proxy -> proxy-headers. Also fix the systemd unit reload.

This commit is contained in:
Andrea Dell'Amico 2024-03-29 18:20:27 +01:00
parent c90ec14535
commit d9f914aff7
Signed by untrusted user: adellam
GPG Key ID: 147ABE6CEB9E20FF
6 changed files with 75 additions and 65 deletions

View File

@ -16,6 +16,7 @@ keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_di
keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf' keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf'
keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers' keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers'
keycloak_data_directory: '{{ keycloak_runtime_home }}/data' keycloak_data_directory: '{{ keycloak_runtime_home }}/data'
keycloak_quarkus_directory: "{{ keycloak_runtime_home }}/lib/quarkus"
keycloak_log_directory: '/var/log/keycloak' keycloak_log_directory: '/var/log/keycloak'
keycloak_service_name: keycloak keycloak_service_name: keycloak
keycloak_optimize_build_at_startup: true keycloak_optimize_build_at_startup: true
@ -81,7 +82,7 @@ keycloak_admin_user: kadmin
keycloak_before_nginx: false keycloak_before_nginx: false
keycloak_before_apache_httpd: false keycloak_before_apache_httpd: false
keycloak_behind_reverse_proxy: true keycloak_behind_reverse_proxy: true
keycloak_reverse_proxy_type: '{% if keycloak_https_enabled %}reencrypt{% else %}edge{% endif %}' keycloak_reverse_proxy_type: "xforwarded"
keycloak_reverse_proxy_infinispan_attach_route: 'true' keycloak_reverse_proxy_infinispan_attach_route: 'true'
keycloak_cluster: false keycloak_cluster: false

View File

@ -1,13 +1,13 @@
--- ---
- name: Manage the keycloak configuration - name: keycloak-configuration | Manage the keycloak configuration
tags: ['keycloak', 'keycloak_db', 'keycloak_conf']
block: block:
- name: Install the Keycloak and infinispan configuration files - name: keycloak-configuration | Install the Keycloak and infinispan configuration files
ansible.builtin.template: ansible.builtin.template:
src: '{{ item }}.j2' src: '{{ item }}.j2'
dest: '{{ keycloak_conf_directory }}/{{ item }}' dest: '{{ keycloak_conf_directory }}/{{ item }}'
owner: root owner: root
group: root group: root
mode: "0644"
loop: '{{ keycloak_configuration_files }}' loop: '{{ keycloak_configuration_files }}'
notify: Restart Keycloak notify: Restart Keycloak
tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]

View File

@ -1,8 +1,8 @@
--- ---
- name: Install the keycloak distribution - name: keycloak-install | Install the keycloak distribution
tags: keycloak tags: keycloak
block: block:
- name: Create the keycloak user - name: keycloak-install | Create the keycloak user
ansible.builtin.user: ansible.builtin.user:
name: '{{ keycloak_user }}' name: '{{ keycloak_user }}'
home: '{{ keycloak_install_dir }}' home: '{{ keycloak_install_dir }}'
@ -10,7 +10,7 @@
shell: /usr/sbin/nologin shell: /usr/sbin/nologin
system: true system: true
- name: Create the keycloak installation directory, if it does not already exist. - name: keycloak-install | Create the keycloak installation directory, if it does not already exist.
ansible.builtin.file: ansible.builtin.file:
dest: '{{ keycloak_install_dir }}' dest: '{{ keycloak_install_dir }}'
owner: root owner: root
@ -18,41 +18,50 @@
state: directory state: directory
recurse: true recurse: true
- name: Create the keycloak log directory - name: keycloak-install | Create the keycloak log directory
file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755' ansible.builtin.file:
dest: "{{ keycloak_log_directory }}"
state: directory
owner: "{{ keycloak_user }}"
group: "{{ keycloak_user }}"
mode: '0755'
- name: Download the keycloak distribution - name: keycloak-install | Download the keycloak distribution
unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root ansible.builtin.unarchive:
remote_src: true
src: "{{ keycloak_download_url }}"
dest: "{{ keycloak_install_dir }}"
owner: root
group: root
args: args:
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}' creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
- name: Set the permissions of the {{ keycloak_data_directory }} directory - name: keycloak-install | Set the permissions of {{ keycloak_data_directory }}
ansible.builtin.file: ansible.builtin.file:
dest: '{{ keycloak_data_directory }}' dest: '{{ keycloak_data_directory }}'
state: directory state: directory
owner: '{{ keycloak_user }}' owner: '{{ keycloak_user }}'
group: '{{ keycloak_user }}' group: '{{ keycloak_user }}'
mode: 0750 mode: "0750"
recurse: true recurse: true
tags: [keycloak, keycloak_data_dir] tags: [keycloak, keycloak_data_dir]
- name: Set the permissions of the {{ keycloak_runtime_home }}/lib/quarkus directory - name: keycloak-install | Set the permissions of {{ keycloak_quarkus_directory }}
ansible.builtin.file: ansible.builtin.file:
dest: '{{ keycloak_runtime_home }}/lib/quarkus' dest: "{{ keycloak_quarkus_directory }}"
state: directory state: directory
owner: '{{ keycloak_user }}' owner: '{{ keycloak_user }}'
group: '{{ keycloak_user }}' group: '{{ keycloak_user }}'
mode: 0750 mode: "0750"
recurse: true recurse: true
tags: [keycloak, keycloak_data_dir] tags: [keycloak, keycloak_data_dir]
- name: Avatar directory - name: keycloak-install | Avatar directory
ansible.builtin.file: ansible.builtin.file:
dest: '{{ keycloak_external_avatar_dir }}' dest: '{{ keycloak_external_avatar_dir }}'
state: directory state: directory
owner: '{{ keycloak_user }}' owner: '{{ keycloak_user }}'
group: '{{ keycloak_user }}' group: '{{ keycloak_user }}'
mode: 0750 mode: "0750"
when: not keycloak_external_avatar_dir_enabled when: not keycloak_external_avatar_dir_enabled

View File

@ -1,6 +1,6 @@
--- ---
- name: Get the keycloak providers - name: keycloak-providers | Get the keycloak providers
maven_artifact: community.general.maven_artifactmaven_artifact:
artifact_id: "{{ item.maven_id }}" artifact_id: "{{ item.maven_id }}"
version: "{{ item.maven_version | default('latest') }}" version: "{{ item.maven_version | default('latest') }}"
group_id: "{{ item.maven_group_id }}" group_id: "{{ item.maven_group_id }}"
@ -8,7 +8,7 @@
repository_url: "{{ item.maven_repo_url }}" repository_url: "{{ item.maven_repo_url }}"
dest: "{{ keycloak_providers_directory }}/{{ item.name }}.{{ item.maven_extension | default('jar') }}" dest: "{{ keycloak_providers_directory }}/{{ item.name }}.{{ item.maven_extension | default('jar') }}"
verify_checksum: always verify_checksum: always
mode: 0644 mode: "0644"
loop: '{{ keycloak_remote_providers }}' loop: '{{ keycloak_remote_providers }}'
when: item.maven_extension is not defined or item.maven_extension != "ear" when: item.maven_extension is not defined or item.maven_extension != "ear"
notify: Restart Keycloak notify: Restart Keycloak

View File

@ -24,8 +24,8 @@
group: root group: root
mode: "0644" mode: "0644"
notify: notify:
- Restart Keycloak
- Reload the systemd service - Reload the systemd service
- Restart Keycloak
- name: Reload the systemd service - name: Reload the systemd service
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers

View File

@ -31,7 +31,7 @@ https-port={{ keycloak_https_port }}
{% if keycloak_behind_reverse_proxy %} {% if keycloak_behind_reverse_proxy %}
# The proxy address forwarding mode if the server is behind a reverse proxy. # The proxy address forwarding mode if the server is behind a reverse proxy.
proxy={{ keycloak_reverse_proxy_type }} proxy-headers={{ keycloak_reverse_proxy_type }}
{% endif %} {% endif %}
{% if keycloak_set_hostname %} {% if keycloak_set_hostname %}