112 lines
2.7 KiB
YAML
112 lines
2.7 KiB
YAML
---
|
|
- name: install stuff
|
|
apt:
|
|
name:
|
|
- default-jre
|
|
- unzip
|
|
- apache2
|
|
update_cache: yes
|
|
|
|
##install database
|
|
- name: include role for postgresql
|
|
include_role:
|
|
name: postgresql
|
|
vars:
|
|
postgresql_database: "{{ keycloak_postgresql_database }}"
|
|
postgresql_username: "{{ keycloak_postgresql_username }}"
|
|
postgresql_password: "{{ keycloak_postgresql_password }}"
|
|
|
|
- name: include role for website
|
|
include_role:
|
|
name: website
|
|
vars:
|
|
domainname: "{{ inventory_hostname }}"
|
|
docroot: "/var/www/html"
|
|
optionalDirectives: |
|
|
ProxyPreserveHost On
|
|
SSLProxyEngine On
|
|
SSLProxyCheckPeerCN on
|
|
SSLProxyCheckPeerExpire on
|
|
RequestHeader set X-Forwarded-Proto "https"
|
|
RequestHeader set X-Forwarded-Port "443"
|
|
ProxyPass / http://127.0.0.1:8080/
|
|
ProxyPassReverse / http://127.0.0.1:8080/
|
|
|
|
- name: create user for keycloak
|
|
user:
|
|
name: keycloak
|
|
state: present
|
|
shell: /bin/false
|
|
system: yes
|
|
createhome: yes
|
|
home: /opt/keycloak
|
|
|
|
- name: check if keycloak-dir exists
|
|
stat:
|
|
path: /opt/keycloak/keycloak-{{ keycloak_version }}
|
|
register: keycloak_exists
|
|
|
|
- name: Download keycloak-zip
|
|
ansible.builtin.get_url:
|
|
url: https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip
|
|
dest: /opt/ansiblepackages/keycloak-{{ keycloak_version }}.zip
|
|
mode: '0400'
|
|
|
|
- name: Extract keycloak-{{ keycloak_version }}.zip to /opt/keycloak
|
|
unarchive:
|
|
src: /opt/ansiblepackages/keycloak-{{ keycloak_version }}.zip
|
|
dest: /opt/keycloak
|
|
owner: keycloak
|
|
group: keycloak
|
|
remote_src: yes
|
|
when: not keycloak_exists.stat.exists or redeploy is defined
|
|
|
|
- name: Create a directory if it does not exist
|
|
ansible.builtin.file:
|
|
path: /opt/keycloak/data
|
|
state: directory
|
|
|
|
- name: set permissions correct
|
|
file:
|
|
dest: /opt/keycloak
|
|
owner: keycloak
|
|
group: keycloak
|
|
# mode: "0770"
|
|
recurse: yes
|
|
|
|
- name: link /opt/keycloak/data to /opt/keycloak/keycloak-version/data
|
|
file:
|
|
state: link
|
|
owner: keycloak
|
|
group: keycloak
|
|
mode: '0770'
|
|
src: /opt/keycloak/data
|
|
dest: /opt/keycloak/keycloak-{{ keycloak_version }}/data
|
|
|
|
- name: generate /etc/systemd/system/keycloak.service
|
|
template:
|
|
src: keycloak.service.j2
|
|
dest: /etc/systemd/system/keycloak.service
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify:
|
|
- reload systemd
|
|
- restart keycloak
|
|
|
|
- name: Flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: enable keycloak
|
|
systemd:
|
|
name: keycloak
|
|
enabled: yes
|
|
masked: no
|
|
notify:
|
|
restart keycloak
|
|
|
|
- name: start keycloak
|
|
ansible.builtin.service:
|
|
name: keycloak
|
|
state: started
|