--- - name: install stuff apt: name: - default-jre - unzip - apache2 update_cache: yes - name: create user for keycloak user: name: keycloak state: present shell: /bin/false system: yes createhome: yes home: /opt/keycloak - name: check if keycloak-dir exists stat: path: /opt/keycloak/keycloak-13.0.1 register: keycloak_exists - name: Extract keycloak-13.0.1.tar.gz to /opt/keycloak unarchive: src: keycloak-13.0.1.tar.gz dest: /opt/keycloak owner: keycloak group: keycloak when: not keycloak_exists.stat.exists or redeploy is defined - name: link /opt/keycloak/keycloak-13.0.1 to /opt/keycloak/current file: state: link src: /opt/keycloak/keycloak-13.0.1 dest: /opt/keycloak/current - name: generate /etc/systemd/system/keycloak.service template: src: keycloak.service.j2 dest: /etc/systemd/system/keycloak.service owner: root group: root mode: "0644" notify: - reload systemd - name: generate /opt/keycloak/current/standalone/configuration/standalone.xml template: src: standalone.xml.j2 dest: /opt/keycloak/current/standalone/configuration/standalone.xml notify: - restart keycloak - name: enable keycloak systemd: name: keycloak enabled: yes masked: no - name: set permissions correct file: dest: /opt/keycloak owner: keycloak group: keycloak mode: "0770" recurse: yes - name: Flush handlers meta: flush_handlers - name: enable keycloak systemd: name: keycloak enabled: yes masked: no notify: restart keycloak - name: Flush handlers meta: flush_handlers - name: check if /opt/keycloak/current/adminuseradded.txt exists stat: path: /opt/keycloak/current/standalone/configuration/keycloak-add-user.json register: adminuseradded_exists - name: check if /opt/keycloak/current/standalone/configuration/keycloak-add-user.json exists stat: path: /opt/keycloak/current/standalone/configuration/keycloak-add-user.json when: not adminuseradded_exists.stat.exists register: keycloak_add_user_exists - name: check if user exists shell: "grep username /opt/keycloak/current/standalone/configuration/keycloak-add-user.json | grep admin" register: userexists when: not adminuseradded_exists.stat.exists and keycloak_add_user_exists.stat.exists - name: create initial admin user command: sudo -u keycloak /opt/keycloak/current/bin/add-user-keycloak.sh -u admin -p {{ keycloak_initial_admin_password }} -r master when: not keycloak_add_user_exists.stat.exists or userexists.stdout == "" notify: restart keycloak - name: create initial admin user command: sudo -u keycloak touch /opt/keycloak/current/adminuseradded.txt when: not keycloak_add_user_exists.stat.exists or userexists.stdout == "" notify: restart keycloak - name: set permissions correct again file: dest: /opt/keycloak owner: keycloak group: keycloak mode: "0770" recurse: yes - name: enable apache module proxy command: a2enmod proxy args: creates: /etc/apache2/mods-enabled/proxy.load notify: restart apache2 - name: enable apache module proxy_html command: a2enmod proxy_html args: creates: /etc/apache2/mods-enabled/proxy_html.load notify: restart apache2 - name: enable apache module proxy_http command: a2enmod proxy_http args: creates: /etc/apache2/mods-enabled/proxy_http.load notify: restart apache2 - name: enable apache module proxy_http2 command: a2enmod proxy_http2 args: creates: /etc/apache2/mods-enabled/proxy_http2.load notify: restart apache2 - name: enable apache module ssl command: a2enmod ssl args: creates: /etc/apache2/mods-enabled/ssl.load notify: restart apache2 - name: enable apache module headers command: a2enmod headers args: creates: /etc/apache2/mods-enabled/headers.load notify: restart apache2 - name: enable apache module rewrite command: a2enmod rewrite args: creates: /etc/apache2/mods-enabled/rewrite.load notify: restart apache2 - name: install acme.sh include_role: name: acme.sh - name: set amce server url set_fact: acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 1" when: acme_sh_server is defined - name: set amce server url set_fact: acmeshserver: "" when: not acme_sh_server is defined - name: get certificates command: /root/.acme.sh/acme.sh --issue --apache {{ acmeshserver }} -d {{ inventory_hostname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ inventory_hostname }}.key --fullchain-file /etc/ssl/certs/{{ inventory_hostname }}.pem --reloadcmd "service apache2 reload" args: creates: /etc/ssl/private/{{ inventory_hostname }}.key - name: generate /etc/apache2/sites-available/{{ inventory_hostname }}.conf template: src: apache.conf.j2 dest: /etc/apache2/sites-available/{{ inventory_hostname }}.conf owner: root group: root mode: "0644" notify: - reload apache2 - name: generate /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf template: src: apache-ssl.conf.j2 dest: /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf owner: root group: root mode: "0644" notify: - reload apache2 - name: activate /etc/apache2/sites-available/{{ inventory_hostname }}.conf file: state: link src: /etc/apache2/sites-available/{{ inventory_hostname }}.conf dest: /etc/apache2/sites-enabled/{{ inventory_hostname }}.conf notify: - reload apache2 - name: activate /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf file: state: link src: /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf dest: /etc/apache2/sites-enabled/{{ inventory_hostname }}-ssl.conf notify: - reload apache2