mauro.mugnaini
/
ansible-role-keycloak
forked from ISTI-ansible-roles/ansible-role-keycloak
1
0
Fork 0
Code Pull Requests Activity

proxy -> proxy-headers. Also fix the systemd unit reload.

This commit is contained in:
Andrea Dell'Amico 2024-03-29 18:20:27 +01:00
parent c90ec14535
commit d9f914aff7
Signed by untrusted user: adellam
GPG Key ID: 147ABE6CEB9E20FF
6 changed files with 75 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yml
View File

@ -16,6 +16,7 @@ keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_di
keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf'
keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers'
keycloak_data_directory: '{{ keycloak_runtime_home }}/data'
keycloak_quarkus_directory: "{{ keycloak_runtime_home }}/lib/quarkus"
keycloak_log_directory: '/var/log/keycloak'
keycloak_service_name: keycloak
keycloak_optimize_build_at_startup: true
@ -81,7 +82,7 @@ keycloak_admin_user: kadmin
keycloak_before_nginx: false
keycloak_before_apache_httpd: false
keycloak_behind_reverse_proxy: true
keycloak_reverse_proxy_type: '{% if keycloak_https_enabled %}reencrypt{% else %}edge{% endif %}'
keycloak_reverse_proxy_type: "xforwarded"
keycloak_reverse_proxy_infinispan_attach_route: 'true'
keycloak_cluster: false

8
tasks/keycloak-configuration.yml
View File

@ -1,13 +1,13 @@
---
- name: Manage the keycloak configuration
- name: keycloak-configuration | Manage the keycloak configuration
tags: ['keycloak', 'keycloak_db', 'keycloak_conf']
block:
- name: Install the Keycloak and infinispan configuration files
- name: keycloak-configuration | Install the Keycloak and infinispan configuration files
ansible.builtin.template:
src: '{{ item }}.j2'
dest: '{{ keycloak_conf_directory }}/{{ item }}'
owner: root
group: root
mode: "0644"
loop: '{{ keycloak_configuration_files }}'
notify: Restart Keycloak
tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]

43
tasks/keycloak-install.yml
View File

@ -1,8 +1,8 @@
---
- name: Install the keycloak distribution
- name: keycloak-install | Install the keycloak distribution
tags: keycloak
block:
- name: Create the keycloak user
- name: keycloak-install | Create the keycloak user
ansible.builtin.user:
name: '{{ keycloak_user }}'
home: '{{ keycloak_install_dir }}'
@ -10,7 +10,7 @@
shell: /usr/sbin/nologin
system: true
- name: Create the keycloak installation directory, if it does not already exist.
- name: keycloak-install | Create the keycloak installation directory, if it does not already exist.
ansible.builtin.file:
dest: '{{ keycloak_install_dir }}'
owner: root
@ -18,41 +18,50 @@
state: directory
recurse: true
- name: Create the keycloak log directory
file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
- name: keycloak-install | Create the keycloak log directory
ansible.builtin.file:
dest: "{{ keycloak_log_directory }}"
state: directory
owner: "{{ keycloak_user }}"
group: "{{ keycloak_user }}"
mode: '0755'
- name: Download the keycloak distribution
unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root
- name: keycloak-install | Download the keycloak distribution
ansible.builtin.unarchive:
remote_src: true
src: "{{ keycloak_download_url }}"
dest: "{{ keycloak_install_dir }}"
owner: root
group: root
args:
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
- name: Set the permissions of the {{ keycloak_data_directory }} directory
- name: keycloak-install | Set the permissions of {{ keycloak_data_directory }}
ansible.builtin.file:
dest: '{{ keycloak_data_directory }}'
state: directory
owner: '{{ keycloak_user }}'
group: '{{ keycloak_user }}'
mode: 0750
mode: "0750"
recurse: true
tags: [ keycloak, keycloak_data_dir ]
tags: [keycloak, keycloak_data_dir]
- name: Set the permissions of the {{ keycloak_runtime_home }}/lib/quarkus directory
- name: keycloak-install | Set the permissions of {{ keycloak_quarkus_directory }}
ansible.builtin.file:
dest: '{{ keycloak_runtime_home }}/lib/quarkus'
dest: "{{ keycloak_quarkus_directory }}"
state: directory
owner: '{{ keycloak_user }}'
group: '{{ keycloak_user }}'
mode: 0750
mode: "0750"
recurse: true
tags: [ keycloak, keycloak_data_dir ]
tags: [keycloak, keycloak_data_dir]
- name: Avatar directory
- name: keycloak-install | Avatar directory
ansible.builtin.file:
dest: '{{ keycloak_external_avatar_dir }}'
state: directory
owner: '{{ keycloak_user }}'
group: '{{ keycloak_user }}'
mode: 0750
mode: "0750"
when: not keycloak_external_avatar_dir_enabled

6
tasks/keycloak-providers.yml
View File

@ -1,6 +1,6 @@
---
- name: Get the keycloak providers
maven_artifact:
- name: keycloak-providers | Get the keycloak providers
community.general.maven_artifactmaven_artifact:
artifact_id: "{{ item.maven_id }}"
version: "{{ item.maven_version | default('latest') }}"
group_id: "{{ item.maven_group_id }}"
@ -8,7 +8,7 @@
repository_url: "{{ item.maven_repo_url }}"
dest: "{{ keycloak_providers_directory }}/{{ item.name }}.{{ item.maven_extension | default('jar') }}"
verify_checksum: always
mode: 0644
mode: "0644"
loop: '{{ keycloak_remote_providers }}'
when: item.maven_extension is not defined or item.maven_extension != "ear"
notify: Restart Keycloak

2
tasks/main.yml
View File

@ -24,8 +24,8 @@
group: root
mode: "0644"
notify:
- Restart Keycloak
- Reload the systemd service
- Restart Keycloak
- name: Reload the systemd service
ansible.builtin.meta: flush_handlers

2
templates/keycloak.conf.j2
View File

@ -31,7 +31,7 @@ https-port={{ keycloak_https_port }}
{% if keycloak_behind_reverse_proxy %}
# The proxy address forwarding mode if the server is behind a reverse proxy.
proxy={{ keycloak_reverse_proxy_type }}
proxy-headers={{ keycloak_reverse_proxy_type }}
{% endif %}
{% if keycloak_set_hostname %}