Commit eaa8d04d authored by nono's avatar nono 💻
Browse files

Added steps for each task, Updated README

parent e470026d
......@@ -7,6 +7,8 @@ Ce rôle se charge d'installer keycloack. À terme, il se chargera aussi de fair
Il ne se charge pas d'ajouter des utilisateurices, ni de configurer les intégrations avec les services tiers.
Ce rôle va utiliser la configuration "high availability" pour Keycloack par défault.
Requirements
------------
......
---
- name : Installing Nginx
- name : Configuring Nginx to reverse proxy Keycloak
- name : Configuring Nginx to process the SSL certificates
---
- name : Installing the SystemD service script
- name : Launching the service
---
- name : Checking for existing installation
stat:
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
- block:
- name: Stopping the old keycloak service
systemd:
name: "{{ keycloak_service_name }}"
state: stopped
ignore_errors: true
- name: Removing the old Keycloak deployment
file:
path: "{{ keycloak_jboss_home }}"
state: absent
when: existing_deploy.stat.exists and keycloak_force_install | bool
- name: Checking for an existing deployment after possible forced removal
stat:
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
- name: Downloading Keycloak
- name: Extracting Keycloak
- name: Downloading postgresql jdbc driver
- name: Create module.xml for postgresql jdbc driver
---
- name : Installing Let's Encrypt
- name : Configuring the certificates for Keycloak
- name : Verifing the SSL certificates
- name : Setting up automatic renewal of the certificates
---
- name : Verifying that we are running the last version of Keycloak
- name : Updating the variables to install the last version of keycloak
......@@ -10,23 +10,25 @@
# Get the database running
- include: install-database.yml
# TODO: The part will only be executed in the case of an update
#- include: install-update.yml
# TODO: This part will only be executed if we're restoring from a backup
#- include: reinstall-from-backup.yml
# Download and install the service from archive
- include: install-service.yml
# Configuration of the SSL certificates
- include: install-ssl.yml
# Configure the service via configuration files
- include: install-configuration.yml
# Install NGINX as a reverse proxy
- include: install-reverse-proxy.yml
# Configuration of the SSL certificates
- include: install-ssl.yml
# Launch the service
- include: install-run-service.yml
# The part will only be executed in the case of an update
- include: install-update.yml
# This part will only be executed if we're restoring from a backup
- include: reinstall-from-backup.yml
# --- As of here, the service should be running and accessible
---
# vars file for sso-lqdn
## General (required)
keycloak_version: "12.0.1"
keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
keycloak_force_install: false
keycloak_create_admin: false
keycloak_admin_user: "admin"
## General (optional)
keycloak_service_user: "keycloak"
keycloak_service_group: "{{ keycloak_service_user }}"
keycloak_service_name: "keycloak"
keycloak_base_path: "/var/www/keycloak"
keycloak_jboss_home: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}"
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
keycloak_startup_timeout: "300"
keycloak_java_opts: "-Xms256m -Xmx1024m"
## Database
keycloak_postgresql_jdbc_version: "42.2.18"
keycloak_postgresql_jdbc_url: "https://jdbc.postgresql.org/download/postgresql-{{ keycloak_postgresql_jdbc_version }}.jar"
keycloak_postgresql_host: "localhost"
keycloak_postgresql_port: "5432"
keycloak_postgresql_database: "keycloak"
## Networking
keycloak_behind_reverseproxy: true
keycloak_bind_address: "127.0.0.1"
keycloak_http_port: "8080"
keycloak_https_port: "8443"
keycloak_management_http_port: "9990"
keycloak_management_https_port: "9993"
## Customization
keycloak_profile_preview: false
keycloak_welcome_theme: "keycloak"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment