Modification de la mise à jour de Keycloak

82d92167 · nono · ac1ec1d9 · 82d92167 · 82d92167 · 82d92167
Commit 82d92167 authored Mar 23, 2022 by nono 💻
--- a/tasks/install-database.yml
+++ b/tasks/install-database.yml
@@ -3,6 +3,7 @@

 # Adding the Java Database Driver
 - name : Installation of the latest Java OpenJDK Driver
+  become: yes
  package :
    name :
    - libmariadb-java
@@ -11,6 +12,7 @@
 # Creating the database user and password for keycloak

 - name: "Delete the anonymous user."
+  become: yes
  mysql_user:
    user: ""
    state: "absent"
@@ -20,6 +22,7 @@
  ignore_errors: yes

 - name: "Removes the MySQL test database"
+  become: yes
  mysql_db:
    name: test
    state: absent
@@ -29,6 +32,7 @@
  ignore_errors: yes

 - name: "Add Database {{ keycloak_db_name }}."
+  become: yes
  mysql_db:
    name: "{{ keycloak_db_name }}"
    login_user: root
@@ -37,6 +41,7 @@
    state: present

 - name: "Configure the database user."
+  become: yes
  mysql_user:
    name: "{{ keycloak_db_admin }}"
    password: "{{ keycloak_db_pwd }}"

--- a/tasks/install-dependencies.yml
+++ b/tasks/install-dependencies.yml
 ---

+- name: Updating APT cache
+  become: yes
+  apt:
+    update_cache: yes
+
+
 - name : Installation of the latest Java OpenJDK
+  become: yes
  package :
-    name :
-    - default-jdk
+    name : default-jdk
    state : latest

 - name : Installation of zip and tar
+  become: yes
  package :
    name :
    - zip
@@ -14,6 +21,7 @@
    state : latest

 - name : Installation of MariaDB
+  become: yes
  package :
    name :
    - mariadb-server

--- a/tasks/install-run-service.yml
+++ b/tasks/install-run-service.yml
 ---

 - name: Installing the SystemD service script
+  become: yes
  template:
    src: "keycloak.service.j2"
    dest: "/etc/systemd/system/keycloak.service"
    owner: root
    group: root
    mode: 0644
-  become: yes
  notify:
    - reload systemd
    - restart keycloak
+
+- name: Enable and start the SystemD service script
+  become: yes
+  service:
+    name: keycloak
+    state: started
+    enabled: yes
--- a/tasks/install-service.yml
+++ b/tasks/install-service.yml
 ---

- name : Checking for existing installation
+- name : Checking for existing installation of the same version
  stat:
    path: "{{ keycloak_jboss_home }}"
  register: existing_deploy

 - block:
-    - name: Stopping the old keycloak service
+    - name: Stopping the existing keycloak service
      systemd:
        name: "{{ keycloak_service_name }}"
        state: stopped
      ignore_errors: true

-    - name: Removing the old Keycloak deployment
+    - name: Removing the existing Keycloak deployment
      file:
        path: "{{ keycloak_jboss_home }}"
        state: absent
@@ -23,7 +23,7 @@
    path: "{{ keycloak_jboss_home }}"
  register: existing_deploy

- name: create Keycloak install location
+- name: Create Keycloak install location
  file:
    dest: "{{ keycloak_base_path }}"
    state: directory
@@ -32,7 +32,7 @@
  become: yes

 - block:
-    - name: download Keycloak archive to target
+    - name: Download Keycloak archive to target
      get_url:
        url: "{{ keycloak_url }}"
        dest: "{{ keycloak_dest }}"
@@ -52,12 +52,14 @@
  when: keycloak_archive_on_target

 - block:
-    - name: download Keycloak archive to local
+    - name: Download Keycloak archive to local
      delegate_to: localhost
      get_url:
        url: "{{ keycloak_url }}"
        dest: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
+
    - name: extract Keycloak archive on local
+      become: yes
      unarchive:
        remote_src: no
        src: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
@@ -65,27 +67,39 @@
        creates: "{{ keycloak_jboss_home }}"
        owner: "{{ keycloak_service_user }}"
        group: "{{ keycloak_service_group }}"
-      become: yes
      notify:
        - restart keycloak
  when: not keycloak_archive_on_target

 - name: Create MariaDB module directory
+  become: yes
  file:
    dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/"
    state: directory
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
-  become: yes
+    mode: "u=rwx,g=rwx,o=r"

 - name: Create module.xml for mariadb jdbc driver
+  become: yes
  copy:
    src: "module-mariadb.xml"
    dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/module.xml"
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
+    mode: "u=rwx,g=rx,o=r"
+
+- name: Secure MariaDB module directory permission
+  become: yes
+  file:
+    dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/"
+    state: directory
+    owner: "{{ keycloak_service_user }}"
+    group: "{{ keycloak_service_group }}"
+    mode: "u=rwx,g=rx,o=r"

 - name: Add systemd unit file for keycloak service
+  become: yes
  template:
    src: "keycloak.service.j2"
    dest: "/etc/systemd/system/{{ keycloak_service_name }}.service"

--- a/tasks/main.yml
+++ b/tasks/main.yml
 ---
 # tasks file for sso-lqdn

-# We start by creating a keycloack user and home
- include: install-users.yml
+- name: Creating a keycloack user and home
+  include_tasks: install-users.yml

-# We're making sure Java and other deps are available on the system
- include: install-dependencies.yml
+- name: Making sure Java and other deps are available on the system
+  include_tasks: install-dependencies.yml

-# Get the database running
- include: install-database.yml
+- name: Get the database running
+  include_tasks: install-database.yml

-# Download and install the service from archive
- include: install-service.yml
+- name: Download and install the service from archive
+  include_tasks: install-service.yml

 # Configure the service via configuration files
 - include: install-configuration.yml

 # Update the service
- include: update-service.yml
+- name: Import data from previous versions and update the installation.
+  include_tasks: update-service.yml
+  when: keycloak_previous_version is defined
+
+- name: Warn the user if no update has been made
+  debug:
+    msg: "WARNING : No data will be imported from previous versions, no update done."
+  when: keycloak_previous_version is not defined

 # Launch the service
 - include: install-run-service.yml

--- a/tasks/update-service.yml
+++ b/tasks/update-service.yml
 # Update the keycloak installation
+- name: Checking for pre-existing installation
+  stat:
+    path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}"
+  register: is_there_an_existing_keycloak

-# Stop the service
- name: Stopping the service for the update.
-  systemd:
-    name: "{{ keycloak_service_name }}"
-    state: stopped
-  ignore_errors: true
-
-# Delete the data/tx-object-store/ transaction directory
- name: Deleting the data/tx-object-store/ transaction directory
-  file:
-    path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone/data/tx-object-store/"
-    state: absent
-
-# Backup the old installation
-#- name: Making a copy of the current installation
-# NB: Not needed as we are installing to a new directory anyways. We don't touch
-# the old directory.
-
-# Backup the database
- name: Backing up the of database
-  shell: mysqldump keycloak > /root/keycloak-backup-$(date --iso).sql
-
-# Upgrade the server
-#- name: Upgrading the server with the new files
-# This is actually reinstalling the files.
-
-# copy the KEYCLOAK_HOME/standalone/ directory from the previous installation over the directory in the new installation.
- name: Copying the standalone directory from the previous installation
-  copy:
-    src: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone"
-    dest: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}/standalone"
-    remote_src: yes
-
-# Run the upgrade script
-# bin/jboss-cli.sh --file=bin/migrate-standalone-ha.cli
- name: Running the upgrade script
-  shell: "{{ keycloak_jboss_home}}/bin/jboss-cli.sh --file={{ keycloak_jboss_home}}/bin/migrate-standalone-ha.cli"
+- name: Printing status of pre-existing installation
+  debug:
+    msg: "{{ is_there_an_existing_keycloak }}"
+
+- name: Updating if needed
+  block:
+    # Stop the service
+    - name: Stopping the service for the update.
+      become: yes
+      systemd:
+        name: "{{ keycloak_service_name }}"
+        state: stopped
+      ignore_errors: true
+
+    # Delete the data/tx-object-store/ transaction directory
+    - name: Deleting the data/tx-object-store/ transaction directory
+      file:
+        path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone/data/tx-object-store/"
+        state: absent
+
+    # Backup the old installation
+    #- name: Making a copy of the current installation
+    # NB: Not needed as we are installing to a new directory anyways. We don't touch
+    # the old directory.
+
+    # Backup the database
+    - name: Backing up the of database
+      become: yes
+      shell: mysqldump keycloak > /root/keycloak-backup-$(date --iso).sql
+
+    # Upgrade the server
+    #- name: Upgrading the server with the new files
+    # This is actually reinstalling the files.
+
+    # copy the KEYCLOAK_HOME/standalone/ directory from the previous installation over the directory in the new installation.
+    - name: Copying the standalone directory from the previous installation
+      become: yes
+      copy:
+        src: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone"
+        dest: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}/standalone"
+        remote_src: yes
+
+    # Run the upgrade script
+    # bin/jboss-cli.sh --file=bin/migrate-standalone-ha.cli
+    - name: Running the upgrade script
+      shell: "{{ keycloak_jboss_home}}/bin/jboss-cli.sh --file={{ keycloak_jboss_home}}/bin/migrate-standalone-ha.cli"
+
+  when: is_there_an_existing_keycloak.stat.exists
+
+- name: Update state
+  debug:
+    msg: "No update done."
+  when: not is_there_an_existing_keycloak.stat.exists

 - name:  Force systemd to reread configs
+  become: yes
  ansible.builtin.systemd:
    daemon_reload: yes