You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
133 lines
3.4 KiB
133 lines
3.4 KiB
- name: Install Keycloak
|
|
hosts: keycloak
|
|
gather_facts: yes
|
|
become: yes
|
|
tasks:
|
|
- name: Create the keycloak user
|
|
user:
|
|
name: keycloak
|
|
system: true
|
|
home: '{{ keycloak_dir }}'
|
|
create_home: false
|
|
state: present
|
|
|
|
- name: Install pre-requisites
|
|
dnf:
|
|
name:
|
|
- unzip
|
|
- java-11-openjdk-headless
|
|
state: installed
|
|
|
|
- name: Check if the keycloak systemd unit exists
|
|
stat:
|
|
path: /etc/systemd/system/keycloak.service
|
|
register: stat_kc_unit
|
|
|
|
- name: Stop Keycloak
|
|
systemd:
|
|
name: keycloak.service
|
|
state: stopped
|
|
when: stat_kc_unit.stat.exists
|
|
|
|
- name: Check if an existing version of keycloak exists
|
|
stat:
|
|
path: '{{ keycloak_dir }}'
|
|
register: stat_kc_dir
|
|
|
|
- name: Remove existing installation of Keycloak
|
|
file:
|
|
path: '{{ keycloak_dir }}'
|
|
state: absent
|
|
when: stat_kc_dir.stat.exists
|
|
|
|
- name: Unpack Keycloak
|
|
unarchive:
|
|
src: 'rh-sso-7.5.0-server-dist.zip'
|
|
dest: /opt
|
|
owner: keycloak
|
|
creates: '{{ keycloak_dir }}'
|
|
|
|
- name: Upload Keycloak patches
|
|
copy:
|
|
src: '{{ item }}'
|
|
dest: '/tmp/{{ item }}'
|
|
loop:
|
|
- rh-sso-7.5.1-patch.zip
|
|
- rhsso-1974.zip
|
|
- rhsso-2054.zip
|
|
|
|
- name: Apply Keycloak patches
|
|
command: '{{ keycloak_dir }}/bin/jboss-cli.sh --command="patch apply /tmp/{{ item }}"'
|
|
loop:
|
|
- rh-sso-7.5.1-patch.zip
|
|
- rhsso-1974.zip
|
|
- rhsso-2054.zip
|
|
become_user: keycloak
|
|
|
|
- name: Create modules/system/layers/keycloak/org/postgresql/jdbc/main
|
|
file:
|
|
state: directory
|
|
path: '{{ keycloak_dir }}/modules/system/layers/base/org/postgresql/jdbc/main'
|
|
owner: keycloak
|
|
|
|
- name: Copy postgresql JDBC driver
|
|
copy:
|
|
src: postgresql-42.3.3.jar
|
|
dest: '{{ keycloak_dir }}/modules/system/layers/base/org/postgresql/jdbc/main'
|
|
owner: keycloak
|
|
|
|
- name: Reference the jdbc driver in module.xml
|
|
template:
|
|
src: module.xml.j2
|
|
dest: '{{ keycloak_dir }}/modules/system/layers/base/org/postgresql/jdbc/main/module.xml'
|
|
owner: keycloak
|
|
|
|
# Sample cli scripts are here: https://github.com/keycloak/keycloak-containers/tree/15.0.2/server/tools/cli
|
|
- name: Upload the Keycloak configuration script
|
|
template:
|
|
src: keycloak-custom.cli
|
|
dest: '{{ keycloak_dir }}/custom.cli'
|
|
owner: keycloak
|
|
|
|
- name: Configure keycloak
|
|
command: '{{ keycloak_dir }}/bin/jboss-cli.sh --file={{ keycloak_dir }}/custom.cli'
|
|
become_user: keycloak
|
|
|
|
- name: Install the keycloak service unit
|
|
template:
|
|
src: keycloak.service
|
|
dest: /etc/systemd/system/keycloak.service
|
|
register: systemd_unit
|
|
tags: config
|
|
|
|
- name: Configure the keycloak service unit
|
|
template:
|
|
src: keycloak.env
|
|
dest: '{{ keycloak_dir }}/keycloak.env'
|
|
register: unit_config
|
|
tags: config
|
|
|
|
- name: Reload systemd
|
|
systemd:
|
|
daemon-reload: yes
|
|
when: systemd_unit.changed
|
|
tags: config
|
|
|
|
- name: Create the initial admin
|
|
command: '{{ keycloak_dir }}/bin/add-user-keycloak.sh --user {{ keycloak_admin_username }} --password {{ keycloak_admin_password }}'
|
|
# only one node needs to execute this command
|
|
when: ansible_host == groups.keycloak|first
|
|
|
|
- name: Enable keycloak unit
|
|
systemd:
|
|
enabled: yes
|
|
name: keycloak.service
|
|
tags: config
|
|
|
|
- name: Start keycloak
|
|
systemd:
|
|
name: keycloak.service
|
|
state: restarted
|
|
when: systemd_unit.changed or unit_config.changed
|
|
tags: config
|
|
|
|
|