From d9f914aff7e08237974ca4187978005ccf294260 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 29 Mar 2024 18:20:27 +0100 Subject: [PATCH] proxy -> proxy-headers. Also fix the systemd unit reload. --- defaults/main.yml | 3 +- tasks/keycloak-configuration.yml | 22 +++---- tasks/keycloak-install.yml | 105 +++++++++++++++++-------------- tasks/keycloak-providers.yml | 6 +- tasks/main.yml | 2 +- templates/keycloak.conf.j2 | 2 +- 6 files changed, 75 insertions(+), 65 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 415a78f..bd7e52e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -16,6 +16,7 @@ keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_di keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf' keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers' keycloak_data_directory: '{{ keycloak_runtime_home }}/data' +keycloak_quarkus_directory: "{{ keycloak_runtime_home }}/lib/quarkus" keycloak_log_directory: '/var/log/keycloak' keycloak_service_name: keycloak keycloak_optimize_build_at_startup: true @@ -81,7 +82,7 @@ keycloak_admin_user: kadmin keycloak_before_nginx: false keycloak_before_apache_httpd: false keycloak_behind_reverse_proxy: true -keycloak_reverse_proxy_type: '{% if keycloak_https_enabled %}reencrypt{% else %}edge{% endif %}' +keycloak_reverse_proxy_type: "xforwarded" keycloak_reverse_proxy_infinispan_attach_route: 'true' keycloak_cluster: false diff --git a/tasks/keycloak-configuration.yml b/tasks/keycloak-configuration.yml index e6b3e8c..6c52216 100644 --- a/tasks/keycloak-configuration.yml +++ b/tasks/keycloak-configuration.yml @@ -1,13 +1,13 @@ --- -- name: Manage the keycloak configuration +- name: keycloak-configuration | Manage the keycloak configuration + tags: ['keycloak', 'keycloak_db', 'keycloak_conf'] block: - - name: Install the Keycloak and infinispan configuration files - ansible.builtin.template: - src: '{{ item }}.j2' - dest: '{{ keycloak_conf_directory }}/{{ item }}' - owner: root - group: root - loop: '{{ keycloak_configuration_files }}' - notify: Restart Keycloak - - tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ] + - name: keycloak-configuration | Install the Keycloak and infinispan configuration files + ansible.builtin.template: + src: '{{ item }}.j2' + dest: '{{ keycloak_conf_directory }}/{{ item }}' + owner: root + group: root + mode: "0644" + loop: '{{ keycloak_configuration_files }}' + notify: Restart Keycloak diff --git a/tasks/keycloak-install.yml b/tasks/keycloak-install.yml index 1387d86..3a3ce6e 100644 --- a/tasks/keycloak-install.yml +++ b/tasks/keycloak-install.yml @@ -1,58 +1,67 @@ --- -- name: Install the keycloak distribution +- name: keycloak-install | Install the keycloak distribution tags: keycloak block: - - name: Create the keycloak user - ansible.builtin.user: - name: '{{ keycloak_user }}' - home: '{{ keycloak_install_dir }}' - createhome: false - shell: /usr/sbin/nologin - system: true + - name: keycloak-install | Create the keycloak user + ansible.builtin.user: + name: '{{ keycloak_user }}' + home: '{{ keycloak_install_dir }}' + createhome: false + shell: /usr/sbin/nologin + system: true - - name: Create the keycloak installation directory, if it does not already exist. - ansible.builtin.file: - dest: '{{ keycloak_install_dir }}' - owner: root - group: root - state: directory - recurse: true + - name: keycloak-install | Create the keycloak installation directory, if it does not already exist. + ansible.builtin.file: + dest: '{{ keycloak_install_dir }}' + owner: root + group: root + state: directory + recurse: true - - name: Create the keycloak log directory - file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755' + - name: keycloak-install | Create the keycloak log directory + ansible.builtin.file: + dest: "{{ keycloak_log_directory }}" + state: directory + owner: "{{ keycloak_user }}" + group: "{{ keycloak_user }}" + mode: '0755' - - name: Download the keycloak distribution - unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root - args: - creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}' + - name: keycloak-install | Download the keycloak distribution + ansible.builtin.unarchive: + remote_src: true + src: "{{ keycloak_download_url }}" + dest: "{{ keycloak_install_dir }}" + owner: root + group: root + args: + creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}' - - name: Set the permissions of the {{ keycloak_data_directory }} directory - ansible.builtin.file: - dest: '{{ keycloak_data_directory }}' - state: directory - owner: '{{ keycloak_user }}' - group: '{{ keycloak_user }}' - mode: 0750 - recurse: true - tags: [ keycloak, keycloak_data_dir ] + - name: keycloak-install | Set the permissions of {{ keycloak_data_directory }} + ansible.builtin.file: + dest: '{{ keycloak_data_directory }}' + state: directory + owner: '{{ keycloak_user }}' + group: '{{ keycloak_user }}' + mode: "0750" + recurse: true + tags: [keycloak, keycloak_data_dir] - - name: Set the permissions of the {{ keycloak_runtime_home }}/lib/quarkus directory - ansible.builtin.file: - dest: '{{ keycloak_runtime_home }}/lib/quarkus' - state: directory - owner: '{{ keycloak_user }}' - group: '{{ keycloak_user }}' - mode: 0750 - recurse: true - tags: [ keycloak, keycloak_data_dir ] - - - name: Avatar directory - ansible.builtin.file: - dest: '{{ keycloak_external_avatar_dir }}' - state: directory - owner: '{{ keycloak_user }}' - group: '{{ keycloak_user }}' - mode: 0750 - when: not keycloak_external_avatar_dir_enabled + - name: keycloak-install | Set the permissions of {{ keycloak_quarkus_directory }} + ansible.builtin.file: + dest: "{{ keycloak_quarkus_directory }}" + state: directory + owner: '{{ keycloak_user }}' + group: '{{ keycloak_user }}' + mode: "0750" + recurse: true + tags: [keycloak, keycloak_data_dir] + - name: keycloak-install | Avatar directory + ansible.builtin.file: + dest: '{{ keycloak_external_avatar_dir }}' + state: directory + owner: '{{ keycloak_user }}' + group: '{{ keycloak_user }}' + mode: "0750" + when: not keycloak_external_avatar_dir_enabled diff --git a/tasks/keycloak-providers.yml b/tasks/keycloak-providers.yml index 5ffc5d9..dad7832 100644 --- a/tasks/keycloak-providers.yml +++ b/tasks/keycloak-providers.yml @@ -1,6 +1,6 @@ --- -- name: Get the keycloak providers - maven_artifact: +- name: keycloak-providers | Get the keycloak providers + community.general.maven_artifactmaven_artifact: artifact_id: "{{ item.maven_id }}" version: "{{ item.maven_version | default('latest') }}" group_id: "{{ item.maven_group_id }}" @@ -8,7 +8,7 @@ repository_url: "{{ item.maven_repo_url }}" dest: "{{ keycloak_providers_directory }}/{{ item.name }}.{{ item.maven_extension | default('jar') }}" verify_checksum: always - mode: 0644 + mode: "0644" loop: '{{ keycloak_remote_providers }}' when: item.maven_extension is not defined or item.maven_extension != "ear" notify: Restart Keycloak diff --git a/tasks/main.yml b/tasks/main.yml index cc27149..50f66d4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -24,8 +24,8 @@ group: root mode: "0644" notify: - - Restart Keycloak - Reload the systemd service + - Restart Keycloak - name: Reload the systemd service ansible.builtin.meta: flush_handlers diff --git a/templates/keycloak.conf.j2 b/templates/keycloak.conf.j2 index cc6d05f..519817d 100644 --- a/templates/keycloak.conf.j2 +++ b/templates/keycloak.conf.j2 @@ -31,7 +31,7 @@ https-port={{ keycloak_https_port }} {% if keycloak_behind_reverse_proxy %} # The proxy address forwarding mode if the server is behind a reverse proxy. -proxy={{ keycloak_reverse_proxy_type }} +proxy-headers={{ keycloak_reverse_proxy_type }} {% endif %} {% if keycloak_set_hostname %}