4.0 KiB
Ansible Collection - keycloak
Collection to install and configure Keycloak or Red Hat Single Sign-On.
Ansible version compatibility
This collection has been tested against following Ansible versions: >=2.9.10.
Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
Installation
Installing the Collection from Ansible Galaxy
Before using the collection, you need to install it with the Ansible Galaxy CLI:
ansible-galaxy collection install middleware_automation.keycloak
You can also include it in a requirements.yml
file and install it via ansible-galaxy collection install -r requirements.yml
, using the format:
---
collections:
- name: middleware_automation.keycloak
Install Playbook
playbooks/keycloak.yml
installs the keycloak or Red Hat Single Sign-On(RHSSO) based on the defined variables.
Choosing between Red Hat products and upstream (Keycloak) project
The roles supports installing Keycloak or Red Hat Single Sign-On in the following ways
Install upstream from remote source
This is default way, no need to define any additional variables.
Install upstream from local source when the following variable is defined
keycloak_zip_file_local_path: <local path of keycloak zip file>
Install RHSSO from the Customer Support Portal, when the following variables are defined
rhn_username: '<customer_portal_username>'
rhn_password: '<customer_portal_password>'
rhsso_rhn_id: '<sso_product_id>'
where sso_product_id
is the ID for the specific Red Hat Single Sign-On version, ie. 101971 will install version 7.5)
Install RHSSO from remote sources like Nexus etc, when the following variables are defined
rhsso_source_download_url: '<url to downloand RHSSO zip file>'
where sso_product_id
is the ID for the specific Red Hat Single Sign-On version, ie. 101971 will install version 7.5)
Install RHSSO from local source when the following variable is defined
rhsso_zip_file_local_path: <local path of rhsso zip file>
Install role
keycloak
: role for installing the service. Requires: python3-netaddr
Example installation command
Execute the following command from the source root directory
ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme>
-
keycloak_admin_password
Password for the administration console user account. -
ansible_hosts
is the inventory, below is an example inventory for deploying to localhost[keycloak] localhost ansible_connection=local
Configuration
Config Playbook
playbooks/keycloak-realm.yml
creates provided realm, client(s), client role(s) and client user(s) if they don't exist.
Config role
keycloak_realm
: role for configuring a realm, with clients and users, in an installed service.
Example configuration command
Execute the following command from the source root directory
ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
-
keycloak_admin_password
password for the administration console user account. -
keycloak_realm
name of the realm to be created/used. -
ansible_hosts
is the inventory, below is an example inventory for deploying to localhost[keycloak] localhost ansible_connection=local
License
Apache License v2.0 or later
See LICENCE to view the full text.