ISTI-ansible-roles
/
ansible-role-keycloak
5
0
Fork 2
Code Issues Pull Requests Releases Wiki Activity

Install jcliff. New path for the data dir.

This commit is contained in:
Andrea Dell'Amico 2021-02-15 19:58:53 +01:00
parent 962d629a41
commit a7dea7d87e
11 changed files with 155 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
defaults/main.yml
View File

@ -2,10 +2,16 @@
keycloak_major_version: '10' keycloak_major_version: '10'
keycloak_minor_version: '0' keycloak_minor_version: '0'
keycloak_point_version: '2' keycloak_point_version: '2'
keycloak_install_dir: '/opt/keycloak'
keycloak_log_directory: '/var/log/keycloak'
# domain clustered mode is not supported at this time
keycloak_wildfly_mode: 'standalone' keycloak_wildfly_mode: 'standalone'
keycloak_install_dir: '/opt/keycloak'
keycloak_properties_directory: '/opt/keycloak/properties'
keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}'
keycloak_data_directory: '/opt/keycloak_data'
keycloak_log_directory: '/var/log/keycloak'
keycloak_startup_properties:
- { name: 'jboss.server.data.dir', value: '{{ keycloak_data_directory }}' }
- { name: 'jboss.server.log.dir', value: '{{ keycloak_log_directory }}' }
# domain clustered mode is not supported at this time
keycloak_wildfly_clustered: False keycloak_wildfly_clustered: False
keycloak_wildfly_cluster_node_name: '{{ ansible_hostname }}' keycloak_wildfly_cluster_node_name: '{{ ansible_hostname }}'
keycloak_wildfly_cluster_private_bind_address: '{{ ansible_default_ipv4.address }}' keycloak_wildfly_cluster_private_bind_address: '{{ ansible_default_ipv4.address }}'
@ -37,3 +43,5 @@ keycloak_admin_user: kadmin
#keycloak_admin_password: 'define it into a vault file' #keycloak_admin_password: 'define it into a vault file'
keycloak_behind_reverse_proxy: True keycloak_behind_reverse_proxy: True
keycloak_jcliff_version: '2.12.7'

3
handlers/main.yml
View File

@ -1,3 +1,4 @@
--- ---
- name: Restart Keycloak - name: Restart Keycloak
service: name=keycloak state=restarted #service: name=keycloak state=restarted
shell: exit 0

3
meta/main.yml
View File

@ -23,6 +23,7 @@ galaxy_info:
galaxy_tags: galaxy_tags:
- users - users
- oidc
dependencies: dependencies:
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-openjdk.git - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-openjdk.git
@ -30,3 +31,5 @@ dependencies:
name: openjdk name: openjdk
state: latest state: latest
collections:
- wildfly.jcliff

18
tasks/keycloak-configuration.yml Normal file
View File

@ -0,0 +1,18 @@
---
- name: Manage the keycloak configuration
block:
- name: Install the standalone configuration files
template: src={{ item }}.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/standalone/configuration/{{ item }} owner=root group={{ keycloak_user }} mode='0440'
with_items:
- standalone.xml
- standalone-ha.xml
notify: Restart Keycloak
- name: Create the admin user
shell: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/bin/add-user-keycloak.sh -u {{ keycloak_admin_user }} -p {{ keycloak_admin_password }} && chown {{ keycloak_user }} {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json && chmod 600 {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
args:
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
notify: Restart Keycloak
tags: [ 'keycloak', 'keycloak_user', 'keycloak_conf' ]
tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]

48
tasks/keycloak-install.yml Normal file
View File

@ -0,0 +1,48 @@
---
- name: Install the keycloak distribution
block:
- name: Create the keycloak user
user: name={{ keycloak_user }} home={{ keycloak_install_dir }} createhome=no shell=/usr/sbin/nologin system=yes
- name: Create the keycloak installation directory, if it does not already exist.
file: dest={{ keycloak_install_dir }} owner=root group=root state=directory recurse=yes
- name: Create the {{ keycloak_properties_directory }}
file: dest={{ keycloak_properties_directory }} owner=root group=root state=directory
tags: [ keycloak, keycloak_data_dir ]
- name: Create the {{ keycloak_data_directory }}
file: dest={{ keycloak_data_directory }}/{{ item }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
loop: '{{ keycloak_data_subdirs }}'
when: keycloak_data_directory != keycloak_distribution_data_directory
tags: [ keycloak, keycloak_data_dir ]
- name: Download the keycloak distribution
unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root
args:
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
- name: Create the keycloak log directory
file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
- name: Create some log files with the correct permissions
file: dest={{ keycloak_log_directory }}/{{ item }} owner={{ keycloak_user }} group={{ keycloak_user }} mode='0644' state=touch
with_items:
- 'server.log'
- 'audit.log'
- name: Fix the permissions of some keycloak directories
file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/{{ item }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0750' recurse=yes
with_items: '{{ keycloak_owned_directories }}'
when: keycloak_data_directory == keycloak_distribution_data_directory
- name: Remove the log directory inside the keycloak distribution
file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent
- name: Remove the log directory inside the keycloak distribution
file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent
- name: Link to the external log directory
file: src={{ keycloak_log_directory }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=link
tags: keycloak

16
tasks/keycloak-jdbc.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Manage the keycloak external DB driver
block:
- name: Create the path to the DB driver
file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main state=directory
- name: Get the JDBC driver {{ keycloack_jdbc_driver }}
get_url: url={{ keycloak_jdbc_driver_url }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/{{ keycloak_jdbc_driver }} owner=root group=root mode=0444
notify: Restart Keycloak
- name: Install the JDBC module configuration
template: src=jdbc-module.xml.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/module.xml owner=root group=root mode=0444
notify: Restart Keycloak
when: keycloak_use_external_db
tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]

110
tasks/main.yml
View File

@ -1,77 +1,57 @@
--- ---
- name: Install the keycloak distribution - name: Manage the JCliff installation on Ubuntu/Debian
block: block:
- name: Create the keycloak user - name: Download the jcliff distribution
user: name={{ keycloak_user }} home={{ keycloak_install_dir }} createhome=no shell=/usr/sbin/nologin system=yes unarchive:
remote_src: yes
src: 'https://github.com/bserdar/jcliff/releases/download/v{{ keycloak_jcliff_version }}/jcliff-{{ keycloak_jcliff_version }}-dist.tar.gz'
dest: '/opt'
owner: root
group: root
- name: Create the keycloak installation directory, if it does not already exist. - name: Fix the jcliff executable permissions
file: dest={{ keycloak_install_dir }} owner=root group=root state=directory recurse=yes file:
dest: '/opt/jcliff-{{ keycloak_jcliff_version }}/jcliff'
mode: '0755'
- name: Download the keycloak distribution - name: Link to the executable
unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root file:
args: src: '/opt/jcliff-{{ keycloak_jcliff_version }}/jcliff'
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}' dest: /usr/bin/jcliff
state: link
- name: Create the keycloak log directory - name: Link to the shared resources
file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755' file:
src: '/opt/jcliff-{{ keycloak_jcliff_version }}'
dest: /usr/share/jcliff
state: link
- name: Create some log files with the correct permissions - name: Set the JBOSS_HOME as {{ jboss_home }} in the global environment profile
file: dest={{ keycloak_log_directory }}/{{ item }} owner={{ keycloak_user }} group={{ keycloak_user }} mode='0644' state=touch template:
with_items: src: jboss-env.sh.j2
- 'server.log' dest: /etc/profile.d/jboss-env.sh
- 'audit.log' owner: root
group: root
mode: '0444'
- name: Fix the permissions of some keycloak directories when: ansible_distribution_file_variety == "Debian"
file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/{{ item }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0750' recurse=yes tags: [ keycloak, jcliff ]
with_items: '{{ keycloak_owned_directories }}'
- name: Remove the log directory inside the keycloak distribution - import_tasks: keycloak-install.yml
file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent - import_tasks: keycloak-jdbc.yml
- import_tasks: keycloak-configuration.yml
- name: Remove the log directory inside the keycloak distribution
file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent
- name: Link to the external log directory
file: src={{ keycloak_log_directory }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=link
tags: keycloak
- name: Manage the keycloak external DB driver
block:
- name: Create the path to the DB driver
file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main state=directory
- name: Get the JDBC driver
get_url: url={{ keycloak_jdbc_driver_url }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/{{ keycloak_jdbc_driver }} owner=root group=root mode=0444
notify: Restart Keycloak
- name: Install the JDBC module configuration
template: src=jdbc-module.xml.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/module.xml owner=root group=root mode=0444
notify: Restart Keycloak
when: keycloak_use_external_db
tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
- name: Manage the keycloak configuration
block:
- name: Install the standalone configuration files
template: src={{ item }}.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/standalone/configuration/{{ item }} owner=root group={{ keycloak_user }} mode='0440'
with_items:
- standalone.xml
- standalone-ha.xml
notify: Restart Keycloak
- name: Create the admin user
shell: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/bin/add-user-keycloak.sh -u {{ keycloak_admin_user }} -p {{ keycloak_admin_password }} && chown {{ keycloak_user }} {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json && chmod 600 {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
args:
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
notify: Restart Keycloak
tags: [ 'keycloak', 'keycloak_user', 'keycloak_conf' ]
tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
- name: Manage the keycloak service - name: Manage the keycloak service
block: block:
- name: Install the keycloak properties file
template:
src: wildfly.properties.j2
dest: '{{ keycloak_properties_directory }}/wildfly.properties'
owner: root
group: root
mode: '0444'
notify: Restart Keycloak
- name: Install the keycloak systemd unit - name: Install the keycloak systemd unit
template: src=keycloak.service.j2 dest=/etc/systemd/system/keycloak.service owner=root group=root mode=0644 template: src=keycloak.service.j2 dest=/etc/systemd/system/keycloak.service owner=root group=root mode=0644
notify: Restart Keycloak notify: Restart Keycloak
@ -82,8 +62,8 @@
daemon_reload: yes daemon_reload: yes
when: keycloak_unit is changed when: keycloak_unit is changed
- name: ensure that the keycloak service is running and enabled # - name: ensure that the keycloak service is running and enabled
service: name=keycloak state=started enabled=yes # service: name=keycloak state=started enabled=yes
tags: [ 'keycloak', 'keycloak_service', 'keycloak_conf' ] tags: [ 'keycloak', 'keycloak_service', 'keycloak_conf' ]

1
templates/jboss-env.sh.j2 Normal file
View File

@ -0,0 +1 @@
export JBOSS_HOME={{ jboss_home }}

2
templates/keycloak.service.j2
View File

@ -9,7 +9,7 @@ Environment=JBOSS_LOG_DIR={{ keycloak_log_directory }}
Environment="JAVA_OPTS=-Xms{{ keycloak_java_min_heap }} -Xmx{{ keycloak_java_max_heap }}" Environment="JAVA_OPTS=-Xms{{ keycloak_java_min_heap }} -Xmx{{ keycloak_java_max_heap }}"
User={{ keycloak_user }} User={{ keycloak_user }}
Group={{ keycloak_user }} Group={{ keycloak_user }}
ExecStart={{ keycloak_runtime_home }}/bin/standalone.sh -b {{ keycloak_listen }} {% if keycloak_wildfly_clustered %} --server-config=standalone-ha.xml -Djboss.node.name={{ keycloak_wildfly_cluster_node_name }}{% endif %} ExecStart={{ keycloak_runtime_home }}/bin/standalone.sh -P {{ keycloak_properties_directory }}/wildfly.properties -b {{ keycloak_listen }} {% if keycloak_wildfly_clustered %}--server-config=standalone-ha.xml -Djboss.node.name={{ keycloak_wildfly_cluster_node_name }}{% endif %}
TimeoutStartSec=600 TimeoutStartSec=600
TimeoutStopSec=600 TimeoutStopSec=600

3
templates/wildfly.properties.j2 Normal file
View File

@ -0,0 +1,3 @@
{% for prop in keycloak_startup_properties %}
{{ prop.name }}={{ prop.value }}
{% endfor %}

8
vars/main.yml
View File

@ -9,9 +9,15 @@ keycloak_distribution: 'keycloak-{{ keycloak_version }}'
keycloak_distribution_archive: '{{ keycloak_distribution }}.tar.gz' keycloak_distribution_archive: '{{ keycloak_distribution }}.tar.gz'
keycloak_download_url: 'https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_distribution_archive }}' keycloak_download_url: 'https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_distribution_archive }}'
keycloak_runtime_home: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}' keycloak_runtime_home: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
jboss_home: '{{ keycloak_runtime_home }}'
keycloak_owned_directories: keycloak_owned_directories:
- data - data
- tmp - tmp
- configuration - configuration
- deployments - deployments
keycloak_data_subdirs:
- avatar
- content
- kernel
- timer-service-data
- tx-object-store