Skip to content
Extraits de code Groupes Projets
Valider c3cb010d rédigé par nono's avatar nono :computer:
Parcourir les fichiers

Modification de la mise à jour de Keycloak

parent ac1ec1d9
Aucune branche associée trouvée
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
......@@ -72,6 +72,9 @@ keycloak_welcome_theme: "keycloak"
mysql_credential_file:
debian: '/etc/mysql/debian.cnf'
### Export old user data from Widly Installations ;
`bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/root/keycloak-user/`
Dependencies
------------
......
<?xml version="1.0" ?>
<module xmlns="urn:jboss:module:1.3" name="org.mariadb.jdbc">
<resources>
<resource-root path="/usr/share/java/mariadb-java-client.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
</module>
......@@ -8,7 +8,5 @@
vars:
- vault_keycloak_mysql_root_password: "hello world"
- vault_keycloak_db_pwd: "hello world"
- keycloak_version: "16.1.1"
- keycloak_previous_version: "16.1.0"
# - keycloak_version: "16.1.0"
# - keycloak_previous_version: "15.0.2"
# - keycloak_version: "16.1.1"
# - keycloak_previous_version: "16.1.0"
......@@ -8,8 +8,10 @@ driver:
platforms:
- name: instance
box: debian/bullseye64
memory: 512
cpus: 1
memory: 2048
cpus: 2
instance_raw_config_args:
- "vm.network 'forwarded_port', guest: 8080, host: 8088"
provisioner:
name: ansible
verifier:
......
---
# Update
- name : Configuring Keycloak
- name: Configuring Keycloak
template:
src: standalone-ha.xml.j2
dest: "{{ keycloak_config_dir }}/standalone-ha.xml"
src: keycloak.conf.j2
dest: "{{ keycloak_config_dir }}/keycloak.conf"
owner: root
group: root
mode: 0644
......@@ -12,16 +13,13 @@
- reload systemd
- restart keycloak
- name: Create Keycloak admin user
- name: Build the keycloak instance
become: yes
command:
args:
argv:
- "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
- -r master
- -u "{{ keycloak_admin_user }}"
- -p "{{ keycloak_admin_password }}"
creates: "{{ keycloak_config_dir }}/keycloak-add-user.json"
become: yes
when: keycloak_create_admin is defined and (keycloak_create_admin | bool)
tags:
- skip_ansible_lint
- "{{ keycloak_jboss_home }}/bin/kc.sh"
- "build"
chdir: "{{ keycloak_jboss_home }}"
# Update
......@@ -3,6 +3,7 @@
# Adding the Java Database Driver
- name : Installation of the latest Java OpenJDK Driver
become: yes
package :
name :
- libmariadb-java
......@@ -11,6 +12,7 @@
# Creating the database user and password for keycloak
- name: "Delete the anonymous user."
become: yes
mysql_user:
user: ""
state: "absent"
......@@ -20,6 +22,7 @@
ignore_errors: yes
- name: "Removes the MySQL test database"
become: yes
mysql_db:
name: test
state: absent
......@@ -29,6 +32,7 @@
ignore_errors: yes
- name: "Add Database {{ keycloak_db_name }}."
become: yes
mysql_db:
name: "{{ keycloak_db_name }}"
login_user: root
......@@ -37,6 +41,7 @@
state: present
- name: "Configure the database user."
become: yes
mysql_user:
name: "{{ keycloak_db_admin }}"
password: "{{ keycloak_db_pwd }}"
......
---
- name: Updating APT cache
become: yes
apt:
update_cache: yes
- name : Installation of the latest Java OpenJDK
become: yes
package :
name :
- default-jdk
name : default-jdk
state : latest
- name : Installation of zip and tar
become: yes
package :
name :
- zip
......@@ -14,6 +21,7 @@
state : latest
- name : Installation of MariaDB
become: yes
package :
name :
- mariadb-server
......
---
- name: Installing the SystemD service script
become: yes
template:
src: "keycloak.service.j2"
dest: "/etc/systemd/system/keycloak.service"
owner: root
group: root
mode: 0644
become: yes
notify:
- reload systemd
- restart keycloak
- name: Enable and start the SystemD service script
become: yes
service:
name: keycloak
state: started
enabled: yes
---
- name : Checking for existing installation
- name: Checking for existing installation of the same version
stat:
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
- block:
- name: Stopping the old keycloak service
- name: Stopping the existing keycloak service
systemd:
name: "{{ keycloak_service_name }}"
state: stopped
ignore_errors: true
- name: Removing the old Keycloak deployment
- name: Removing the existing Keycloak deployment
file:
path: "{{ keycloak_jboss_home }}"
state: absent
......@@ -23,7 +22,7 @@
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
- name: create Keycloak install location
- name: Create Keycloak install location
file:
dest: "{{ keycloak_base_path }}"
state: directory
......@@ -32,13 +31,14 @@
become: yes
- block:
- name: download Keycloak archive to target
- name: Download Keycloak archive to target
get_url:
url: "{{ keycloak_url }}"
dest: "{{ keycloak_dest }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
- name: extract Keycloak archive on target
- name: Extract Keycloak archive on target
unarchive:
remote_src: yes
src: "{{ keycloak_dest }}/{{ keycloak_archive }}"
......@@ -52,12 +52,14 @@
when: keycloak_archive_on_target
- block:
- name: download Keycloak archive to local
- name: Download Keycloak archive to local
delegate_to: localhost
get_url:
url: "{{ keycloak_url }}"
dest: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
- name: extract Keycloak archive on local
become: yes
unarchive:
remote_src: no
src: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
......@@ -65,27 +67,12 @@
creates: "{{ keycloak_jboss_home }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
become: yes
notify:
- restart keycloak
when: not keycloak_archive_on_target
- name: Create MariaDB module directory
file:
dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/"
state: directory
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
become: yes
- name: Create module.xml for mariadb jdbc driver
copy:
src: "module-mariadb.xml"
dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/module.xml"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
- name: Add systemd unit file for keycloak service
become: yes
template:
src: "keycloak.service.j2"
dest: "/etc/systemd/system/{{ keycloak_service_name }}.service"
......
---
# tasks file for sso-lqdn
# We start by creating a keycloack user and home
- include: install-users.yml
- name: Creating a keycloack user and home
include_tasks: install-users.yml
# We're making sure Java and other deps are available on the system
- include: install-dependencies.yml
- name: Making sure Java and other deps are available on the system
include_tasks: install-dependencies.yml
# Get the database running
- include: install-database.yml
- name: Get the database running
include_tasks: install-database.yml
# Download and install the service from archive
- include: install-service.yml
- name: Download and install the service from archive
include_tasks: install-service.yml
# Configure the service via configuration files
- include: install-configuration.yml
# Update the service
- include: update-service.yml
- name: Import data from previous versions and update the installation.
include_tasks: update-service.yml
when: keycloak_previous_version is defined
- name: Warn the user if no update has been made
debug:
msg: "WARNING : No data will be imported from previous versions, no update done."
when: keycloak_previous_version is not defined
# Launch the service
- include: install-run-service.yml
# --- As of here, the service should be running and accessible
# Update the keycloak installation
- name: Checking for pre-existing installation
stat:
path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}"
register: is_there_an_existing_keycloak
# Stop the service
- name: Stopping the service for the update.
systemd:
name: "{{ keycloak_service_name }}"
state: stopped
ignore_errors: true
# Delete the data/tx-object-store/ transaction directory
- name: Deleting the data/tx-object-store/ transaction directory
file:
path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone/data/tx-object-store/"
state: absent
# Backup the old installation
#- name: Making a copy of the current installation
# NB: Not needed as we are installing to a new directory anyways. We don't touch
# the old directory.
# Backup the database
- name: Backing up the of database
shell: mysqldump keycloak > /root/keycloak-backup-$(date --iso).sql
# Upgrade the server
#- name: Upgrading the server with the new files
# This is actually reinstalling the files.
# copy the KEYCLOAK_HOME/standalone/ directory from the previous installation over the directory in the new installation.
- name: Copying the standalone directory from the previous installation
copy:
src: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone"
dest: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}/standalone"
remote_src: yes
# Run the upgrade script
# bin/jboss-cli.sh --file=bin/migrate-standalone-ha.cli
- name: Running the upgrade script
shell: "{{ keycloak_jboss_home}}/bin/jboss-cli.sh --file={{ keycloak_jboss_home}}/bin/migrate-standalone-ha.cli"
- name: Printing status of pre-existing installation
debug:
msg: "{{ is_there_an_existing_keycloak }}"
- name: Updating if needed
block:
# Stop the service
- name: Stopping the service for the update.
become: yes
systemd:
name: "{{ keycloak_service_name }}"
state: stopped
ignore_errors: true
# Delete the data/tx-object-store/ transaction directory
- name: Deleting the data/tx-object-store/ transaction directory
file:
path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone/data/tx-object-store/"
state: absent
# Backup the old installation
#- name: Making a copy of the current installation
# NB: Not needed as we are installing to a new directory anyways. We don't touch
# the old directory.
# Backup the database
- name: Backing up the of database
become: yes
shell: mysqldump keycloak > /root/keycloak-backup-$(date --iso).sql
# Upgrade the server
#- name: Upgrading the server with the new files
# This is actually reinstalling the files.
# copy the KEYCLOAK_HOME/standalone/ directory from the previous installation over the directory in the new installation.
- name: Copying the standalone directory from the previous installation
become: yes
copy:
src: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone"
dest: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}/standalone"
remote_src: yes
# Run the upgrade script
# bin/jboss-cli.sh --file=bin/migrate-standalone-ha.cli
- name: Running the upgrade script
shell: "{{ keycloak_jboss_home}}/bin/jboss-cli.sh --file={{ keycloak_jboss_home}}/bin/migrate-standalone-ha.cli"
when: is_there_an_existing_keycloak.stat.exists
- name: Update state
debug:
msg: "No update done."
when: not is_there_an_existing_keycloak.stat.exists
- name: Force systemd to reread configs
become: yes
ansible.builtin.systemd:
daemon_reload: yes
# Basic settings for running in production. Change accordingly before deploying the server.
# Database
# The database vendor.
db=mariadb
# The username of the database user.
db-username={{ keycloak_db_admin }}
# The password of the database user.
db-password={{ keycloak_db_pwd }}
# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
db-url=jdbc:mariadb://localhost/keycloak
# Observability
# If the server should expose healthcheck endpoints.
#health-enabled=true
# If the server should expose metrics endpoints.
#metrics-enabled=true
# HTTP
# The file path to a server certificate or certificate chain in PEM format.
#https-certificate-file=${kc.home.dir}conf/server.crt.pem
# The file path to a private key in PEM format.
#https-certificate-key-file=${kc.home.dir}conf/server.key.pem
# The proxy address forwarding mode if the server is behind a reverse proxy.
#proxy=reencrypt
# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
#spi-sticky-session-encoder-infinispan-should-attach-route=false
# Hostname for the Keycloak server.
#hostname=myhostname
......@@ -10,7 +10,7 @@ Environment="JBOSS_HOME={{ keycloak_jboss_home }}"
Restart=always
User={{ keycloak_service_user }}
Group={{ keycloak_service_group }}
ExecStart={{ keycloak_jboss_home }}/bin/standalone.sh --server-config=standalone-ha.xml -b={{ keycloak_bind_address }} -Djboss.http.port={{ keycloak_http_port }} -Djboss.https.port={{ keycloak_https_port }} -Djboss.management.http.port={{ keycloak_management_http_port }} -Djboss.management.https.port={{ keycloak_management_https_port }}
ExecStart={{ keycloak_jboss_home }}/bin/kc.sh start
TimeoutStartSec=600
TimeoutStopSec=600
......
Ce diff est replié.
......@@ -10,7 +10,7 @@ keycloak_base_path: "/opt/keycloak"
keycloak_dest: "{{ keycloak_base_path }}"
## General settings
keycloak_version: "15.0.2"
keycloak_version: "18.0.1"
# keycloak_previous_version: "13.0.0"
keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
keycloak_archive: "keycloak-{{ keycloak_version }}.zip"
......@@ -24,7 +24,7 @@ keycloak_db_pwd: "{{ vault_keycloak_db_pwd }}"
keycloak_mysql_unix_socket: "/run/mysqld/mysqld.sock"
# More General settings ( Optional )
keycloak_jboss_home: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}"
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
keycloak_config_dir: "{{ keycloak_jboss_home }}/conf"
# If you want to create the admin user
keycloak_create_admin: false
......
0% Chargement en cours ou .
You are about to add 0 people to the discussion. Proceed with caution.
Terminez d'abord l'édition de ce message.
Veuillez vous inscrire ou vous pour commenter