO)

The roles supports installing upstream(Keycloak) or Red Hat Single Sign-On in the following ways

Install upstream(Keycloak) from remote source

This is default approach, there is one required variable

keycloak_admin_password: "<changeme>"

Install upstream(Keycloak) from local source when the following variable is defined

keycloak_admin_password: "<changeme>"
zip_file_local_path: <keycloak zip file on Ansible control node local path>

Install RHSSO from the Red Hat Customer Support Portal, when the following variables are defined

keycloak_admin_password: "<changeme>"
rhn_username: '<customer_portal_username>'
rhn_password: '<customer_portal_password>'
rhsso_rhn_id: '<sso_product_id>'

where sso_product_id is the ID for the specific Red Hat Single Sign-On version, ie. 101971 will install version 7.5)

Install RHSSO from remote sources like Nexus etc, when the following variables are defined

keycloak_admin_password: "<changeme>"
keycloak_rhsso_enable: True
rhsso_source_download_url: '<url to download RHSSO zip file>'

Install RHSSO from local source when the following variable is defined

keycloak_admin_password: "<changeme>"
keycloak_rhsso_enable: True
zip_file_local_path: <rhsso zip file on Ansible control node local path>

Example installation command

Execute the following command from the source root directory

ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme>

  • keycloak_admin_password Password for the administration console user account.

  • ansible_hosts is the inventory, below is an example inventory for deploying to localhost

    [keycloak]
localhost ansible_connection=local

Configuration

Config Playbook

playbooks/keycloak-realm.yml creates provided realm, user federation(s), client(s), client role(s) and client user(s) if they don't exist.

Example configuration command

Execute the following command from the source root directory

ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test

  • keycloak_admin_password password for the administration console user account.

  • keycloak_realm name of the realm to be created/used.

  • ansible_hosts is the inventory, below is an example inventory for deploying to localhost

    [keycloak]
localhost ansible_connection=local

License

Apache License v2.0 or later

See LICENSE to view the full text.