Commit 09232b14 authored by nono's avatar nono 💻
Browse files

Added all the base files and tasks

parent eaa8d04d
<?xml version="1.0" ?>
<module xmlns="urn:jboss:module:1.3" name="org.mariadb.jdbc">
<resources>
<resource-root path="/usr/share/java/mariadb-java-client.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
</module>
---
# handlers file for sso-lqdn
- name: reload systemd
systemd:
daemon_reload: yes
become: yes
- name: restart keycloak
systemd:
name: keycloak
enabled: yes
state: restarted
become: yes
---
- name : Configuring Keycloak
template:
src: standalone-ha.xml.j2
dest: {{ keycloak_config_dir }}/standalone-ha.xml
owner: root
group: root
mode: 0644
become: yes
notify:
- reload systemd
- restart keycloak
- name: create Keycloak admin user
command:
args:
argv:
- "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
- -rmaster
- -u{{ keycloak_admin_user }}
- -p{{ keycloak_admin_password }}
creates: "{{ keycloak_config_dir }}/keycloak-add-user.json"
become: yes
tags:
- skip_ansible_lint
---
# Adding the database to be used by Keycloak
# Adding the Java Database Driver
- name : Installation of the latest Java OpenJDK Driver
package :
name :
- libmariadb-java
state : latest
# Creating the database user and password for keycloak
- name: "Update root password"
mysql_user:
name: root
password: "{{ keycloack_mysql_root_password }}"
check_implicit_admin: yes
priv: "*.*:ALL,GRANT"
# Assuming the root user has only localhost access
host_all: yes
- name: "Delete the anonymous user."
mysql_user:
user: ""
state: "absent"
login_user: root
login_password: "{{ keycloack_mysql_root_password }}"
ignore_errors: yes
- name: "Removes the MySQL test database"
mysql_db:
name: test
state: absent
login_user: root
login_password: "{{ keycloack_mysql_root_password }}"
ignore_errors: yes
- name: "Add Database {{ keycloak_db_name }}."
mysql_db:
name: "{{ keycloak_db_name }}"
login_user: root
login_password: "{{ keycloack_mysql_root_password }}"
state: present
- name: "Configure the database user."
mysql_user:
name: "{{ keycloak_db_admin }}"
password: "{{ keycloak_db_pwd }}"
priv: "{{ keycloak_db_name }}.*:ALL"
login_user: root
login_password: "{{ keycloak_mysql_root_pwd }}"
state: present
......@@ -13,8 +13,8 @@
- tar
state : present
- name : Installation of pSQL
- name : Installation of MariaDB
package :
name :
- postgresql
- mariadb
state : present
---
- name : Installing Nginx
- name : Configuring Nginx to reverse proxy Keycloak
- name : Configuring Nginx to process the SSL certificates
#
# - name : Installing Nginx
#
# - name : Configuring Nginx to reverse proxy Keycloak
#
# - name : Configuring Nginx to process the SSL certificates
---
- name : Installing the SystemD service script
- name : Launching the service
- name: Installing the SystemD service script
template:
src: keycloak.service.j2
dest: /etc/systemd/system/keycloak.service
owner: root
group: root
mode: 0644
become: yes
notify:
- reload systemd
- restart keycloak
......@@ -18,16 +18,72 @@
state: absent
when: existing_deploy.stat.exists and keycloak_force_install | bool
- name: Checking for an existing deployment after possible forced removal
stat:
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
- name: Downloading Keycloak
- name: create Keycloak install location
file:
dest: "{{ keycloak_base_path }}"
state: directory
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
become: yes
- block:
- name: download Keycloak archive to target
get_url:
url: "{{ keycloak_url }}"
dest: "{{ keycloak_dest }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
- name: extract Keycloak archive on target
unarchive:
remote_src: yes
src: "{{ keycloak_dest }}/{{ keycloak_archive }}"
dest: "{{ keycloak_dest }}"
creates: "{{ keycloak_jboss_home }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
notify:
- restart keycloak
become: yes
when: keycloak_archive_on_target
- name: Extracting Keycloak
- block:
- name: download Keycloak archive to local
delegate_to: localhost
get_url:
url: "{{ keycloak_url }}"
dest: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
- name: extract Keycloak archive on local
unarchive:
remote_src: no
src: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
dest: "{{ keycloak_dest }}"
creates: "{{ keycloak_jboss_home }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
become: yes
notify:
- restart keycloak
when: not keycloak_archive_on_target
- name: Downloading postgresql jdbc driver
- name: Create module.xml for mariadb jdbc driver
copy:
src: "module-mariadb.xml"
dest: "{{ keycloak_jboss_home }}/modules/system/layers/keycloak/org/mariadb/main/module.xml"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
- name: Create module.xml for postgresql jdbc driver
- name: Add systemd unit file for keycloak service
template:
src: "keycloak.service.j2"
dest: "/etc/systemd/system/{{ keycloak_service_name }}.service"
owner: root
group: root
mode: 0644
notify:
- reload systemd
- restart keycloak
---
- name : Installing Let's Encrypt
- name : Configuring the certificates for Keycloak
- name : Verifing the SSL certificates
- name : Setting up automatic renewal of the certificates
# - name : Installing Let's Encrypt
#
# - name : Configuring the certificates for Keycloak
#
# - name : Verifing the SSL certificates
#
# - name : Setting up automatic renewal of the certificates
---
- name : Verifying that we are running the last version of Keycloak
- name : Updating the variables to install the last version of keycloak
# - name : Verifying that we are running the last version of Keycloak
#
# - name : Updating the variables to install the last version of keycloak
......@@ -23,10 +23,10 @@
- include: install-configuration.yml
# Install NGINX as a reverse proxy
- include: install-reverse-proxy.yml
# - include: install-reverse-proxy.yml
# Configuration of the SSL certificates
- include: install-ssl.yml
# - include: install-ssl.yml
# Launch the service
- include: install-run-service.yml
......
[Unit]
Description=Keycloak Server
After=network.target
Wants.mariadb.service
[Service]
Type=simple
Environment="JAVA_OPTS={{ keycloak_java_opts }}"
Environment="JBOSS_HOME={{ keycloak_jboss_home }}"
Restart=always
User={{ keycloak_service_user }}
Group={{ keycloak_service_group }}
ExecStart={{ keycloak_jboss_home }}/bin/standalone.sh --server-config=standalone-ha.xml -b={{ keycloak_bind_address }} -Djboss.http.port={{ keycloak_http_port }} -Djboss.https.port={{ keycloak_https_port }} -Djboss.management.http.port={{ keycloak_management_http_port }} -Djboss.management.https.port={{ keycloak_management_https_port }}
TimeoutStartSec=600
TimeoutStopSec=600
[Install]
WantedBy=multi-user.target
This diff is collapsed.
---
# vars file for sso-lqdn
## General (required)
keycloak_version: "12.0.1"
keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
keycloak_force_install: false
keycloak_create_admin: false
keycloak_admin_user: "admin"
# General user setup
## General (optional)
keycloak_service_group: "keycloak"
keycloak_service_user: "keycloak"
keycloak_service_group: "{{ keycloak_service_user }}"
keycloak_service_name: "keycloak"
keycloak_base_path: "/var/www/keycloak"
keycloak_base_path: "/opt/keycloak"
keycloak_dest: "{{ keycloak_base_path }}"
## General settings
keycloak_version: "12.0.4"
keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
keycloak_archive: "keycloak-{{ keycloak_version }}.zip"
keycloak_archive_on_target: True # To download the archive directly to the server
# Database settings
keycloack_mysql_root_password: "{{ vault_keycloak_mysql_root_password}}"
keycloak_db_name: "keycloak"
keycloak_db_admin: "keycloak"
keycloak_db_pwd: "{{ vault_keycloak_db_pwd }}"
# More General settings ( Optional )
keycloak_jboss_home: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}"
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
keycloak_startup_timeout: "300"
keycloak_java_opts: "-Xms256m -Xmx1024m"
## Database
keycloak_postgresql_jdbc_version: "42.2.18"
keycloak_postgresql_jdbc_url: "https://jdbc.postgresql.org/download/postgresql-{{ keycloak_postgresql_jdbc_version }}.jar"
keycloak_postgresql_host: "localhost"
keycloak_postgresql_port: "5432"
keycloak_postgresql_database: "keycloak"
# If you want to create the admin user
keycloak_create_admin: false
keycloak_admin_user: "admin"
keycloak_admin_password: "{{ vault_keycloak_admin_password }}"
## Networking
keycloak_behind_reverseproxy: true
......@@ -33,6 +38,13 @@ keycloak_https_port: "8443"
keycloak_management_http_port: "9990"
keycloak_management_https_port: "9993"
# Run settings
keycloak_startup_timeout: "300"
keycloak_java_opts: "-Xms256m -Xmx1024m"
# In case you want to force the re installation
keycloak_force_install: false
## Customization
keycloak_profile_preview: false
keycloak_welcome_theme: "keycloak"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment