commit
752e580123
11 changed files with 355 additions and 0 deletions
@ -0,0 +1 @@ |
|||||
|
inventory |
||||
@ -0,0 +1,13 @@ |
|||||
|
http: |
||||
|
routers: |
||||
|
keycloak: |
||||
|
rule: PathPrefix(`/auth`) |
||||
|
entryPoints: |
||||
|
- http |
||||
|
service: "keycloak" |
||||
|
services: |
||||
|
keycloak: |
||||
|
loadBalancer: |
||||
|
servers: |
||||
|
- url: "http://keycloak-server-1.dns.podman:8080" |
||||
|
- url: "http://keycloak-server-2.dns.podman:8080" |
||||
@ -0,0 +1,13 @@ |
|||||
|
log: |
||||
|
level: "INFO" |
||||
|
|
||||
|
accesslog: true |
||||
|
|
||||
|
providers: |
||||
|
file: |
||||
|
directory: /etc/traefik/conf.d/ |
||||
|
watch: true |
||||
|
|
||||
|
entryPoints: |
||||
|
http: |
||||
|
address: ":8080" |
||||
@ -0,0 +1,20 @@ |
|||||
|
dn: ou=users,dc=keycloak,dc=org |
||||
|
objectclass: top |
||||
|
objectclass: organizationalUnit |
||||
|
ou: users |
||||
|
|
||||
|
{% for i in range(openldap_users_count) %} |
||||
|
{% set id = "%06d" |format(i) %} |
||||
|
dn: uid=user_{{ id }},ou=users,dc=keycloak,dc=org |
||||
|
objectclass: top |
||||
|
objectclass: person |
||||
|
objectclass: organizationalPerson |
||||
|
objectclass: inetOrgPerson |
||||
|
uid: user_{{ id }} |
||||
|
cn: User {{ id }} |
||||
|
sn: {{ id }} |
||||
|
givenName: User |
||||
|
mail: user_{{ id }}@nowhere.test |
||||
|
userPassword: user_{{ id }} |
||||
|
|
||||
|
{% endfor %} |
||||
@ -0,0 +1,9 @@ |
|||||
|
keycloak_admin_username: admin |
||||
|
keycloak_admin_password: admin |
||||
|
traefik_image: docker.io/traefik:v2.3.4 |
||||
|
keycloak_image: docker.io/jboss/keycloak:11.0.3 |
||||
|
postgresql_image: quay.io/centos7/postgresql-10-centos7:latest |
||||
|
#postgresql_image: docker.io/postgres:11.5-alpine |
||||
|
mariadb_image: quay.io/centos7/mariadb-103-centos7:latest |
||||
|
openldap_image: osixia/openldap:1.4.0 |
||||
|
|
||||
@ -0,0 +1,2 @@ |
|||||
|
[sut] |
||||
|
hp-microserver.itix.fr ansible_become=yes ansible_user=nicolas |
||||
@ -0,0 +1,283 @@ |
|||||
|
- name: Prepare the SUT (System Under Test) |
||||
|
hosts: sut |
||||
|
tasks: |
||||
|
- assert: |
||||
|
that: |
||||
|
- enable_ldap is defined |
||||
|
- enable_https is defined |
||||
|
- database is defined |
||||
|
msg: >- |
||||
|
specify the scenario to provision as extra vars (using -e '@scenarios/foo.yaml') |
||||
|
|
||||
|
- dnf: |
||||
|
name: |
||||
|
- podman |
||||
|
- podman-plugins |
||||
|
- openldap-clients |
||||
|
state: installed |
||||
|
|
||||
|
- name: Inspect the default network created by podman |
||||
|
command: podman network inspect podman |
||||
|
register: podman_network_inspect |
||||
|
changed_when: false |
||||
|
|
||||
|
- name: Check if the default network needs to be patched to add the "dnsname" plugin |
||||
|
set_fact: |
||||
|
podman_default_network_needs_patch: '{{ "dnsname" not in network_plugins }}' |
||||
|
vars: |
||||
|
network_plugins: '{{ podman_network_inspect.stdout | from_json | json_query("[0].plugins[].type") | list }}' |
||||
|
|
||||
|
- name: Remove the default podman network |
||||
|
containers.podman.podman_network: |
||||
|
name: podman |
||||
|
state: absent |
||||
|
when: podman_default_network_needs_patch |
||||
|
|
||||
|
- name: Re-create the default podman network (with the "dnsname" plugin) |
||||
|
containers.podman.podman_network: |
||||
|
name: podman |
||||
|
state: present |
||||
|
subnet: 10.88.0.0/16 |
||||
|
when: podman_default_network_needs_patch |
||||
|
|
||||
|
- name: Cleanup containers |
||||
|
containers.podman.podman_container: |
||||
|
name: '{{ item }}' |
||||
|
state: absent |
||||
|
loop: |
||||
|
- traefik |
||||
|
- keycloak-server-1 |
||||
|
- keycloak-server-2 |
||||
|
- postgresql |
||||
|
- mariadb |
||||
|
- openldap |
||||
|
|
||||
|
- stat: |
||||
|
path: /srv/openldap/data |
||||
|
register: data |
||||
|
when: enable_ldap|bool |
||||
|
|
||||
|
- name: Backup /srv/openldap/data if present |
||||
|
command: |
||||
|
cmd: "mv /srv/openldap/data /srv/openldap/data-{{ name }}" |
||||
|
vars: |
||||
|
name: "{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}" |
||||
|
when: enable_ldap|bool and data.stat.exists |
||||
|
|
||||
|
- name: Re-create /srv/openldap/data |
||||
|
file: |
||||
|
path: /srv/openldap/data/{{ item }} |
||||
|
state: directory |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: 0777 |
||||
|
when: enable_ldap|bool |
||||
|
loop: |
||||
|
- db |
||||
|
- schema |
||||
|
- ldif |
||||
|
|
||||
|
- name: Drop the initial LDIF into /srv/openldap/data/ldif |
||||
|
template: |
||||
|
src: files/users.ldif.j2 |
||||
|
dest: /srv/openldap/data/ldif/users.ldif |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: 0777 |
||||
|
when: enable_ldap|bool |
||||
|
|
||||
|
- name: Install OpenLDAP |
||||
|
containers.podman.podman_container: |
||||
|
name: openldap |
||||
|
image: '{{ openldap_image }}' |
||||
|
state: started |
||||
|
cpuset_cpus: 0,4 |
||||
|
command: |
||||
|
- --copy-service |
||||
|
#- --loglevel |
||||
|
#- debug |
||||
|
env: |
||||
|
LDAP_ORGANISATION: Keycloak |
||||
|
LDAP_DOMAIN: keycloak.org |
||||
|
LDAP_ADMIN_PASSWORD: keycloak |
||||
|
volume: |
||||
|
- '/srv/openldap/data/db:/var/lib/ldap:z' |
||||
|
- '/srv/openldap/data/schema:/etc/ldap/slapd.d:z' |
||||
|
- '/srv/openldap/data/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:z' |
||||
|
when: enable_ldap|bool |
||||
|
|
||||
|
- stat: |
||||
|
path: /srv/postgresql/data |
||||
|
register: data |
||||
|
when: database == 'postgresql' |
||||
|
|
||||
|
- name: Backup /srv/postgresql/data if present |
||||
|
command: |
||||
|
cmd: "mv /srv/postgresql/data /srv/postgresql/data-{{ name }}" |
||||
|
vars: |
||||
|
name: "{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}" |
||||
|
when: database == 'postgresql' and data.stat.exists |
||||
|
|
||||
|
- name: Re-create /srv/postgresql/data |
||||
|
file: |
||||
|
path: /srv/postgresql/data |
||||
|
state: directory |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: 0777 |
||||
|
when: database == 'postgresql' |
||||
|
|
||||
|
- stat: |
||||
|
path: /srv/mariadb/data |
||||
|
register: data |
||||
|
when: database == 'mariadb' |
||||
|
|
||||
|
- name: Backup /srv/mariadb/data if present |
||||
|
command: |
||||
|
cmd: "mv /srv/mariadb/data /srv/mariadb/data-{{ name }}" |
||||
|
vars: |
||||
|
name: "{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}" |
||||
|
when: database == 'mariadb' and data.stat.exists |
||||
|
|
||||
|
- name: Re-create /srv/mariadb/data |
||||
|
file: |
||||
|
path: /srv/mariadb/data |
||||
|
state: directory |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: 0777 |
||||
|
when: database == 'mariadb' |
||||
|
|
||||
|
- name: Install PostgreSQL (Docker version) |
||||
|
containers.podman.podman_container: |
||||
|
name: postgresql |
||||
|
image: '{{ postgresql_image }}' |
||||
|
state: started |
||||
|
memory: 4g |
||||
|
cpuset_cpus: 3,7 |
||||
|
env: |
||||
|
POSTGRES_USER: keycloak |
||||
|
POSTGRES_PASSWORD: keycloak |
||||
|
POSTGRES_DB: keycloak # Docker version |
||||
|
volume: |
||||
|
- '/srv/postgresql/data:/var/lib/postgresql/data:z' # Docker version |
||||
|
when: > |
||||
|
database == 'postgresql' and 'docker.io/postgres:' in postgresql_image |
||||
|
|
||||
|
- name: Install PostgreSQL (SCL version) |
||||
|
containers.podman.podman_container: |
||||
|
name: postgresql |
||||
|
image: '{{ postgresql_image }}' |
||||
|
state: started |
||||
|
cpuset_cpus: 3,7 |
||||
|
memory: 4g |
||||
|
env: |
||||
|
POSTGRESQL_USER: keycloak |
||||
|
POSTGRESQL_PASSWORD: keycloak |
||||
|
POSTGRESQL_DATABASE: keycloak # SCL version |
||||
|
volume: |
||||
|
- '/srv/postgresql/data:/var/lib/pgsql/data:z' # SCL version |
||||
|
when: > |
||||
|
database == 'postgresql' and postgresql_image |regex_search("quay.io/centos./postgresql-.*:") |
||||
|
|
||||
|
- name: Install MariaDB |
||||
|
containers.podman.podman_container: |
||||
|
name: mariadb |
||||
|
image: '{{ mariadb_image }}' |
||||
|
state: started |
||||
|
cpuset_cpus: 3,7 |
||||
|
memory: 4g |
||||
|
env: |
||||
|
MYSQL_USER: keycloak |
||||
|
MYSQL_PASSWORD: keycloak |
||||
|
MYSQL_DATABASE: keycloak |
||||
|
volume: |
||||
|
- '/srv/mariadb/data:/var/lib/mysql/data:z' |
||||
|
when: > |
||||
|
database == 'mariadb' |
||||
|
|
||||
|
- name: Remove /etc/keycloak |
||||
|
file: |
||||
|
path: /etc/keycloak |
||||
|
state: absent |
||||
|
|
||||
|
- name: Re-create /etc/keycloak |
||||
|
file: |
||||
|
path: /etc/keycloak |
||||
|
state: directory |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: 0755 |
||||
|
|
||||
|
- name: Install Keycloak |
||||
|
containers.podman.podman_container: |
||||
|
name: '{{ item.name }}' |
||||
|
image: '{{ keycloak_image }}' |
||||
|
state: started |
||||
|
cpuset_cpus: '{{ item.cpuset }}' |
||||
|
env: '{{ common_env | combine(db_env) }}' |
||||
|
volume: |
||||
|
- '/etc/keycloak:/etc/keycloak:z' |
||||
|
loop: |
||||
|
- name: keycloak-server-1 |
||||
|
cpuset: 1,5 |
||||
|
- name: keycloak-server-2 |
||||
|
cpuset: 2,6 |
||||
|
vars: |
||||
|
db_env: '{{ postgres_env if database == "postgresql" else mariadb_env }}' |
||||
|
mariadb_env: |
||||
|
DB_VENDOR: mariadb |
||||
|
DB_ADDR: mariadb.dns.podman |
||||
|
postgres_env: |
||||
|
DB_VENDOR: postgres |
||||
|
DB_ADDR: postgresql.dns.podman |
||||
|
common_env: |
||||
|
DB_USER: keycloak |
||||
|
DB_PASSWORD: keycloak |
||||
|
DB_DATABASE: keycloak |
||||
|
KEYCLOAK_USER: '{{ keycloak_admin_username }}' |
||||
|
KEYCLOAK_PASSWORD: '{{ keycloak_admin_password }}' |
||||
|
PROXY_ADDRESS_FORWARDING: 'true' |
||||
|
|
||||
|
- name: Remove /etc/traefik |
||||
|
file: |
||||
|
path: /etc/traefik |
||||
|
state: absent |
||||
|
|
||||
|
- name: Re-create /etc/traefik |
||||
|
file: |
||||
|
path: /etc/traefik/conf.d |
||||
|
state: directory |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: 0755 |
||||
|
|
||||
|
- name: Install the traefik configuration files |
||||
|
template: |
||||
|
src: files/traefik.yaml.j2 |
||||
|
dest: /etc/traefik/traefik.yaml |
||||
|
|
||||
|
- name: Install the traefik configuration files |
||||
|
template: |
||||
|
src: files/keycloak.yaml.j2 |
||||
|
dest: /etc/traefik/conf.d/keycloak.yaml |
||||
|
|
||||
|
- name: Install Traefik |
||||
|
containers.podman.podman_container: |
||||
|
name: traefik |
||||
|
image: '{{ traefik_image }}' |
||||
|
state: started |
||||
|
cpuset_cpus: 0,4 |
||||
|
ports: |
||||
|
- 80:8080 |
||||
|
volume: |
||||
|
- '/etc/traefik:/etc/traefik:z' |
||||
|
|
||||
|
- name: Wait for Keycloak to get ready |
||||
|
uri: |
||||
|
url: http://{{ inventory_hostname }}/auth/realms/master/.well-known/openid-configuration |
||||
|
timeout: 10 |
||||
|
retries: 20 |
||||
|
delay: 5 |
||||
|
register: healthcheck |
||||
|
until: not healthcheck.failed |
||||
@ -0,0 +1,4 @@ |
|||||
|
collections: |
||||
|
- name: containers.podman |
||||
|
version: '>=1.4.1' # 1.4.1 is the minimum when working with podman 2.2 |
||||
|
- name: community.general |
||||
@ -0,0 +1,3 @@ |
|||||
|
enable_https: no |
||||
|
enable_ldap: no |
||||
|
database: postgresql |
||||
@ -0,0 +1,4 @@ |
|||||
|
enable_https: no |
||||
|
enable_ldap: yes |
||||
|
database: postgresql |
||||
|
openldap_users_count: 1000000 |
||||
@ -0,0 +1,3 @@ |
|||||
|
enable_https: no |
||||
|
enable_ldap: no |
||||
|
database: mariadb |
||||
Loading…
Reference in new issue