You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
281 lines
7.5 KiB
281 lines
7.5 KiB
- name: Prepare the SUT (System Under Test)
|
|
hosts: sut
|
|
tasks:
|
|
- assert:
|
|
that:
|
|
- enable_ldap is defined
|
|
- enable_https is defined
|
|
- database is defined
|
|
- keycloak_env is defined
|
|
- keycloak_instances is defined
|
|
msg: >-
|
|
specify the scenario to provision as extra vars (using -e '@scenarios/foo.yaml')
|
|
|
|
- dnf:
|
|
name:
|
|
- podman
|
|
- podman-plugins
|
|
- openldap-clients
|
|
state: installed
|
|
|
|
- name: Inspect the default network created by podman
|
|
command: podman network inspect podman
|
|
register: podman_network_inspect
|
|
changed_when: false
|
|
|
|
- name: Check if the default network needs to be patched to add the "dnsname" plugin
|
|
set_fact:
|
|
podman_default_network_needs_patch: '{{ "dnsname" not in network_plugins }}'
|
|
vars:
|
|
network_plugins: '{{ podman_network_inspect.stdout | from_json | json_query("[0].plugins[].type") | list }}'
|
|
|
|
- name: Remove the default podman network
|
|
containers.podman.podman_network:
|
|
name: podman
|
|
state: absent
|
|
when: podman_default_network_needs_patch
|
|
|
|
- name: Re-create the default podman network (with the "dnsname" plugin)
|
|
containers.podman.podman_network:
|
|
name: podman
|
|
state: present
|
|
subnet: 10.88.0.0/16
|
|
when: podman_default_network_needs_patch
|
|
|
|
- name: Cleanup containers
|
|
containers.podman.podman_container:
|
|
name: '{{ item }}'
|
|
state: absent
|
|
loop:
|
|
- traefik
|
|
- keycloak-server-1
|
|
- keycloak-server-2
|
|
- postgresql
|
|
- mariadb
|
|
- openldap
|
|
|
|
- stat:
|
|
path: /srv/openldap/data
|
|
register: data
|
|
when: enable_ldap|bool
|
|
|
|
- name: Backup /srv/openldap/data if present
|
|
command:
|
|
cmd: "mv /srv/openldap/data /srv/openldap/data-{{ name }}"
|
|
vars:
|
|
name: "{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}"
|
|
when: enable_ldap|bool and data.stat.exists
|
|
|
|
- name: Re-create /srv/openldap/data
|
|
file:
|
|
path: /srv/openldap/data/{{ item }}
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0777
|
|
when: enable_ldap|bool
|
|
loop:
|
|
- db
|
|
- schema
|
|
- ldif
|
|
|
|
- name: Drop the initial LDIF into /srv/openldap/data/ldif
|
|
template:
|
|
src: files/users.ldif.j2
|
|
dest: /srv/openldap/data/ldif/users.ldif
|
|
owner: root
|
|
group: root
|
|
mode: 0777
|
|
when: enable_ldap|bool
|
|
|
|
- name: Install OpenLDAP
|
|
containers.podman.podman_container:
|
|
name: openldap
|
|
image: '{{ openldap_image }}'
|
|
state: started
|
|
cpuset_cpus: 0,4
|
|
command:
|
|
- --copy-service
|
|
#- --loglevel
|
|
#- debug
|
|
env:
|
|
LDAP_ORGANISATION: Keycloak
|
|
LDAP_DOMAIN: keycloak.org
|
|
LDAP_ADMIN_PASSWORD: keycloak
|
|
volume:
|
|
- '/srv/openldap/data/db:/var/lib/ldap:z'
|
|
- '/srv/openldap/data/schema:/etc/ldap/slapd.d:z'
|
|
- '/srv/openldap/data/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:z'
|
|
when: enable_ldap|bool
|
|
|
|
- stat:
|
|
path: /srv/postgresql/data
|
|
register: data
|
|
when: database == 'postgresql'
|
|
|
|
- name: Backup /srv/postgresql/data if present
|
|
command:
|
|
cmd: "mv /srv/postgresql/data /srv/postgresql/data-{{ name }}"
|
|
vars:
|
|
name: "{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}"
|
|
when: database == 'postgresql' and data.stat.exists
|
|
|
|
- name: Re-create /srv/postgresql/data
|
|
file:
|
|
path: /srv/postgresql/data
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0777
|
|
when: database == 'postgresql'
|
|
|
|
- stat:
|
|
path: /srv/mariadb/data
|
|
register: data
|
|
when: database == 'mariadb'
|
|
|
|
- name: Backup /srv/mariadb/data if present
|
|
command:
|
|
cmd: "mv /srv/mariadb/data /srv/mariadb/data-{{ name }}"
|
|
vars:
|
|
name: "{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}"
|
|
when: database == 'mariadb' and data.stat.exists
|
|
|
|
- name: Re-create /srv/mariadb/data
|
|
file:
|
|
path: /srv/mariadb/data
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0777
|
|
when: database == 'mariadb'
|
|
|
|
- name: Install PostgreSQL (Docker version)
|
|
containers.podman.podman_container:
|
|
name: postgresql
|
|
image: '{{ postgresql_image }}'
|
|
state: started
|
|
memory: 4g
|
|
cpuset_cpus: 3,7
|
|
env:
|
|
POSTGRES_USER: keycloak
|
|
POSTGRES_PASSWORD: keycloak
|
|
POSTGRES_DB: keycloak # Docker version
|
|
volume:
|
|
- '/srv/postgresql/data:/var/lib/postgresql/data:z' # Docker version
|
|
when: >
|
|
database == 'postgresql' and 'docker.io/postgres:' in postgresql_image
|
|
|
|
- name: Install PostgreSQL (SCL version)
|
|
containers.podman.podman_container:
|
|
name: postgresql
|
|
image: '{{ postgresql_image }}'
|
|
state: started
|
|
cpuset_cpus: 3,7
|
|
memory: 4g
|
|
env:
|
|
POSTGRESQL_USER: keycloak
|
|
POSTGRESQL_PASSWORD: keycloak
|
|
POSTGRESQL_DATABASE: keycloak # SCL version
|
|
volume:
|
|
- '/srv/postgresql/data:/var/lib/pgsql/data:z' # SCL version
|
|
when: >
|
|
database == 'postgresql' and postgresql_image |regex_search("(quay.io/centos./postgresql-.*|registry.redhat.io/rhscl/postgresql-.*):")
|
|
|
|
- name: Install MariaDB
|
|
containers.podman.podman_container:
|
|
name: mariadb
|
|
image: '{{ mariadb_image }}'
|
|
state: started
|
|
cpuset_cpus: 3,7
|
|
memory: 4g
|
|
env:
|
|
MYSQL_USER: keycloak
|
|
MYSQL_PASSWORD: keycloak
|
|
MYSQL_DATABASE: keycloak
|
|
volume:
|
|
- '/srv/mariadb/data:/var/lib/mysql/data:z'
|
|
when: >
|
|
database == 'mariadb'
|
|
|
|
- name: Remove /etc/keycloak
|
|
file:
|
|
path: /etc/keycloak
|
|
state: absent
|
|
|
|
- name: Re-create /etc/keycloak
|
|
file:
|
|
path: /etc/keycloak
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: Install Keycloak
|
|
containers.podman.podman_container:
|
|
name: '{{ item.name }}'
|
|
image: '{{ keycloak_image }}'
|
|
state: started
|
|
cpuset_cpus: '{{ item.cpuset }}'
|
|
env: '{{ common_env | combine(db_env) | combine(keycloak_env) }}'
|
|
volume:
|
|
- '/etc/keycloak:/etc/keycloak:z'
|
|
loop: '{{ keycloak_instances }}'
|
|
vars:
|
|
db_env: '{{ postgres_env if database == "postgresql" else mariadb_env }}'
|
|
mariadb_env:
|
|
DB_VENDOR: mariadb
|
|
DB_ADDR: mariadb.dns.podman
|
|
postgres_env:
|
|
DB_VENDOR: postgres
|
|
DB_ADDR: postgresql.dns.podman
|
|
common_env:
|
|
DB_USER: keycloak
|
|
DB_PASSWORD: keycloak
|
|
DB_DATABASE: keycloak
|
|
KEYCLOAK_USER: '{{ keycloak_admin_username }}'
|
|
KEYCLOAK_PASSWORD: '{{ keycloak_admin_password }}'
|
|
PROXY_ADDRESS_FORWARDING: 'true'
|
|
|
|
- name: Remove /etc/traefik
|
|
file:
|
|
path: /etc/traefik
|
|
state: absent
|
|
|
|
- name: Re-create /etc/traefik
|
|
file:
|
|
path: /etc/traefik/conf.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: Install the traefik configuration files
|
|
template:
|
|
src: files/traefik.yaml.j2
|
|
dest: /etc/traefik/traefik.yaml
|
|
|
|
- name: Install the traefik configuration files
|
|
template:
|
|
src: files/keycloak.yaml.j2
|
|
dest: /etc/traefik/conf.d/keycloak.yaml
|
|
|
|
- name: Install Traefik
|
|
containers.podman.podman_container:
|
|
name: traefik
|
|
image: '{{ traefik_image }}'
|
|
state: started
|
|
cpuset_cpus: 0,4
|
|
ports:
|
|
- 80:8080
|
|
volume:
|
|
- '/etc/traefik:/etc/traefik:z'
|
|
|
|
- name: Wait for Keycloak to get ready
|
|
uri:
|
|
url: http://{{ inventory_hostname }}/auth/realms/master/.well-known/openid-configuration
|
|
timeout: 10
|
|
retries: 20
|
|
delay: 5
|
|
register: healthcheck
|
|
until: not healthcheck.failed
|
|
|