From eaa8d04de986e840f5fc2c08f97e141ed095a3d9 Mon Sep 17 00:00:00 2001
From: nono <np@laquadrature.net>
Date: Mon, 22 Feb 2021 14:16:53 +0100
Subject: [PATCH] Added steps for each task, Updated README
---
README.md | 2 ++
tasks/install-configuration.yml | 2 ++
tasks/install-reverse-proxy.yml | 6 ++++++
tasks/install-run-service.yml | 4 ++++
tasks/install-service.yml | 32 +++++++++++++++++++++++++++++
tasks/install-ssl.yml | 8 ++++++++
tasks/install-update.yml | 4 ++++
tasks/main.yml | 18 +++++++++--------
vars/main.yml | 36 +++++++++++++++++++++++++++++++++
9 files changed, 104 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index 4629763..1d5e18a 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,8 @@ Ce rôle se charge d'installer keycloack. À terme, il se chargera aussi de fair
Il ne se charge pas d'ajouter des utilisateurices, ni de configurer les intégrations avec les services tiers.
+Ce rôle va utiliser la configuration "high availability" pour Keycloack par défault.
+
Requirements
------------
diff --git a/tasks/install-configuration.yml b/tasks/install-configuration.yml
index ed97d53..101d779 100644
--- a/tasks/install-configuration.yml
+++ b/tasks/install-configuration.yml
@@ -1 +1,3 @@
---
+
+- name : Configuring Keycloak
diff --git a/tasks/install-reverse-proxy.yml b/tasks/install-reverse-proxy.yml
index ed97d53..0953145 100644
--- a/tasks/install-reverse-proxy.yml
+++ b/tasks/install-reverse-proxy.yml
@@ -1 +1,7 @@
---
+
+- name : Installing Nginx
+
+- name : Configuring Nginx to reverse proxy Keycloak
+
+- name : Configuring Nginx to process the SSL certificates
diff --git a/tasks/install-run-service.yml b/tasks/install-run-service.yml
index ed97d53..7fabfdb 100644
--- a/tasks/install-run-service.yml
+++ b/tasks/install-run-service.yml
@@ -1 +1,5 @@
---
+
+- name : Installing the SystemD service script
+
+- name : Launching the service
diff --git a/tasks/install-service.yml b/tasks/install-service.yml
index ed97d53..77cf892 100644
--- a/tasks/install-service.yml
+++ b/tasks/install-service.yml
@@ -1 +1,33 @@
---
+
+- name : Checking for existing installation
+ stat:
+ path: "{{ keycloak_jboss_home }}"
+ register: existing_deploy
+
+- block:
+ - name: Stopping the old keycloak service
+ systemd:
+ name: "{{ keycloak_service_name }}"
+ state: stopped
+ ignore_errors: true
+
+ - name: Removing the old Keycloak deployment
+ file:
+ path: "{{ keycloak_jboss_home }}"
+ state: absent
+ when: existing_deploy.stat.exists and keycloak_force_install | bool
+
+
+- name: Checking for an existing deployment after possible forced removal
+ stat:
+ path: "{{ keycloak_jboss_home }}"
+ register: existing_deploy
+
+- name: Downloading Keycloak
+
+- name: Extracting Keycloak
+
+- name: Downloading postgresql jdbc driver
+
+- name: Create module.xml for postgresql jdbc driver
diff --git a/tasks/install-ssl.yml b/tasks/install-ssl.yml
index ed97d53..3225146 100644
--- a/tasks/install-ssl.yml
+++ b/tasks/install-ssl.yml
@@ -1 +1,9 @@
---
+
+- name : Installing Let's Encrypt
+
+- name : Configuring the certificates for Keycloak
+
+- name : Verifing the SSL certificates
+
+- name : Setting up automatic renewal of the certificates
diff --git a/tasks/install-update.yml b/tasks/install-update.yml
index ed97d53..d126430 100644
--- a/tasks/install-update.yml
+++ b/tasks/install-update.yml
@@ -1 +1,5 @@
---
+
+- name : Verifying that we are running the last version of Keycloak
+
+- name : Updating the variables to install the last version of keycloak
diff --git a/tasks/main.yml b/tasks/main.yml
index a125d67..93e2875 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -10,23 +10,25 @@
# Get the database running
- include: install-database.yml
+# TODO: The part will only be executed in the case of an update
+#- include: install-update.yml
+
+# TODO: This part will only be executed if we're restoring from a backup
+#- include: reinstall-from-backup.yml
+
# Download and install the service from archive
- include: install-service.yml
-# Configuration of the SSL certificates
-- include: install-ssl.yml
-
# Configure the service via configuration files
- include: install-configuration.yml
# Install NGINX as a reverse proxy
- include: install-reverse-proxy.yml
+# Configuration of the SSL certificates
+- include: install-ssl.yml
+
# Launch the service
- include: install-run-service.yml
-# The part will only be executed in the case of an update
-- include: install-update.yml
-
-# This part will only be executed if we're restoring from a backup
-- include: reinstall-from-backup.yml
+# --- As of here, the service should be running and accessible
diff --git a/vars/main.yml b/vars/main.yml
index a590683..387959f 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,38 @@
---
# vars file for sso-lqdn
+
+## General (required)
+keycloak_version: "12.0.1"
+keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
+keycloak_force_install: false
+keycloak_create_admin: false
+keycloak_admin_user: "admin"
+
+## General (optional)
+keycloak_service_user: "keycloak"
+keycloak_service_group: "{{ keycloak_service_user }}"
+keycloak_service_name: "keycloak"
+keycloak_base_path: "/var/www/keycloak"
+keycloak_jboss_home: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}"
+keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
+keycloak_startup_timeout: "300"
+keycloak_java_opts: "-Xms256m -Xmx1024m"
+
+## Database
+keycloak_postgresql_jdbc_version: "42.2.18"
+keycloak_postgresql_jdbc_url: "https://jdbc.postgresql.org/download/postgresql-{{ keycloak_postgresql_jdbc_version }}.jar"
+keycloak_postgresql_host: "localhost"
+keycloak_postgresql_port: "5432"
+keycloak_postgresql_database: "keycloak"
+
+## Networking
+keycloak_behind_reverseproxy: true
+keycloak_bind_address: "127.0.0.1"
+keycloak_http_port: "8080"
+keycloak_https_port: "8443"
+keycloak_management_http_port: "9990"
+keycloak_management_https_port: "9993"
+
+## Customization
+keycloak_profile_preview: false
+keycloak_welcome_theme: "keycloak"
--
GitLab