201 lines
4.7 KiB
YAML
201 lines
4.7 KiB
YAML
|
---
|
||
|
- name: install stuff
|
||
|
apt:
|
||
|
name:
|
||
|
- default-jre
|
||
|
- unzip
|
||
|
- apache2
|
||
|
update_cache: yes
|
||
|
|
||
|
##install database
|
||
|
- name: include role for postgresql
|
||
|
include_role:
|
||
|
name: postgresql
|
||
|
vars:
|
||
|
postgresql_database: "{{ keycloak_postgresql_database }}"
|
||
|
postgresql_username: "{{ keycloak_postgresql_username }}"
|
||
|
postgresql_password: "{{ keycloak_postgresql_password }}"
|
||
|
|
||
|
- name: include role for website
|
||
|
include_role:
|
||
|
name: website
|
||
|
vars:
|
||
|
domainname: "{{ inventory_hostname }}"
|
||
|
docroot: "/var/www/html"
|
||
|
optionalDirectives: |
|
||
|
ProxyPreserveHost On
|
||
|
SSLProxyEngine On
|
||
|
SSLProxyCheckPeerCN on
|
||
|
SSLProxyCheckPeerExpire on
|
||
|
RequestHeader set X-Forwarded-Proto "https"
|
||
|
RequestHeader set X-Forwarded-Port "443"
|
||
|
ProxyPass / http://127.0.0.1:8080/
|
||
|
ProxyPassReverse / http://127.0.0.1:8080/
|
||
|
|
||
|
- name: create user for keycloak
|
||
|
user:
|
||
|
name: keycloak
|
||
|
state: present
|
||
|
shell: /bin/false
|
||
|
system: yes
|
||
|
createhome: yes
|
||
|
home: /opt/keycloak
|
||
|
|
||
|
- name: check if keycloak-dir exists
|
||
|
stat:
|
||
|
path: /opt/keycloak/keycloak-21.0.1
|
||
|
register: keycloak_exists
|
||
|
|
||
|
- name: Download keycloak-zip
|
||
|
ansible.builtin.get_url:
|
||
|
url: https://github.com/keycloak/keycloak/releases/download/21.1.1/keycloak-21.1.1.zip
|
||
|
dest: /opt/ansiblepackages/keycloak-21.1.1.zip
|
||
|
mode: '0400'
|
||
|
|
||
|
- name: Extract keycloak-211.1.zip to /opt/keycloak
|
||
|
unarchive:
|
||
|
src: /opt/ansiblepackages/keycloak-21.1.1.zip
|
||
|
dest: /opt/keycloak
|
||
|
owner: keycloak
|
||
|
group: keycloak
|
||
|
remote_src: yes
|
||
|
when: not keycloak_exists.stat.exists or redeploy is defined
|
||
|
|
||
|
- name: link /opt/keycloak/keycloak-21.1.1 to /opt/keycloak/current
|
||
|
file:
|
||
|
state: link
|
||
|
owner: keycloak
|
||
|
group: keycloak
|
||
|
mode: '0770'
|
||
|
src: /opt/keycloak/keycloak-21.1.1
|
||
|
dest: /opt/keycloak/current
|
||
|
|
||
|
##build once
|
||
|
- name: check if /opt/keycloak/current/builtonce.txt exists
|
||
|
stat:
|
||
|
path: /opt/keycloak/current/builtonce.txt
|
||
|
register: builtonce_exists
|
||
|
|
||
|
- name: build keycloak
|
||
|
command: sudo -u keycloak /opt/keycloak/current/bin/kc.sh build --db=postgres
|
||
|
when: not builtonce_exists.stat.exists
|
||
|
|
||
|
- name: create file to track build
|
||
|
ansible.builtin.file:
|
||
|
path: /opt/keycloak/current/builtonce.txt
|
||
|
owner: keycloak
|
||
|
group: keycloak
|
||
|
mode: '0770'
|
||
|
state: touch
|
||
|
when: not builtonce_exists.stat.exists
|
||
|
|
||
|
- name: set permissions correct
|
||
|
file:
|
||
|
dest: /opt/keycloak
|
||
|
owner: keycloak
|
||
|
group: keycloak
|
||
|
# mode: "0770"
|
||
|
recurse: yes
|
||
|
|
||
|
- name: generate /etc/systemd/system/keycloak.service
|
||
|
template:
|
||
|
src: keycloak.service.j2
|
||
|
dest: /etc/systemd/system/keycloak.service
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: "0644"
|
||
|
notify:
|
||
|
- reload systemd
|
||
|
|
||
|
- name: Flush handlers
|
||
|
meta: flush_handlers
|
||
|
|
||
|
- name: enable keycloak
|
||
|
systemd:
|
||
|
name: keycloak
|
||
|
enabled: yes
|
||
|
masked: no
|
||
|
notify:
|
||
|
restart keycloak
|
||
|
|
||
|
- name: Flush handlers
|
||
|
meta: flush_handlers
|
||
|
|
||
|
##add admin user once
|
||
|
- name: check if /opt/keycloak/current/adminuseradded.txt exists
|
||
|
stat:
|
||
|
path: /opt/keycloak/current/adminuseradded.txt
|
||
|
register: adminuseradded_exists
|
||
|
|
||
|
- name: stop keycloak
|
||
|
ansible.builtin.service:
|
||
|
name: keycloak
|
||
|
state: stopped
|
||
|
when: not adminuseradded_exists.stat.exists
|
||
|
|
||
|
- name: generate /etc/systemd/system/keycloak.service
|
||
|
template:
|
||
|
src: keycloak.service_init.j2
|
||
|
dest: /etc/systemd/system/keycloak.service
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: "0644"
|
||
|
when: not adminuseradded_exists.stat.exists
|
||
|
notify:
|
||
|
- reload systemd
|
||
|
|
||
|
- name: Flush handlers
|
||
|
meta: flush_handlers
|
||
|
|
||
|
- name: start keycloak
|
||
|
ansible.builtin.service:
|
||
|
name: keycloak
|
||
|
state: started
|
||
|
when: not adminuseradded_exists.stat.exists
|
||
|
|
||
|
- name: Sleep 120 seconds
|
||
|
ansible.builtin.wait_for:
|
||
|
timeout: 120
|
||
|
delegate_to: localhost
|
||
|
when: not adminuseradded_exists.stat.exists
|
||
|
|
||
|
- name: stop keycloak
|
||
|
ansible.builtin.service:
|
||
|
name: keycloak
|
||
|
state: stopped
|
||
|
when: not adminuseradded_exists.stat.exists
|
||
|
|
||
|
- name: generate /etc/systemd/system/keycloak.service
|
||
|
template:
|
||
|
src: keycloak.service.j2
|
||
|
dest: /etc/systemd/system/keycloak.service
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: "0644"
|
||
|
when: not adminuseradded_exists.stat.exists
|
||
|
notify:
|
||
|
- reload systemd
|
||
|
|
||
|
- name: Flush handlers
|
||
|
meta: flush_handlers
|
||
|
|
||
|
- name: start keycloak
|
||
|
ansible.builtin.service:
|
||
|
name: keycloak
|
||
|
state: started
|
||
|
when: not adminuseradded_exists.stat.exists
|
||
|
|
||
|
- name: create file to track user creation
|
||
|
ansible.builtin.file:
|
||
|
path: /opt/keycloak/current/adminuseradded.txt
|
||
|
owner: keycloak
|
||
|
group: keycloak
|
||
|
mode: '0770'
|
||
|
state: touch
|
||
|
when: not adminuseradded_exists.stat.exists
|
||
|
|
||
|
- name: start keycloak
|
||
|
ansible.builtin.service:
|
||
|
name: keycloak
|
||
|
state: started
|