DigitalInfinity/ansible-role-keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated keycloak version, symlink to current and new systemd file

Browse Source
This commit is contained in:
Alexander Gabriel 2025-05-15 21:21:08 +02:00
parent 56e1187614
commit 96280e019b
3 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -5,4 +5,4 @@ keycloak_postgresql_password: keycloak
keycloak_initial_admin_name: keycloak keycloak_initial_admin_name: keycloak
keycloak_initial_admin_password: keycloak keycloak_initial_admin_password: keycloak
keycloak_http_host: 127.0.0.1 keycloak_http_host: 127.0.0.1
keycloak_version: 26.1.0 keycloak_version: 26.2.4

9
tasks/main.yml
View File

@ -74,6 +74,15 @@
# mode: "0770" # mode: "0770"
recurse: yes recurse: yes
- name: link /opt/keycloak-version to /opt/keycloak/current
file:
state: link
owner: keycloak
group: keycloak
mode: '0770'
src: /opt/keycloak/keycloak-{{ keycloak_version }}
dest: /opt/keycloak/current
- name: link /opt/keycloak/data to /opt/keycloak/keycloak-version/data - name: link /opt/keycloak/data to /opt/keycloak/keycloak-version/data
file: file:
state: link state: link

15
templates/keycloak.service.j2
View File

@ -6,28 +6,27 @@ Wants=network-online.target systemd-networkd-wait-online.service
[Service] [Service]
User=keycloak User=keycloak
Group=keycloak Group=keycloak
ExecStart=/opt/keycloak/keycloak-{{ keycloak_version }}/bin/kc.sh start ExecStart=/opt/keycloak/current/bin/kc.sh start
WorkingDirectory=/opt/keycloak/keycloak-{{ keycloak_version }} WorkingDirectory=/opt/keycloak/current
ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/conf ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/conf
ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/data ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/data
ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/lib/quarkus ReadWritePaths=/opt/keycloak/keycloak-{{ keycloak_version }}/lib/quarkus
SuccessExitStatus=0 143 SuccessExitStatus=0 143
TimeoutStartSec=600 TimeoutStartSec=600
TimeoutStopSec=600 TimeoutStopSec=600
Environment="KC_HTTP_HOST={{ keycloak_http_host }}" Environment="KC_HTTP_HOST={{ keycloak_http_host }}"
Environment="KC_HOSTNAME=https://{{ inventory_hostname }}" Environment="KC_HTTP_ENABLED=true"
Environment="KC_HOSTNAME={{ inventory_hostname }}"
Environment="KC_DB=postgres" Environment="KC_DB=postgres"
Environment="KC_DB_USERNAME={{ keycloak_postgresql_username }}" Environment="KC_DB_USERNAME={{ keycloak_postgresql_username }}"
Environment="KC_DB_PASSWORD={{ keycloak_postgresql_password }}" Environment="KC_DB_PASSWORD={{ keycloak_postgresql_password }}"
Environment="KC_DB_URL_DATABASE={{ keycloak_postgresql_database }}" Environment="KC_DB_URL_DATABASE={{ keycloak_postgresql_database }}"
Environment="KC_DB_URL_HOST=localhost" Environment="KC_DB_URL_HOST=localhost"
#Environment="KC_HTTP_RELATIVE_PATH=auth"
Environment="KC_HTTP_ENABLED=true"
Environment="KC_PROXY_HEADERS=forwarded"
Environment="KEYCLOAK_ADMIN={{ keycloak_initial_admin_name }}" Environment="KEYCLOAK_ADMIN={{ keycloak_initial_admin_name }}"
Environment="KEYCLOAK_ADMIN_PASSWORD={{ keycloak_initial_admin_password }}" Environment="KEYCLOAK_ADMIN_PASSWORD={{ keycloak_initial_admin_password }}"
Environment="KC_PROXY_TRUSTED_ADDRESSES=127.0.0.0/8" Environment="KC_PROXY=edge"
Environment="KC_PROXY_HEADERS=xforwarded"
Environment="KC_PROXY_TRUSTED_ADDRESSES=127.0.0.1"
# Hardening options # Hardening options
CapabilityBoundingSet= CapabilityBoundingSet=