Added all the base files and tasks

09232b14 · nono · eaa8d04d · 09232b14 · 09232b14 · 09232b14
--- a/files/module-mariadb.xml
+++ b/files/module-mariadb.xml
+<?xml version="1.0" ?>
+<module xmlns="urn:jboss:module:1.3" name="org.mariadb.jdbc">
+
+    <resources>
+        <resource-root path="/usr/share/java/mariadb-java-client.jar"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.api"/>
+        <module name="javax.transaction.api"/>
+    </dependencies>
+</module>
--- a/handlers/main.yml
+++ b/handlers/main.yml
 ---
 # handlers file for sso-lqdn
+
+- name: reload systemd
+  systemd:
+    daemon_reload: yes
+  become: yes
+
+- name: restart keycloak
+  systemd:
+    name: keycloak
+    enabled: yes
+    state: restarted
+  become: yes
--- a/tasks/install-configuration.yml
+++ b/tasks/install-configuration.yml
 ---

 - name : Configuring Keycloak
+  template:
+    src: standalone-ha.xml.j2
+    dest: {{ keycloak_config_dir }}/standalone-ha.xml
+    owner: root
+    group: root
+    mode: 0644
+  become: yes
+  notify:
+    - reload systemd
+    - restart keycloak
+
+- name: create Keycloak admin user
+  command:
+  args:
+    argv:
+      - "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
+      - -rmaster
+      - -u{{ keycloak_admin_user }}
+      - -p{{ keycloak_admin_password }}
+    creates: "{{ keycloak_config_dir }}/keycloak-add-user.json"
+  become: yes
+  tags:
+    - skip_ansible_lint
--- a/tasks/install-database.yml
+++ b/tasks/install-database.yml
 ---
+# Adding the database to be used by Keycloak
+
+# Adding the Java Database Driver
+- name : Installation of the latest Java OpenJDK Driver
+  package :
+    name :
+    - libmariadb-java
+    state : latest
+
+# Creating the database user and password for keycloak
+- name: "Update root password"
+  mysql_user:
+    name: root
+    password: "{{ keycloack_mysql_root_password }}"
+    check_implicit_admin: yes
+    priv: "*.*:ALL,GRANT"
+    # Assuming the root user has only localhost access
+    host_all: yes
+
+- name: "Delete the anonymous user."
+  mysql_user:
+    user: ""
+    state: "absent"
+    login_user: root
+    login_password: "{{ keycloack_mysql_root_password }}"
+  ignore_errors: yes
+
+- name: "Removes the MySQL test database"
+  mysql_db:
+    name: test
+    state: absent
+    login_user: root
+    login_password: "{{ keycloack_mysql_root_password }}"
+  ignore_errors: yes
+
+- name: "Add Database {{ keycloak_db_name }}."
+  mysql_db:
+    name: "{{ keycloak_db_name }}"
+    login_user: root
+    login_password: "{{ keycloack_mysql_root_password }}"
+    state: present
+
+- name: "Configure the database user."
+  mysql_user:
+    name: "{{ keycloak_db_admin }}"
+    password: "{{ keycloak_db_pwd }}"
+    priv: "{{ keycloak_db_name }}.*:ALL"
+    login_user: root
+    login_password: "{{ keycloak_mysql_root_pwd }}"
+    state: present
--- a/tasks/install-dependencies.yml
+++ b/tasks/install-dependencies.yml
@@ -13,8 +13,8 @@
    - tar
    state : present

- name : Installation of pSQL
+- name : Installation of MariaDB
  package :
    name :
-    - postgresql
+    - mariadb
    state : present
--- a/tasks/install-reverse-proxy.yml
+++ b/tasks/install-reverse-proxy.yml
 ---
-
- name : Installing Nginx
-
- name : Configuring Nginx to reverse proxy Keycloak
-
- name : Configuring Nginx to process the SSL certificates
+# 
+# - name : Installing Nginx
+#
+# - name : Configuring Nginx to reverse proxy Keycloak
+#
+# - name : Configuring Nginx to process the SSL certificates
--- a/tasks/install-run-service.yml
+++ b/tasks/install-run-service.yml
 ---

- name : Installing the SystemD service script
-
- name : Launching the service 
+- name: Installing the SystemD service script
+      template:
+        src: keycloak.service.j2
+        dest: /etc/systemd/system/keycloak.service
+        owner: root
+        group: root
+        mode: 0644
+      become: yes
+      notify:
+        - reload systemd
+        - restart keycloak
--- a/tasks/install-service.yml
+++ b/tasks/install-service.yml
@@ -18,16 +18,72 @@
        state: absent
  when: existing_deploy.stat.exists and keycloak_force_install | bool

-
 - name: Checking for an existing deployment after possible forced removal
  stat:
    path: "{{ keycloak_jboss_home }}"
  register: existing_deploy

- name: Downloading Keycloak
+- name: create Keycloak install location
+  file:
+    dest: "{{ keycloak_base_path }}"
+    state: directory
+    owner: "{{ keycloak_service_user }}"
+    group: "{{ keycloak_service_group }}"
+  become: yes
+
+- block:
+    - name: download Keycloak archive to target
+      get_url:
+        url: "{{ keycloak_url }}"
+        dest: "{{ keycloak_dest }}"
+        owner: "{{ keycloak_service_user }}"
+        group: "{{ keycloak_service_group }}"
+    - name: extract Keycloak archive on target
+      unarchive:
+        remote_src: yes
+        src: "{{ keycloak_dest }}/{{ keycloak_archive }}"
+        dest: "{{ keycloak_dest }}"
+        creates: "{{ keycloak_jboss_home }}"
+        owner: "{{ keycloak_service_user }}"
+        group: "{{ keycloak_service_group }}"
+      notify:
+        - restart keycloak
+  become: yes
+  when: keycloak_archive_on_target

- name: Extracting Keycloak
+- block:
+    - name: download Keycloak archive to local
+      delegate_to: localhost
+      get_url:
+        url: "{{ keycloak_url }}"
+        dest: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
+    - name: extract Keycloak archive on local
+      unarchive:
+        remote_src: no
+        src: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
+        dest: "{{ keycloak_dest }}"
+        creates: "{{ keycloak_jboss_home }}"
+        owner: "{{ keycloak_service_user }}"
+        group: "{{ keycloak_service_group }}"
+      become: yes
+      notify:
+        - restart keycloak
+  when: not keycloak_archive_on_target

- name: Downloading postgresql jdbc driver
+- name: Create module.xml for mariadb jdbc driver
+  copy:
+    src: "module-mariadb.xml"
+    dest: "{{ keycloak_jboss_home }}/modules/system/layers/keycloak/org/mariadb/main/module.xml"
+    owner: "{{ keycloak_service_user }}"
+    group: "{{ keycloak_service_group }}"

- name: Create module.xml for postgresql jdbc driver
+- name: Add systemd unit file for keycloak service
+  template:
+    src: "keycloak.service.j2"
+    dest: "/etc/systemd/system/{{ keycloak_service_name }}.service"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - reload systemd
+    - restart keycloak
--- a/tasks/install-ssl.yml
+++ b/tasks/install-ssl.yml
 ---

- name : Installing Let's Encrypt
-
- name : Configuring the certificates for Keycloak
-
- name : Verifing the SSL certificates
-
- name : Setting up automatic renewal of the certificates
+# - name : Installing Let's Encrypt
+#
+# - name : Configuring the certificates for Keycloak
+#
+# - name : Verifing the SSL certificates
+#
+# - name : Setting up automatic renewal of the certificates
--- a/tasks/install-update.yml
+++ b/tasks/install-update.yml
 ---

- name : Verifying that we are running the last version of Keycloak
-
- name : Updating the variables to install the last version of keycloak
+# - name : Verifying that we are running the last version of Keycloak
+#
+# - name : Updating the variables to install the last version of keycloak
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -23,10 +23,10 @@
 - include: install-configuration.yml

 # Install NGINX as a reverse proxy
- include: install-reverse-proxy.yml
+# - include: install-reverse-proxy.yml

 # Configuration of the SSL certificates
- include: install-ssl.yml
+# - include: install-ssl.yml

 # Launch the service
 - include: install-run-service.yml

--- a/templates/keycloak.service.j2
+++ b/templates/keycloak.service.j2
+[Unit]
+Description=Keycloak Server
+After=network.target
+Wants.mariadb.service
+
+[Service]
+Type=simple
+Environment="JAVA_OPTS={{ keycloak_java_opts }}"
+Environment="JBOSS_HOME={{ keycloak_jboss_home }}"
+Restart=always
+User={{ keycloak_service_user }}
+Group={{ keycloak_service_group }}
+ExecStart={{ keycloak_jboss_home }}/bin/standalone.sh --server-config=standalone-ha.xml -b={{ keycloak_bind_address }} -Djboss.http.port={{ keycloak_http_port }} -Djboss.https.port={{ keycloak_https_port }} -Djboss.management.http.port={{ keycloak_management_http_port }} -Djboss.management.https.port={{ keycloak_management_https_port }}
+TimeoutStartSec=600
+TimeoutStopSec=600
+
+[Install]
+WantedBy=multi-user.target
--- a/templates/standalone-ha.xml.j2
+++ b/templates/standalone-ha.xml.j2
--- a/vars/main.yml
+++ b/vars/main.yml
 ---
 # vars file for sso-lqdn

-## General (required)
-keycloak_version: "12.0.1"
-keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
-keycloak_force_install: false
-keycloak_create_admin: false
-keycloak_admin_user: "admin"
+# General user setup

-## General (optional)
+keycloak_service_group: "keycloak"
 keycloak_service_user: "keycloak"
-keycloak_service_group: "{{ keycloak_service_user }}"
 keycloak_service_name: "keycloak"
-keycloak_base_path: "/var/www/keycloak"
+keycloak_base_path: "/opt/keycloak"
+keycloak_dest: "{{ keycloak_base_path }}"
+
+## General settings
+keycloak_version: "12.0.4"
+keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
+keycloak_archive: "keycloak-{{ keycloak_version }}.zip"
+keycloak_archive_on_target: True # To download the archive directly to the server
+
+# Database settings
+keycloack_mysql_root_password: "{{ vault_keycloak_mysql_root_password}}"
+keycloak_db_name: "keycloak"
+keycloak_db_admin: "keycloak"
+keycloak_db_pwd: "{{ vault_keycloak_db_pwd }}"
+
+# More General settings ( Optional )
 keycloak_jboss_home: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}"
 keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
-keycloak_startup_timeout: "300"
-keycloak_java_opts: "-Xms256m -Xmx1024m"

-## Database
-keycloak_postgresql_jdbc_version: "42.2.18"
-keycloak_postgresql_jdbc_url: "https://jdbc.postgresql.org/download/postgresql-{{ keycloak_postgresql_jdbc_version }}.jar"
-keycloak_postgresql_host: "localhost"
-keycloak_postgresql_port: "5432"
-keycloak_postgresql_database: "keycloak"
+# If you want to create the admin user
+keycloak_create_admin: false
+keycloak_admin_user: "admin"
+keycloak_admin_password: "{{ vault_keycloak_admin_password }}"

 ## Networking
 keycloak_behind_reverseproxy: true
@@ -33,6 +38,13 @@ keycloak_https_port: "8443"
 keycloak_management_http_port: "9990"
 keycloak_management_https_port: "9993"

+# Run settings
+keycloak_startup_timeout: "300"
+keycloak_java_opts: "-Xms256m -Xmx1024m"
+
+# In case you want to force the re installation
+keycloak_force_install: false
+
 ## Customization
 keycloak_profile_preview: false
 keycloak_welcome_theme: "keycloak"