Update of the keycloak installation

group_vars/keycloak/keycloak-test.yml

+---
+
+# Variables for the keycloack installation
+
+## Keycloak config
+
+keycloak_version: "18.0.2"
+keycloak_create_admin: false
+
+## Security config
+
+keycloak_log_directory: "/var/log/keycloak"
+
+## Cerbot config
+
+certbot_install_method: package
+certbot_admin_email: "{{ sysadmin_email }}"
+certbot_create_if_missing: True
+certbot_create_method: standalone
+certbot_certs:
+    - domains:
+      - sso.test.lqdn.fr
+      - stats.sso.test.lqdn.fr
+certbot_auto_renew_options: '--webroot -w /var/www/letsencrypt && systemctl reload nginx'
+certbot_auto_renew: true
+
+## Nginx config
+nginx_worker_processes: 2
+nginx_vhosts:
+  - listen: "443 ssl http2"
+    server_name: "stats.sso.test.lqdn.fr"
+    access_log: "/var/log/nginx/stats_keycloak_access.log"
+    error_log: "/var/log/nginx/stats_keycloak_error.log"
+    state: "present"
+    template: "{{ nginx_vhost_template }}"
+    filename: "stats.sso.test.lqdn.fr.https.conf"
+    extra_parameters: |
+      location / {
+        proxy_buffering off;
+        proxy_set_header Referer $http_referer;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+  
+        proxy_pass http://127.0.0.1:9001;
+        proxy_redirect off;
+      }
+      location /.well-known/acme-challenge {
+        alias /var/www/letsencrypt/.well-known/acme-challenge;
+      }
+      ssl_certificate /etc/letsencrypt/live/stats.sso.test.lqdn.fr/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/stats.sso.test.lqdn.fr/privkey.pem;
+      ssl_protocols       TLSv1.1 TLSv1.2;
+      ssl_ciphers         HIGH:!aNULL:!MD5;
+  - listen: "443 ssl http2"
+    server_name: "sso.test.lqdn.fr"
+    access_log: "/var/log/nginx/keycloak_access.log"
+    error_log: "/var/log/nginx/keycloak_error.log"
+    state: "present"
+    template: "{{ nginx_vhost_template }}"
+    filename: "sso.test.lqdn.fr.https.conf"
+    extra_parameters: |
+      location / {
+        proxy_buffering off;
+        proxy_set_header Referer $http_referer;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+
+        proxy_pass http://127.0.0.1:8080;
+        proxy_redirect off;
+      }
+      location /.well-known/acme-challenge {
+        alias /var/www/letsencrypt/.well-known/acme-challenge;
+      }
+      # location = / {
+      #   return 301 "https://sso.test.lqdn.fr/auth/realms/lqdn/account";
+      # }
+      # location = /admin {
+      #   return 301 "https://sso.test.lqdn.fr/auth/admin/";
+      # }
+      ssl_certificate /etc/letsencrypt/live/sso.test.lqdn.fr/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/sso.test.lqdn.fr/privkey.pem;
+      ssl_protocols       TLSv1.1 TLSv1.2;
+      ssl_ciphers         HIGH:!aNULL:!MD5;
+  - listen: "80"
+    server_name: "sso.test.lqdn.fr"
+    access_log: "/var/log/nginx/keycloak_access.log"
+    error_log: "/var/log/nginx/keycloak_error.log"
+    state: "present"
+    template: "{{ nginx_vhost_template }}"
+    filename: "sso.test.lqdn.fr.http.conf"
+    extra_parameters: |
+      location / {
+        return 302 https://sso.test.lqdn.fr$request_uri;
+      }
+
+# Node-exporter
+node_exporter_version: "latest"
+node_exporter_web_listen_address: "0.0.0.0:9100"

group_vars/keycloak/keycloak.yml

@@ -4,13 +4,12 @@
 
 ## Keycloak config
 
-keycloak_version: "15.1.0"
+keycloak_version: "18.1.0"
 keycloak_create_admin: false
-keycloak_force_install: true
 
 ## Security config
 
-keycloak_log_directory: "/opt/keycloak/keycloak-{{ keycloak_version }}/standalone/log"
+keycloak_log_directory: "/var/log/keycloak"
 
 ## Cerbot config
 
@@ -28,37 +27,37 @@ certbot_auto_renew: true
 ## Nginx config
 
 nginx_vhosts:
-  # - listen: "443 ssl http2"
-  #   server_name: "stats.sso.lqdn.fr"
-  #   access_log: "/var/log/nginx/stats_keycloak_access.log"
-  #   error_log: "/var/log/nginx/stats_keycloak_error.log"
-  #   state: "present"
-  #   template: "{{ nginx_vhost_template }}"
-  #   filename: "stats.sso.lqdn.fr.https.conf"
-  #   extra_parameters: |
-  #     location / {
-  #       proxy_buffering off;
-  #       proxy_set_header Referer $http_referer;
-  #       proxy_set_header X-Real-IP $remote_addr;
-  #       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  #       proxy_set_header X-Forwarded-Host $host;
-  #       proxy_set_header X-Forwarded-Server $host;
-  #       proxy_set_header X-Forwarded-Proto $scheme;
-  #       proxy_set_header X-Forwarded-Port $server_port;
-  #       proxy_set_header Host $http_host;
-  #       proxy_set_header Upgrade $http_upgrade;
-  #       proxy_set_header Connection 'upgrade';
-  #
-  #       proxy_pass http://127.0.0.1:9001;
-  #       proxy_redirect off;
-  #     }
-  #     location /.well-known/acme-challenge {
-  #       alias /var/www/letsencrypt/.well-known/acme-challenge;
-  #     }
-  #     ssl_certificate /etc/letsencrypt/live/stats.sso.lqdn.fr/fullchain.pem;
-  #     ssl_certificate_key /etc/letsencrypt/live/stats.sso.lqdn.fr/privkey.pem;
-  #     ssl_protocols       TLSv1.1 TLSv1.2;
-  #     ssl_ciphers         HIGH:!aNULL:!MD5;
+  - listen: "443 ssl http2"
+    server_name: "stats.sso.lqdn.fr"
+    access_log: "/var/log/nginx/stats_keycloak_access.log"
+    error_log: "/var/log/nginx/stats_keycloak_error.log"
+    state: "present"
+    template: "{{ nginx_vhost_template }}"
+    filename: "stats.sso.lqdn.fr.https.conf"
+    extra_parameters: |
+      location / {
+        proxy_buffering off;
+        proxy_set_header Referer $http_referer;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+  
+        proxy_pass http://127.0.0.1:9001;
+        proxy_redirect off;
+      }
+      location /.well-known/acme-challenge {
+        alias /var/www/letsencrypt/.well-known/acme-challenge;
+      }
+      ssl_certificate /etc/letsencrypt/live/stats.sso.lqdn.fr/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/stats.sso.lqdn.fr/privkey.pem;
+      ssl_protocols       TLSv1.1 TLSv1.2;
+      ssl_ciphers         HIGH:!aNULL:!MD5;
   - listen: "443 ssl http2"
     server_name: "sso.lqdn.fr"
     access_log: "/var/log/nginx/keycloak_access.log"

test.yml

@@ -101,20 +101,19 @@
 #     - ansible-role-mediawiki
 #   tags:
 #     - testing
-#     - wiki
+#     - wiki  
 
-# - name: SSO LQDN
-#   hosts: test
-#   remote_user: root
-#   roles:
-#     - security-lqdn
-#     - packages-lqdn
-#     - updates-lqdn
-#     - ansible-role-nginx
-#     - ansible-role-certbot
-#     - sso-lqdn
-#   tags:
-#     - sso
+- name: SSO LQDN
+  hosts: test
+  remote_user: root
+  vars_files:
+    - group_vars/keycloak/keycloak-test.yml
+  roles:
+    - ansible-role-nginx
+    - ansible-role-certbot
+    - sso-lqdn
+  tags:
+    - sso
 
 # - name: Wordpress LQDN
 #