From 3f3669c34c877ad5ad781173129aa53dd76037d5 Mon Sep 17 00:00:00 2001 From: Alexander Gabriel Date: Sun, 6 Jun 2021 22:32:58 +0100 Subject: [PATCH] corrected adding of admin user, permissions, missing module --- tasks/main.yml | 73 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 51 insertions(+), 22 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 9f92c55..77a0dde 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -16,12 +16,18 @@ createhome: yes home: /opt/keycloak +- name: check if keycloak-dir exists + stat: + path: /opt/keycloak/keycloak-13.0.1 + register: keycloak_exists + - name: Extract keycloak-13.0.1.tar.gz to /opt/keycloak unarchive: src: keycloak-13.0.1.tar.gz dest: /opt/keycloak owner: keycloak group: keycloak + when: not keycloak_exists.stat.exists or redeploy is defined - name: link /opt/keycloak/keycloak-13.0.1 to /opt/keycloak/current file: @@ -29,21 +35,6 @@ src: /opt/keycloak/keycloak-13.0.1 dest: /opt/keycloak/current -- name: set permissions correct - file: - dest: /opt/keycloak - owner: keycloak - group: keycloak - recurse: yes - -- name: set permissions correct 2 - file: - dest: /opt/keycloak/current/standalone/deployments - owner: keycloak - group: keycloak - mode: "0644" - recurse: yes - - name: generate /etc/systemd/system/keycloak.service template: src: keycloak.service.j2 @@ -58,9 +49,6 @@ template: src: standalone.xml.j2 dest: /opt/keycloak/current/standalone/configuration/standalone.xml - owner: keycloak - group: keycloak - mode: "0644" notify: - restart keycloak @@ -70,6 +58,14 @@ enabled: yes masked: no +- name: set permissions correct + file: + dest: /opt/keycloak + owner: keycloak + group: keycloak + mode: "0770" + recurse: yes + - name: Flush handlers meta: flush_handlers @@ -84,19 +80,41 @@ - name: Flush handlers meta: flush_handlers +- name: check if /opt/keycloak/current/adminuseradded.txt exists + stat: + path: /opt/keycloak/current/standalone/configuration/keycloak-add-user.json + register: adminuseradded_exists + - name: check if /opt/keycloak/current/standalone/configuration/keycloak-add-user.json exists stat: path: /opt/keycloak/current/standalone/configuration/keycloak-add-user.json - register: file_exists + when: not adminuseradded_exists.stat.exists + register: keycloak_add_user_exists - name: check if user exists shell: "grep username /opt/keycloak/current/standalone/configuration/keycloak-add-user.json | grep admin" register: userexists - when: file_exists.stat.exists + when: not adminuseradded_exists.stat.exists and keycloak_add_user_exists.stat.exists - name: create initial admin user - command: /opt/keycloak/current/bin/add-user-keycloak.sh -u admin -p {{ keycloak_initial_admin_password }} -r master - when: file_exists.stat.exists and userexists.stdout == "" + command: sudo -u keycloak /opt/keycloak/current/bin/add-user-keycloak.sh -u admin -p {{ keycloak_initial_admin_password }} -r master + when: not keycloak_add_user_exists.stat.exists or userexists.stdout == "" + notify: + restart keycloak + +- name: create initial admin user + command: sudo -u keycloak touch /opt/keycloak/current/adminuseradded.txt + when: not keycloak_add_user_exists.stat.exists or userexists.stdout == "" + notify: + restart keycloak + +- name: set permissions correct again + file: + dest: /opt/keycloak + owner: keycloak + group: keycloak + mode: "0770" + recurse: yes - name: enable apache module proxy command: a2enmod proxy @@ -140,6 +158,13 @@ notify: restart apache2 +- name: enable apache module rewrite + command: a2enmod rewrite + args: + creates: /etc/apache2/mods-enabled/rewrite.load + notify: + restart apache2 + - name: install acme.sh include_role: name: acme.sh @@ -166,6 +191,8 @@ owner: root group: root mode: "0644" + notify: + - reload apache2 - name: generate /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf template: @@ -174,6 +201,8 @@ owner: root group: root mode: "0644" + notify: + - reload apache2 - name: activate /etc/apache2/sites-available/{{ inventory_hostname }}.conf file: