updated keycloak version, symlink to current and new systemd file

2025-05-15 21:21:08 +02:00 · 2025-05-15 21:21:08 +02:00 · 96280e019b
commit 96280e019b
parent 56e1187614
3 changed files with 17 additions and 9 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -5,4 +5,4 @@ keycloak_postgresql_password: keycloak
 keycloak_initial_admin_name: keycloak
 keycloak_initial_admin_password: keycloak
 keycloak_http_host: 127.0.0.1
-keycloak_version: 26.1.0
+keycloak_version: 26.2.4
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -74,6 +74,15 @@
 #    mode: "0770"
    recurse: yes

+- name: link /opt/keycloak-version to /opt/keycloak/current
+  file:
+    state: link
+    owner: keycloak
+    group: keycloak
+    mode: '0770'
+    src: /opt/keycloak/keycloak-{{ keycloak_version }}
+    dest: /opt/keycloak/current
+
 - name: link /opt/keycloak/data to /opt/keycloak/keycloak-version/data
  file:
    state: link
--- a/templates/keycloak.service.j2
+++ b/templates/keycloak.service.j2
@ -6,28 +6,27 @@ Wants=network-online.target systemd-networkd-wait-online.service
 [Service]
 User=keycloak
 Group=keycloak
-ExecStart=/opt/keycloak/keycloak-{{ keycloak_version }}/bin/kc.sh start
-WorkingDirectory=/opt/keycloak/keycloak-{{ keycloak_version }}
+ExecStart=/opt/keycloak/current/bin/kc.sh start
+WorkingDirectory=/opt/keycloak/current
 ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/conf
 ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/data
 ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/lib/quarkus
 SuccessExitStatus=0 143
-
 TimeoutStartSec=600
 TimeoutStopSec=600
 Environment="KC_HTTP_HOST={{ keycloak_http_host }}"
-Environment="KC_HOSTNAME=https://{{ inventory_hostname }}"
+Environment="KC_HTTP_ENABLED=true"
+Environment="KC_HOSTNAME={{ inventory_hostname }}"
 Environment="KC_DB=postgres"
 Environment="KC_DB_USERNAME={{ keycloak_postgresql_username }}"
 Environment="KC_DB_PASSWORD={{ keycloak_postgresql_password }}"
 Environment="KC_DB_URL_DATABASE={{ keycloak_postgresql_database }}"
 Environment="KC_DB_URL_HOST=localhost"
-#Environment="KC_HTTP_RELATIVE_PATH=auth"
-Environment="KC_HTTP_ENABLED=true"
-Environment="KC_PROXY_HEADERS=forwarded"
 Environment="KEYCLOAK_ADMIN={{ keycloak_initial_admin_name }}"
 Environment="KEYCLOAK_ADMIN_PASSWORD={{ keycloak_initial_admin_password }}"
-Environment="KC_PROXY_TRUSTED_ADDRESSES=127.0.0.0/8"
+Environment="KC_PROXY=edge"
+Environment="KC_PROXY_HEADERS=xforwarded"
+Environment="KC_PROXY_TRUSTED_ADDRESSES=127.0.0.1"

 # Hardening options
 CapabilityBoundingSet=