proxy -> proxy-headers. Also fix the systemd unit reload.
This commit is contained in:
parent
c90ec14535
commit
d9f914aff7
|
@ -16,6 +16,7 @@ keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_di
|
||||||
keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf'
|
keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf'
|
||||||
keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers'
|
keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers'
|
||||||
keycloak_data_directory: '{{ keycloak_runtime_home }}/data'
|
keycloak_data_directory: '{{ keycloak_runtime_home }}/data'
|
||||||
|
keycloak_quarkus_directory: "{{ keycloak_runtime_home }}/lib/quarkus"
|
||||||
keycloak_log_directory: '/var/log/keycloak'
|
keycloak_log_directory: '/var/log/keycloak'
|
||||||
keycloak_service_name: keycloak
|
keycloak_service_name: keycloak
|
||||||
keycloak_optimize_build_at_startup: true
|
keycloak_optimize_build_at_startup: true
|
||||||
|
@ -81,7 +82,7 @@ keycloak_admin_user: kadmin
|
||||||
keycloak_before_nginx: false
|
keycloak_before_nginx: false
|
||||||
keycloak_before_apache_httpd: false
|
keycloak_before_apache_httpd: false
|
||||||
keycloak_behind_reverse_proxy: true
|
keycloak_behind_reverse_proxy: true
|
||||||
keycloak_reverse_proxy_type: '{% if keycloak_https_enabled %}reencrypt{% else %}edge{% endif %}'
|
keycloak_reverse_proxy_type: "xforwarded"
|
||||||
keycloak_reverse_proxy_infinispan_attach_route: 'true'
|
keycloak_reverse_proxy_infinispan_attach_route: 'true'
|
||||||
|
|
||||||
keycloak_cluster: false
|
keycloak_cluster: false
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
---
|
---
|
||||||
- name: Manage the keycloak configuration
|
- name: keycloak-configuration | Manage the keycloak configuration
|
||||||
|
tags: ['keycloak', 'keycloak_db', 'keycloak_conf']
|
||||||
block:
|
block:
|
||||||
- name: Install the Keycloak and infinispan configuration files
|
- name: keycloak-configuration | Install the Keycloak and infinispan configuration files
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: '{{ item }}.j2'
|
src: '{{ item }}.j2'
|
||||||
dest: '{{ keycloak_conf_directory }}/{{ item }}'
|
dest: '{{ keycloak_conf_directory }}/{{ item }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
mode: "0644"
|
||||||
loop: '{{ keycloak_configuration_files }}'
|
loop: '{{ keycloak_configuration_files }}'
|
||||||
notify: Restart Keycloak
|
notify: Restart Keycloak
|
||||||
|
|
||||||
tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: Install the keycloak distribution
|
- name: keycloak-install | Install the keycloak distribution
|
||||||
tags: keycloak
|
tags: keycloak
|
||||||
block:
|
block:
|
||||||
- name: Create the keycloak user
|
- name: keycloak-install | Create the keycloak user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: '{{ keycloak_user }}'
|
name: '{{ keycloak_user }}'
|
||||||
home: '{{ keycloak_install_dir }}'
|
home: '{{ keycloak_install_dir }}'
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
shell: /usr/sbin/nologin
|
shell: /usr/sbin/nologin
|
||||||
system: true
|
system: true
|
||||||
|
|
||||||
- name: Create the keycloak installation directory, if it does not already exist.
|
- name: keycloak-install | Create the keycloak installation directory, if it does not already exist.
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
dest: '{{ keycloak_install_dir }}'
|
dest: '{{ keycloak_install_dir }}'
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -18,41 +18,50 @@
|
||||||
state: directory
|
state: directory
|
||||||
recurse: true
|
recurse: true
|
||||||
|
|
||||||
- name: Create the keycloak log directory
|
- name: keycloak-install | Create the keycloak log directory
|
||||||
file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
|
ansible.builtin.file:
|
||||||
|
dest: "{{ keycloak_log_directory }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ keycloak_user }}"
|
||||||
|
group: "{{ keycloak_user }}"
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
- name: Download the keycloak distribution
|
- name: keycloak-install | Download the keycloak distribution
|
||||||
unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root
|
ansible.builtin.unarchive:
|
||||||
|
remote_src: true
|
||||||
|
src: "{{ keycloak_download_url }}"
|
||||||
|
dest: "{{ keycloak_install_dir }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
args:
|
args:
|
||||||
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
|
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
|
||||||
|
|
||||||
- name: Set the permissions of the {{ keycloak_data_directory }} directory
|
- name: keycloak-install | Set the permissions of {{ keycloak_data_directory }}
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
dest: '{{ keycloak_data_directory }}'
|
dest: '{{ keycloak_data_directory }}'
|
||||||
state: directory
|
state: directory
|
||||||
owner: '{{ keycloak_user }}'
|
owner: '{{ keycloak_user }}'
|
||||||
group: '{{ keycloak_user }}'
|
group: '{{ keycloak_user }}'
|
||||||
mode: 0750
|
mode: "0750"
|
||||||
recurse: true
|
recurse: true
|
||||||
tags: [keycloak, keycloak_data_dir]
|
tags: [keycloak, keycloak_data_dir]
|
||||||
|
|
||||||
|
|
||||||
- name: Set the permissions of the {{ keycloak_runtime_home }}/lib/quarkus directory
|
- name: keycloak-install | Set the permissions of {{ keycloak_quarkus_directory }}
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
dest: '{{ keycloak_runtime_home }}/lib/quarkus'
|
dest: "{{ keycloak_quarkus_directory }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: '{{ keycloak_user }}'
|
owner: '{{ keycloak_user }}'
|
||||||
group: '{{ keycloak_user }}'
|
group: '{{ keycloak_user }}'
|
||||||
mode: 0750
|
mode: "0750"
|
||||||
recurse: true
|
recurse: true
|
||||||
tags: [keycloak, keycloak_data_dir]
|
tags: [keycloak, keycloak_data_dir]
|
||||||
|
|
||||||
- name: Avatar directory
|
- name: keycloak-install | Avatar directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
dest: '{{ keycloak_external_avatar_dir }}'
|
dest: '{{ keycloak_external_avatar_dir }}'
|
||||||
state: directory
|
state: directory
|
||||||
owner: '{{ keycloak_user }}'
|
owner: '{{ keycloak_user }}'
|
||||||
group: '{{ keycloak_user }}'
|
group: '{{ keycloak_user }}'
|
||||||
mode: 0750
|
mode: "0750"
|
||||||
when: not keycloak_external_avatar_dir_enabled
|
when: not keycloak_external_avatar_dir_enabled
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: Get the keycloak providers
|
- name: keycloak-providers | Get the keycloak providers
|
||||||
maven_artifact:
|
community.general.maven_artifactmaven_artifact:
|
||||||
artifact_id: "{{ item.maven_id }}"
|
artifact_id: "{{ item.maven_id }}"
|
||||||
version: "{{ item.maven_version | default('latest') }}"
|
version: "{{ item.maven_version | default('latest') }}"
|
||||||
group_id: "{{ item.maven_group_id }}"
|
group_id: "{{ item.maven_group_id }}"
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
repository_url: "{{ item.maven_repo_url }}"
|
repository_url: "{{ item.maven_repo_url }}"
|
||||||
dest: "{{ keycloak_providers_directory }}/{{ item.name }}.{{ item.maven_extension | default('jar') }}"
|
dest: "{{ keycloak_providers_directory }}/{{ item.name }}.{{ item.maven_extension | default('jar') }}"
|
||||||
verify_checksum: always
|
verify_checksum: always
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
loop: '{{ keycloak_remote_providers }}'
|
loop: '{{ keycloak_remote_providers }}'
|
||||||
when: item.maven_extension is not defined or item.maven_extension != "ear"
|
when: item.maven_extension is not defined or item.maven_extension != "ear"
|
||||||
notify: Restart Keycloak
|
notify: Restart Keycloak
|
||||||
|
|
|
@ -24,8 +24,8 @@
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify:
|
notify:
|
||||||
- Restart Keycloak
|
|
||||||
- Reload the systemd service
|
- Reload the systemd service
|
||||||
|
- Restart Keycloak
|
||||||
|
|
||||||
- name: Reload the systemd service
|
- name: Reload the systemd service
|
||||||
ansible.builtin.meta: flush_handlers
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
|
@ -31,7 +31,7 @@ https-port={{ keycloak_https_port }}
|
||||||
|
|
||||||
{% if keycloak_behind_reverse_proxy %}
|
{% if keycloak_behind_reverse_proxy %}
|
||||||
# The proxy address forwarding mode if the server is behind a reverse proxy.
|
# The proxy address forwarding mode if the server is behind a reverse proxy.
|
||||||
proxy={{ keycloak_reverse_proxy_type }}
|
proxy-headers={{ keycloak_reverse_proxy_type }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if keycloak_set_hostname %}
|
{% if keycloak_set_hostname %}
|
||||||
|
|
Loading…
Reference in New Issue