DigitalInfinity/ansible-role-keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e0d2780857
ansible-role-keycloak/tasks/main.yml

223 lines
5.7 KiB
YAML
Raw Blame History

---
- name: install stuff
apt:
name:
- default-jre
- unzip
- apache2
update_cache: yes
- name: create user for keycloak
user:
name: keycloak
state: present
shell: /bin/false
system: yes
createhome: yes
home: /opt/keycloak
- name: check if keycloak-dir exists
stat:
path: /opt/keycloak/keycloak-13.0.1
register: keycloak_exists
- name: Extract keycloak-13.0.1.tar.gz to /opt/keycloak
unarchive:
src: keycloak-13.0.1.tar.gz
dest: /opt/keycloak
owner: keycloak
group: keycloak
when: not keycloak_exists.stat.exists or redeploy is defined
- name: link /opt/keycloak/keycloak-13.0.1 to /opt/keycloak/current
file:
state: link
src: /opt/keycloak/keycloak-13.0.1
dest: /opt/keycloak/current
- name: generate /etc/systemd/system/keycloak.service
template:
src: keycloak.service.j2
dest: /etc/systemd/system/keycloak.service
owner: root
group: root
mode: "0644"
notify:
- reload systemd
- name: generate /opt/keycloak/current/standalone/configuration/standalone.xml
template:
src: standalone.xml.j2
dest: /opt/keycloak/current/standalone/configuration/standalone.xml
notify:
- restart keycloak
- name: enable keycloak
systemd:
name: keycloak
enabled: yes
masked: no
- name: set permissions correct
file:
dest: /opt/keycloak
owner: keycloak
group: keycloak
mode: "0770"
recurse: yes
- name: Flush handlers
meta: flush_handlers
- name: enable keycloak
systemd:
name: keycloak
enabled: yes
masked: no
notify:
restart keycloak
- name: Flush handlers
meta: flush_handlers
- name: check if /opt/keycloak/current/adminuseradded.txt exists
stat:
path: /opt/keycloak/current/standalone/configuration/keycloak-add-user.json
register: adminuseradded_exists
- name: check if /opt/keycloak/current/standalone/configuration/keycloak-add-user.json exists
stat:
path: /opt/keycloak/current/standalone/configuration/keycloak-add-user.json
when: not adminuseradded_exists.stat.exists
register: keycloak_add_user_exists
- name: check if user exists
shell: "grep username /opt/keycloak/current/standalone/configuration/keycloak-add-user.json | grep admin"
register: userexists
when: not adminuseradded_exists.stat.exists and keycloak_add_user_exists.stat.exists
- name: create initial admin user
command: sudo -u keycloak /opt/keycloak/current/bin/add-user-keycloak.sh -u admin -p {{ keycloak_initial_admin_password }} -r master
when: not keycloak_add_user_exists.stat.exists or userexists.stdout == ""
notify:
restart keycloak
- name: create initial admin user
command: sudo -u keycloak touch /opt/keycloak/current/adminuseradded.txt
when: not keycloak_add_user_exists.stat.exists or userexists.stdout == ""
notify:
restart keycloak
- name: set permissions correct again
file:
dest: /opt/keycloak
owner: keycloak
group: keycloak
mode: "0770"
recurse: yes
- name: enable apache module proxy
command: a2enmod proxy
args:
creates: /etc/apache2/mods-enabled/proxy.load
notify:
restart apache2
- name: enable apache module proxy_html
command: a2enmod proxy_html
args:
creates: /etc/apache2/mods-enabled/proxy_html.load
notify:
restart apache2
- name: enable apache module proxy_http
command: a2enmod proxy_http
args:
creates: /etc/apache2/mods-enabled/proxy_http.load
notify:
restart apache2
- name: enable apache module proxy_http2
command: a2enmod proxy_http2
args:
creates: /etc/apache2/mods-enabled/proxy_http2.load
notify:
restart apache2
- name: enable apache module ssl
command: a2enmod ssl
args:
creates: /etc/apache2/mods-enabled/ssl.load
notify:
restart apache2
- name: enable apache module headers
command: a2enmod headers
args:
creates: /etc/apache2/mods-enabled/headers.load
notify:
restart apache2
- name: enable apache module rewrite
command: a2enmod rewrite
args:
creates: /etc/apache2/mods-enabled/rewrite.load
notify:
restart apache2
- name: install acme.sh
include_role:
name: acmesh
- name: set amce server url
set_fact:
acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 1"
when: acme_sh_server is defined
- name: set amce server url
set_fact:
acmeshserver: ""
when: not acme_sh_server is defined
- name: get certificates
command: /root/.acme.sh/acme.sh --issue --apache {{ acmeshserver }} -d {{ inventory_hostname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ inventory_hostname }}.key --fullchain-file /etc/ssl/certs/{{ inventory_hostname }}.pem --reloadcmd "service apache2 reload"
args:
creates: /etc/ssl/private/{{ inventory_hostname }}.key
- name: generate /etc/apache2/sites-available/{{ inventory_hostname }}.conf
template:
src: apache.conf.j2
dest: /etc/apache2/sites-available/{{ inventory_hostname }}.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: generate /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf
template:
src: apache-ssl.conf.j2
dest: /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: activate /etc/apache2/sites-available/{{ inventory_hostname }}.conf
file:
state: link
src: /etc/apache2/sites-available/{{ inventory_hostname }}.conf
dest: /etc/apache2/sites-enabled/{{ inventory_hostname }}.conf
notify:
- reload apache2
- name: activate /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf
file:
state: link
src: /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf
dest: /etc/apache2/sites-enabled/{{ inventory_hostname }}-ssl.conf
notify:
- reload apache2
Reference in New Issue View Git Blame Copy Permalink