internet/ansible-middleware.keycloak
3
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2026-06-13 12:05:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: internet:3.0.4
Branches Tags
internet:main internet:gh-pages internet:rhbk_version_fix_v2 internet:rhbk_version_fix internet:feature/182_restart_handler internet:rhbk_mol_sudo
internet:3.0.9 internet:3.0.8 internet:3.0.7 internet:3.0.6 internet:3.0.5 internet:3.0.4 internet:3.0.3 internet:3.0.2 internet:3.0.1 internet:3.0.0 internet:2.4.3 internet:2.4.2 internet:2.4.1 internet:2.4.0 internet:2.3.0 internet:2.2.2 internet:2.2.1 internet:2.2.0 internet:2.1.2 internet:2.1.1 internet:2.1.0 internet:2.0.2 internet:2.0.1 internet:2.0.0 internet:1.3.0 internet:1.2.8 internet:1.2.7 internet:1.2.6 internet:1.2.5 internet:1.2.4 internet:1.2.1 internet:1.2.0 internet:1.1.1 internet:1.1.0 internet:1.0.7 internet:1.0.6 internet:1.0.5 internet:1.0.4 internet:1.0.3 internet:1.0.2 internet:1.0.1 internet:1.0.0 internet:v0.2.5 internet:v0.2.4 internet:v0.2.3 internet:0.2.2 internet:v0.2.1 internet:v0.2.0 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0 internet:v0.0.4 internet:v0.0.3 internet:v0.0.2 internet:v0.0.1
...
compare: internet:3.0.6
Branches Tags
internet:main internet:gh-pages internet:rhbk_version_fix_v2 internet:rhbk_version_fix internet:feature/182_restart_handler internet:rhbk_mol_sudo
internet:3.0.9 internet:3.0.8 internet:3.0.7 internet:3.0.6 internet:3.0.5 internet:3.0.4 internet:3.0.3 internet:3.0.2 internet:3.0.1 internet:3.0.0 internet:2.4.3 internet:2.4.2 internet:2.4.1 internet:2.4.0 internet:2.3.0 internet:2.2.2 internet:2.2.1 internet:2.2.0 internet:2.1.2 internet:2.1.1 internet:2.1.0 internet:2.0.2 internet:2.0.1 internet:2.0.0 internet:1.3.0 internet:1.2.8 internet:1.2.7 internet:1.2.6 internet:1.2.5 internet:1.2.4 internet:1.2.1 internet:1.2.0 internet:1.1.1 internet:1.1.0 internet:1.0.7 internet:1.0.6 internet:1.0.5 internet:1.0.4 internet:1.0.3 internet:1.0.2 internet:1.0.1 internet:1.0.0 internet:v0.2.5 internet:v0.2.4 internet:v0.2.3 internet:0.2.2 internet:v0.2.1 internet:v0.2.0 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0 internet:v0.0.4 internet:v0.0.3 internet:v0.0.2 internet:v0.0.1

9 Commits
3.0.4 ... 3.0.6

Author SHA1 Message Date
ansible-middleware-core
f4588dbbdf Update changelog for release 3.0.6 
Signed-off-by: ansible-middleware-core <ansible-middleware-core@redhat.com>
 2026-05-26 17:30:30 +00:00
Ranabir Chakraborty
a9a771c6bc Merge pull request #337 from RanabirChakraborty/AMW-540 
AMW-540 Fix the upstream collection requirements with common v1.2.4
 2026-05-26 22:37:54 +05:30
Ranabir Chakraborty
f00c714798 AMW-540 Fix the upstream collection requirements with common v1.2.4 2026-05-26 21:58:05 +05:30
Harsha Cherukuri
50750ef125 Update requirements.yml 2026-05-26 12:28:04 -04:00
ansible-middleware-core
b631b07cae Bump version to 3.0.6 2026-05-20 18:44:49 +00:00
ansible-middleware-core
195e104f5e Update changelog for release 3.0.5 
Signed-off-by: ansible-middleware-core <ansible-middleware-core@redhat.com>
 2026-05-20 18:44:31 +00:00
Ranabir Chakraborty
047ddcaa92 Merge pull request #335 from RanabirChakraborty/AMW-528 
AMW-528 Deployment fails in keycloak_quarkus due to missing escalation variables
 2026-05-21 00:09:58 +05:30
Ranabir Chakraborty
0b2f2786dd AMW-528 Deployment fails in keycloak_quarkus due to missing escalation variables 2026-05-20 23:51:34 +05:30
ansible-middleware-core
4cc360052e Bump version to 3.0.5 2026-05-20 13:38:22 +00:00
40 changed files with 144 additions and 108 deletions
Expand all files Collapse all files

16
CHANGELOG.rst
View File

@@ -6,6 +6,22 @@ middleware\_automation.keycloak Release Notes
This changelog describes changes after version 0.2.6. This changelog describes changes after version 0.2.6.
v3.0.6
======
Major Changes
-------------
- AMW-540 Fix the upstream collection requirements with common v1.2.4 `#337 <https://github.com/ansible-middleware/keycloak/pull/337>`_
v3.0.5
======
Minor Changes
-------------
- AMW-528 Deployment fails in keycloak_quarkus due to missing escalation variables `#335 <https://github.com/ansible-middleware/keycloak/pull/335>`_
v3.0.4 v3.0.4
====== ======

20
changelogs/changelog.yaml
View File

@@ -781,3 +781,23 @@ releases:
- 321.yaml - 321.yaml
- 324.yaml - 324.yaml
release_date: '2026-05-20' release_date: '2026-05-20'
3.0.5:
changes:
minor_changes:
- 'AMW-528 Deployment fails in keycloak_quarkus due to missing escalation variables
`#335 <https://github.com/ansible-middleware/keycloak/pull/335>`_
'
fragments:
- 335.yaml
release_date: '2026-05-20'
3.0.6:
changes:
major_changes:
- 'AMW-540 Fix the upstream collection requirements with common v1.2.4 `#337
<https://github.com/ansible-middleware/keycloak/pull/337>`_
'
fragments:
- 337.yaml
release_date: '2026-05-26'

2
galaxy.yml
View File

@@ -1,7 +1,7 @@
--- ---
namespace: middleware_automation namespace: middleware_automation
name: keycloak name: keycloak
version: "3.0.4" version: "3.0.6"
readme: README.md readme: README.md
authors: authors:
- Romain Pelisse <rpelisse@redhat.com> - Romain Pelisse <rpelisse@redhat.com>

4
molecule/https_revproxy/prepare.yml
View File

@@ -43,11 +43,11 @@
src: "{{ item.name }}" src: "{{ item.name }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
mode: 0444 mode: 0444
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
loop: loop:
- { name: 'cert.pem', dest: '/etc/nginx/tls/certificate.crt' } - { name: 'cert.pem', dest: '/etc/nginx/tls/certificate.crt' }
- { name: 'key.pem', dest: '/etc/nginx/tls/certificate.key' } - { name: 'key.pem', dest: '/etc/nginx/tls/certificate.key' }
- name: Update CA trust - name: Update CA trust
ansible.builtin.command: update-ca-trust ansible.builtin.command: update-ca-trust
changed_when: false changed_when: false
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"

6
molecule/quarkus/prepare.yml
View File

@@ -19,7 +19,7 @@
changed_when: false changed_when: false
- name: Create vault directory - name: Create vault directory
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
path: "/opt/keycloak/vault" path: "/opt/keycloak/vault"
@@ -30,7 +30,7 @@
ansible.builtin.package: ansible.builtin.package:
name: java-21-openjdk-headless name: java-21-openjdk-headless
state: present state: present
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
failed_when: false failed_when: false
- name: Create vault keystore - name: Create vault keystore
@@ -43,7 +43,7 @@
failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0
- name: Copy certificates and vault - name: Copy certificates and vault
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.copy: ansible.builtin.copy:
src: keystore.p12 src: keystore.p12
dest: /opt/keycloak/vault/keystore.p12 dest: /opt/keycloak/vault/keystore.p12

6
molecule/quarkus/verify.yml
View File

@@ -58,7 +58,7 @@
fail_msg: "Service log symlink not correctly created" fail_msg: "Service log symlink not correctly created"
- name: Check log file - name: Check log file
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: /tmp/keycloak/keycloak.log path: /tmp/keycloak/keycloak.log
register: keycloak_log_file register: keycloak_log_file
@@ -70,7 +70,7 @@
- not keycloak_log_file.stat.isdir - not keycloak_log_file.stat.isdir
- name: Check default log folder - name: Check default log folder
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: /var/log/keycloak path: /var/log/keycloak
register: keycloak_default_log_folder register: keycloak_default_log_folder
@@ -82,7 +82,7 @@
- not keycloak_default_log_folder.stat.exists - not keycloak_default_log_folder.stat.exists
- name: Verify vault SPI in logfile - name: Verify vault SPI in logfile
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.shell: | ansible.builtin.shell: |
set -o pipefail set -o pipefail
zgrep 'Configured KeystoreVaultProviderFactory with the keystore file' /opt/keycloak/keycloak-*/data/log/keycloak.log*zip zgrep 'Configured KeystoreVaultProviderFactory with the keystore file' /opt/keycloak/keycloak-*/data/log/keycloak.log*zip

4
molecule/quarkus_devmode/prepare.yml
View File

@@ -17,7 +17,7 @@
ansible.builtin.include_tasks: ../prepare.yml ansible.builtin.include_tasks: ../prepare.yml
- name: Install JDK17 - name: Install JDK17
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.yum: ansible.builtin.yum:
name: name:
- java-17-openjdk-headless - java-17-openjdk-headless
@@ -26,7 +26,7 @@
- ansible_facts.os_family == 'RedHat' - ansible_facts.os_family == 'RedHat'
- name: Link default logs directory - name: Link default logs directory
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
state: link state: link
src: "{{ item }}" src: "{{ item }}"

6
molecule/quarkus_ha/prepare.yml
View File

@@ -19,7 +19,7 @@
changed_when: False changed_when: False
- name: Create vault directory - name: Create vault directory
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
path: "/opt/keycloak/vault" path: "/opt/keycloak/vault"
@@ -30,7 +30,7 @@
ansible.builtin.package: ansible.builtin.package:
name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}" name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}"
state: present state: present
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
failed_when: false failed_when: false
- name: Create vault keystore - name: Create vault keystore
@@ -41,7 +41,7 @@
failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0
- name: Copy certificates and vault - name: Copy certificates and vault
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.copy: ansible.builtin.copy:
src: keystore.p12 src: keystore.p12
dest: /opt/keycloak/vault/keystore.p12 dest: /opt/keycloak/vault/keystore.p12

2
molecule/quarkus_ha/verify.yml
View File

@@ -19,7 +19,7 @@
hera_home: "{{ lookup('env', 'HERA_HOME') }}" hera_home: "{{ lookup('env', 'HERA_HOME') }}"
- name: Check log file - name: Check log file
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: /var/log/keycloak/keycloak.log path: /var/log/keycloak/keycloak.log
register: keycloak_log_file register: keycloak_log_file

6
molecule/quarkus_ha_26.4_below/prepare.yml
View File

@@ -19,7 +19,7 @@
changed_when: False changed_when: False
- name: Create vault directory - name: Create vault directory
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
path: "/opt/keycloak/vault" path: "/opt/keycloak/vault"
@@ -30,7 +30,7 @@
ansible.builtin.package: ansible.builtin.package:
name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}" name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}"
state: present state: present
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
failed_when: false failed_when: false
- name: Create vault keystore - name: Create vault keystore
@@ -41,7 +41,7 @@
failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0
- name: Copy certificates and vault - name: Copy certificates and vault
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.copy: ansible.builtin.copy:
src: keystore.p12 src: keystore.p12
dest: /opt/keycloak/vault/keystore.p12 dest: /opt/keycloak/vault/keystore.p12

2
molecule/quarkus_ha_26.4_below/verify.yml
View File

@@ -19,7 +19,7 @@
hera_home: "{{ lookup('env', 'HERA_HOME') }}" hera_home: "{{ lookup('env', 'HERA_HOME') }}"
- name: Check log file - name: Check log file
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: /var/log/keycloak/keycloak.log path: /var/log/keycloak/keycloak.log
register: keycloak_log_file register: keycloak_log_file

6
molecule/quarkus_ha_remote/prepare.yml
View File

@@ -19,7 +19,7 @@
changed_when: False changed_when: False
- name: Create vault directory - name: Create vault directory
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
path: "/opt/keycloak/vault" path: "/opt/keycloak/vault"
@@ -30,7 +30,7 @@
ansible.builtin.package: ansible.builtin.package:
name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}" name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}"
state: present state: present
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
failed_when: false failed_when: false
- name: Create vault keystore - name: Create vault keystore
@@ -43,7 +43,7 @@
failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0
- name: Copy certificates and vault - name: Copy certificates and vault
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.copy: ansible.builtin.copy:
src: keystore.p12 src: keystore.p12
dest: /opt/keycloak/vault/keystore.p12 dest: /opt/keycloak/vault/keystore.p12

2
molecule/quarkus_ha_remote/verify.yml
View File

@@ -19,7 +19,7 @@
hera_home: "{{ lookup('env', 'HERA_HOME') }}" hera_home: "{{ lookup('env', 'HERA_HOME') }}"
- name: Check log file - name: Check log file
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: /var/log/keycloak/keycloak.log path: /var/log/keycloak/keycloak.log
register: keycloak_log_file register: keycloak_log_file

2
molecule/quarkus_upgrade/prepare.yml
View File

@@ -56,4 +56,4 @@
ansible.builtin.file: ansible.builtin.file:
path: /etc/ansible/facts.d/keycloak.fact path: /etc/ansible/facts.d/keycloak.fact
state: absent state: absent
become: "{{ molecule_prepare_require_privilege_escalation }}" become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}"

2
requirements.yml
View File

@@ -1,5 +1,5 @@
--- ---
collections: collections:
- name: middleware_automation.common - name: middleware_automation.common
version: ">=1.2.1" version: ">=1.2.4"
- name: ansible.posix - name: ansible.posix

4
roles/keycloak/tasks/fastpackages.yml
View File

@@ -13,7 +13,7 @@
when: ansible_facts.os_family == "RedHat" when: ansible_facts.os_family == "RedHat"
- name: "Install packages: {{ packages_to_install }}" - name: "Install packages: {{ packages_to_install }}"
become: "{{ keycloak_fastpackages_require_privilege_escalation }}" become: "{{ keycloak_fastpackages_require_privilege_escalation | default(true) }}"
ansible.builtin.dnf: ansible.builtin.dnf:
name: "{{ packages_to_install }}" name: "{{ packages_to_install }}"
state: present state: present
@@ -22,7 +22,7 @@
- ansible_facts.os_family == "RedHat" - ansible_facts.os_family == "RedHat"
- name: "Install packages: {{ packages_list }}" - name: "Install packages: {{ packages_list }}"
become: "{{ keycloak_fastpackages_require_privilege_escalation }}" become: "{{ keycloak_fastpackages_require_privilege_escalation | default(true) }}"
ansible.builtin.package: ansible.builtin.package:
name: "{{ packages_list }}" name: "{{ packages_list }}"
state: present state: present

4
roles/keycloak/tasks/firewalld.yml
View File

@@ -6,14 +6,14 @@
- firewalld - firewalld
- name: Enable and start the firewalld service - name: Enable and start the firewalld service
become: "{{ keycloak_firewalld_require_privilege_escalation }}" become: "{{ keycloak_firewalld_require_privilege_escalation | default(true) }}"
ansible.builtin.systemd: ansible.builtin.systemd:
name: firewalld name: firewalld
enabled: true enabled: true
state: started state: started
- name: "Configure firewall ports for {{ keycloak.service_name }}" - name: "Configure firewall ports for {{ keycloak.service_name }}"
become: "{{ keycloak_firewalld_require_privilege_escalation }}" become: "{{ keycloak_firewalld_require_privilege_escalation | default(true) }}"
ansible.posix.firewalld: ansible.posix.firewalld:
port: "{{ item }}" port: "{{ item }}"
permanent: true permanent: true

36
roles/keycloak/tasks/install.yml
View File

@@ -11,7 +11,7 @@
quiet: true quiet: true
- name: Check for an existing deployment - name: Check for an existing deployment
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ keycloak_jboss_home }}" path: "{{ keycloak_jboss_home }}"
register: existing_deploy register: existing_deploy
@@ -20,24 +20,24 @@
when: existing_deploy.stat.exists and keycloak_force_install | bool when: existing_deploy.stat.exists and keycloak_force_install | bool
block: block:
- name: "Stop the old {{ keycloak.service_name }} service" - name: "Stop the old {{ keycloak.service_name }} service"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
failed_when: false failed_when: false
ansible.builtin.systemd: ansible.builtin.systemd:
name: keycloak name: keycloak
state: stopped state: stopped
- name: "Remove the old {{ keycloak.service_name }} deployment" - name: "Remove the old {{ keycloak.service_name }} deployment"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
path: "{{ keycloak_jboss_home }}" path: "{{ keycloak_jboss_home }}"
state: absent state: absent
- name: Check for an existing deployment after possible forced removal - name: Check for an existing deployment after possible forced removal
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ keycloak_jboss_home }}" path: "{{ keycloak_jboss_home }}"
- name: "Create service user/group for {{ keycloak.service_name }}" - name: "Create service user/group for {{ keycloak.service_name }}"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.user: ansible.builtin.user:
name: "{{ keycloak_service_user }}" name: "{{ keycloak_service_user }}"
home: /opt/keycloak home: /opt/keycloak
@@ -45,7 +45,7 @@
create_home: false create_home: false
- name: "Create install location for {{ keycloak.service_name }}" - name: "Create install location for {{ keycloak.service_name }}"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
dest: "{{ keycloak_dest }}" dest: "{{ keycloak_dest }}"
state: directory state: directory
@@ -54,7 +54,7 @@
mode: '0750' mode: '0750'
- name: Create pidfile folder - name: Create pidfile folder
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
dest: "{{ keycloak_service_pidfile | dirname }}" dest: "{{ keycloak_service_pidfile | dirname }}"
state: directory state: directory
@@ -68,7 +68,7 @@
archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}" archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"
- name: Check download archive path - name: Check download archive path
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ archive }}" path: "{{ archive }}"
register: archive_path register: archive_path
@@ -168,13 +168,13 @@
- not archive_path.stat.exists - not archive_path.stat.exists
- local_archive_path.stat is defined - local_archive_path.stat is defined
- local_archive_path.stat.exists - local_archive_path.stat.exists
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
- name: "Check target directory: {{ keycloak.home }}" - name: "Check target directory: {{ keycloak.home }}"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ keycloak.home }}" path: "{{ keycloak.home }}"
register: path_to_workdir register: path_to_workdir
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
- name: "Extract {{ keycloak_service_desc }} archive on target" - name: "Extract {{ keycloak_service_desc }} archive on target"
ansible.builtin.unarchive: ansible.builtin.unarchive:
@@ -184,7 +184,7 @@
creates: "{{ keycloak.home }}" creates: "{{ keycloak.home }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
when: when:
- new_version_downloaded.changed or not path_to_workdir.stat.exists - new_version_downloaded.changed or not path_to_workdir.stat.exists
notify: notify:
@@ -202,13 +202,13 @@
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
recurse: true recurse: true
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
changed_when: false changed_when: false
- name: Ensure permissions are correct on existing deploy - name: Ensure permissions are correct on existing deploy
ansible.builtin.command: chown -R "{{ keycloak_service_user }}:{{ keycloak_service_group }}" "{{ keycloak.home }}" ansible.builtin.command: chown -R "{{ keycloak_service_user }}:{{ keycloak_service_group }}" "{{ keycloak.home }}"
when: keycloak_service_runas when: keycloak_service_runas
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
changed_when: false changed_when: false
# driver and configuration # driver and configuration
@@ -217,7 +217,7 @@
when: keycloak_jdbc[keycloak_jdbc_engine].enabled when: keycloak_jdbc[keycloak_jdbc_engine].enabled
- name: "Deploy custom {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak_config_override_template }}" - name: "Deploy custom {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak_config_override_template }}"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: "templates/{{ keycloak_config_override_template }}" src: "templates/{{ keycloak_config_override_template }}"
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
@@ -229,7 +229,7 @@
when: keycloak_config_override_template | length > 0 when: keycloak_config_override_template | length > 0
- name: "Deploy standalone {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - name: "Deploy standalone {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: templates/standalone.xml.j2 src: templates/standalone.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
@@ -257,7 +257,7 @@
when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING' when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING'
- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: templates/standalone-ha.xml.j2 src: templates/standalone-ha.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
@@ -272,7 +272,7 @@
- keycloak_config_override_template | length == 0 - keycloak_config_override_template | length == 0
- name: "Deploy HA {{ keycloak.service_name }} config with infinispan remote cache store to {{ keycloak_config_path_to_standalone_xml }}" - name: "Deploy HA {{ keycloak.service_name }} config with infinispan remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: templates/standalone-infinispan.xml.j2 src: templates/standalone-infinispan.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
@@ -287,7 +287,7 @@
- keycloak_config_override_template | length == 0 - keycloak_config_override_template | length == 0
- name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}" - name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}"
become: "{{ keycloak_install_require_privilege_escalation }}" become: "{{ keycloak_install_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: keycloak-profile.properties.j2 src: keycloak-profile.properties.j2
dest: "{{ keycloak_config_path_to_properties }}" dest: "{{ keycloak_config_path_to_properties }}"

2
roles/keycloak/tasks/iptables.yml
View File

@@ -6,7 +6,7 @@
- iptables - iptables
- name: "Configure firewall ports for {{ keycloak.service_name }}" - name: "Configure firewall ports for {{ keycloak.service_name }}"
become: "{{ keycloak_iptables_require_privilege_escalation }}" become: "{{ keycloak_iptables_require_privilege_escalation | default(true) }}"
ansible.builtin.iptables: ansible.builtin.iptables:
destination_port: "{{ item }}" destination_port: "{{ item }}"
action: "insert" action: "insert"

8
roles/keycloak/tasks/jdbc_driver.yml
View File

@@ -3,7 +3,7 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}" path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
register: dest_path register: dest_path
become: "{{ keycloak_jdbc_driver_require_privilege_escalation }}" become: "{{ keycloak_jdbc_driver_require_privilege_escalation | default(true) }}"
- name: "Set up module dir for JDBC Driver {{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" - name: "Set up module dir for JDBC Driver {{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}"
ansible.builtin.file: ansible.builtin.file:
@@ -13,7 +13,7 @@
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: '0750' mode: '0750'
become: "{{ keycloak_jdbc_driver_require_privilege_escalation }}" become: "{{ keycloak_jdbc_driver_require_privilege_escalation | default(true) }}"
when: when:
- not dest_path.stat.exists - not dest_path.stat.exists
- name: "Verify valid parameters for download credentials when specified" - name: "Verify valid parameters for download credentials when specified"
@@ -34,7 +34,7 @@
url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}" url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}"
validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}" validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}"
mode: '0640' mode: '0640'
become: "{{ keycloak_jdbc_driver_require_privilege_escalation }}" become: "{{ keycloak_jdbc_driver_require_privilege_escalation | default(true) }}"
- name: "Deploy module.xml for JDBC Driver" - name: "Deploy module.xml for JDBC Driver"
ansible.builtin.template: ansible.builtin.template:
@@ -43,4 +43,4 @@
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
mode: '0640' mode: '0640'
become: "{{ keycloak_jdbc_driver_require_privilege_escalation }}" become: "{{ keycloak_jdbc_driver_require_privilege_escalation | default(true) }}"

4
roles/keycloak/tasks/main.yml
View File

@@ -51,7 +51,7 @@
state: link state: link
src: "{{ keycloak_jboss_home }}/standalone/log" src: "{{ keycloak_jboss_home }}/standalone/log"
dest: "{{ keycloak_log_target }}" dest: "{{ keycloak_log_target }}"
become: "{{ keycloak_require_privilege_escalation }}" become: "{{ keycloak_require_privilege_escalation | default(true) }}"
- name: Set admin credentials and restart if not already created - name: Set admin credentials and restart if not already created
block: block:
@@ -75,7 +75,7 @@
- "-u{{ keycloak_admin_user }}" - "-u{{ keycloak_admin_user }}"
- "-p{{ keycloak_admin_password }}" - "-p{{ keycloak_admin_password }}"
changed_when: true changed_when: true
become: "{{ keycloak_require_privilege_escalation }}" become: "{{ keycloak_require_privilege_escalation | default(true) }}"
- name: "Restart {{ keycloak.service_name }}" - name: "Restart {{ keycloak.service_name }}"
ansible.builtin.include_tasks: tasks/restart_keycloak.yml ansible.builtin.include_tasks: tasks/restart_keycloak.yml
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"

4
roles/keycloak/tasks/restart_keycloak.yml
View File

@@ -5,7 +5,7 @@
enabled: true enabled: true
state: restarted state: restarted
daemon_reload: true daemon_reload: true
become: "{{ keycloak_restart_require_privilege_escalation }}" become: "{{ keycloak_restart_require_privilege_escalation | default(true) }}"
delegate_to: "{{ ansible_play_hosts | first }}" delegate_to: "{{ ansible_play_hosts | first }}"
run_once: true run_once: true
@@ -24,5 +24,5 @@
name: keycloak name: keycloak
enabled: true enabled: true
state: restarted state: restarted
become: "{{ keycloak_restart_require_privilege_escalation }}" become: "{{ keycloak_restart_require_privilege_escalation | default(true) }}"
when: inventory_hostname != ansible_play_hosts | first when: inventory_hostname != ansible_play_hosts | first

14
roles/keycloak/tasks/rhsso_patch.yml
View File

@@ -12,7 +12,7 @@
path: "{{ patch_archive }}" path: "{{ patch_archive }}"
register: patch_archive_path register: patch_archive_path
when: sso_patch_version is defined when: sso_patch_version is defined
become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}"
- name: Perform patch download from RHN via JBossNetwork API - name: Perform patch download from RHN via JBossNetwork API
delegate_to: localhost delegate_to: localhost
@@ -86,7 +86,7 @@
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ patch_archive }}" path: "{{ patch_archive }}"
register: patch_archive_path register: patch_archive_path
become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}"
## copy and unpack ## copy and unpack
- name: Copy patch archive to target nodes - name: Copy patch archive to target nodes
@@ -101,7 +101,7 @@
- not patch_archive_path.stat.exists - not patch_archive_path.stat.exists
- local_archive_path.stat is defined - local_archive_path.stat is defined
- local_archive_path.stat.exists - local_archive_path.stat.exists
become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}"
- name: "Check installed patches" - name: "Check installed patches"
ansible.builtin.include_tasks: rhsso_cli.yml ansible.builtin.include_tasks: rhsso_cli.yml
@@ -109,7 +109,7 @@
cli_query: "patch info" cli_query: "patch info"
args: args:
apply: apply:
become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}"
become_user: "{{ keycloak_service_user }}" become_user: "{{ keycloak_service_user }}"
- name: "Perform patching" - name: "Perform patching"
@@ -124,7 +124,7 @@
cli_query: "patch apply {{ patch_archive }}" cli_query: "patch apply {{ patch_archive }}"
args: args:
apply: apply:
become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}"
become_user: "{{ keycloak_service_user }}" become_user: "{{ keycloak_service_user }}"
- name: "Restart server to ensure patch content is running" - name: "Restart server to ensure patch content is running"
@@ -135,7 +135,7 @@
- cli_result.rc == 0 - cli_result.rc == 0
args: args:
apply: apply:
become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}"
become_user: "{{ keycloak_service_user }}" become_user: "{{ keycloak_service_user }}"
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
@@ -152,7 +152,7 @@
cli_query: "patch info" cli_query: "patch info"
args: args:
apply: apply:
become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}"
become_user: "{{ keycloak_service_user }}" become_user: "{{ keycloak_service_user }}"
- name: "Verify installed patch version" - name: "Verify installed patch version"

2
roles/keycloak/tasks/start_keycloak.yml
View File

@@ -5,7 +5,7 @@
enabled: true enabled: true
state: started state: started
daemon_reload: true daemon_reload: true
become: "{{ keycloak_start_require_privilege_escalation }}" become: "{{ keycloak_start_require_privilege_escalation | default(true) }}"
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
ansible.builtin.uri: ansible.builtin.uri:

2
roles/keycloak/tasks/stop_keycloak.yml
View File

@@ -4,4 +4,4 @@
name: keycloak name: keycloak
enabled: true enabled: true
state: stopped state: stopped
become: "{{ keycloak_stop_require_privilege_escalation }}" become: "{{ keycloak_stop_require_privilege_escalation | default(true) }}"

6
roles/keycloak/tasks/systemd.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: "Configure {{ keycloak.service_name }} service script wrapper" - name: "Configure {{ keycloak.service_name }} service script wrapper"
become: "{{ keycloak_systemd_require_privilege_escalation }}" become: "{{ keycloak_systemd_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: keycloak-service.sh.j2 src: keycloak-service.sh.j2
dest: "{{ keycloak_dest }}/keycloak-service.sh" dest: "{{ keycloak_dest }}/keycloak-service.sh"
@@ -11,7 +11,7 @@
- restart keycloak - restart keycloak
- name: "Configure sysconfig file for {{ keycloak.service_name }} service" - name: "Configure sysconfig file for {{ keycloak.service_name }} service"
become: "{{ keycloak_systemd_require_privilege_escalation }}" become: "{{ keycloak_systemd_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: keycloak-sysconfig.j2 src: keycloak-sysconfig.j2
dest: "{{ keycloak_sysconf_file }}" dest: "{{ keycloak_sysconf_file }}"
@@ -28,7 +28,7 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
become: "{{ keycloak_systemd_require_privilege_escalation }}" become: "{{ keycloak_systemd_require_privilege_escalation | default(true) }}"
register: systemdunit register: systemdunit
notify: notify:
- restart keycloak - restart keycloak

2
roles/keycloak_quarkus/tasks/bootstrapped.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Save ansible custom facts - name: Save ansible custom facts
become: "{{ keycloak_quarkus_bootstrapped_require_privilege_escalation }}" become: "{{ keycloak_quarkus_bootstrapped_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: keycloak.fact.j2 src: keycloak.fact.j2
dest: /etc/ansible/facts.d/keycloak.fact dest: /etc/ansible/facts.d/keycloak.fact

6
roles/keycloak_quarkus/tasks/config_store.yml
View File

@@ -6,7 +6,7 @@
value: "{{ keycloak_quarkus_db_pass }}" value: "{{ keycloak_quarkus_db_pass }}"
- name: "Initialize empty configuration key store" - name: "Initialize empty configuration key store"
become: "{{ keycloak_quarkus_config_store_require_privilege_escalation }}" become: "{{ keycloak_quarkus_config_store_require_privilege_escalation | default(true) }}"
# keytool doesn't allow creating an empty key store, so this is a hacky way around it # keytool doesn't allow creating an empty key store, so this is a hacky way around it
ansible.builtin.shell: | # noqa blocked_modules shell is necessary here ansible.builtin.shell: | # noqa blocked_modules shell is necessary here
set -o nounset # abort on unbound variable set -o nounset # abort on unbound variable
@@ -38,7 +38,7 @@
echo {{ item.value | quote }} | keytool -noprompt -importpass -alias {{ item.key | quote }} -keystore {{ keycloak_quarkus_config_key_store_file | quote }} -storepass {{ keycloak_quarkus_config_key_store_password | quote }} -storetype PKCS12 echo {{ item.value | quote }} | keytool -noprompt -importpass -alias {{ item.key | quote }} -keystore {{ keycloak_quarkus_config_key_store_file | quote }} -storepass {{ keycloak_quarkus_config_key_store_password | quote }} -storetype PKCS12
loop: "{{ store_items }}" loop: "{{ store_items }}"
no_log: true no_log: true
become: "{{ keycloak_quarkus_config_store_require_privilege_escalation }}" become: "{{ keycloak_quarkus_config_store_require_privilege_escalation | default(true) }}"
changed_when: true changed_when: true
notify: notify:
- restart keycloak - restart keycloak
@@ -49,4 +49,4 @@
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0400' mode: '0400'
become: "{{ keycloak_quarkus_config_store_require_privilege_escalation }}" become: "{{ keycloak_quarkus_config_store_require_privilege_escalation | default(true) }}"

4
roles/keycloak_quarkus/tasks/fastpackages.yml
View File

@@ -13,7 +13,7 @@
when: ansible_facts.os_family == "RedHat" when: ansible_facts.os_family == "RedHat"
- name: "Install packages: {{ packages_to_install }}" - name: "Install packages: {{ packages_to_install }}"
become: "{{ keycloak_quarkus_fastpackages_require_privilege_escalation }}" become: "{{ keycloak_quarkus_fastpackages_require_privilege_escalation | default(true) }}"
ansible.builtin.dnf: ansible.builtin.dnf:
name: "{{ packages_to_install }}" name: "{{ packages_to_install }}"
state: present state: present
@@ -22,7 +22,7 @@
- ansible_facts.os_family == "RedHat" - ansible_facts.os_family == "RedHat"
- name: "Install packages: {{ packages_list }}" - name: "Install packages: {{ packages_list }}"
become: "{{ keycloak_quarkus_fastpackages_require_privilege_escalation }}" become: "{{ keycloak_quarkus_fastpackages_require_privilege_escalation | default(true) }}"
ansible.builtin.package: ansible.builtin.package:
name: "{{ packages_list }}" name: "{{ packages_list }}"
state: present state: present

6
roles/keycloak_quarkus/tasks/firewalld.yml
View File

@@ -6,14 +6,14 @@
- firewalld - firewalld
- name: Enable and start the firewalld service - name: Enable and start the firewalld service
become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation }}" become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation | default(true) }}"
ansible.builtin.systemd: ansible.builtin.systemd:
name: firewalld name: firewalld
enabled: true enabled: true
state: started state: started
- name: "Configure firewall for {{ keycloak.service_name }} http port" - name: "Configure firewall for {{ keycloak.service_name }} http port"
become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation }}" become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation | default(true) }}"
ansible.posix.firewalld: ansible.posix.firewalld:
port: "{{ item }}" port: "{{ item }}"
permanent: true permanent: true
@@ -24,7 +24,7 @@
when: keycloak_quarkus_http_enabled | bool when: keycloak_quarkus_http_enabled | bool
- name: "Configure firewall for {{ keycloak.service_name }} ports" - name: "Configure firewall for {{ keycloak.service_name }} ports"
become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation }}" become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation | default(true) }}"
ansible.posix.firewalld: ansible.posix.firewalld:
port: "{{ item }}" port: "{{ item }}"
permanent: true permanent: true

36
roles/keycloak_quarkus/tasks/install.yml
View File

@@ -12,7 +12,7 @@
quiet: true quiet: true
- name: Check for an existing deployment - name: Check for an existing deployment
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ keycloak.home }}" path: "{{ keycloak.home }}"
register: existing_deploy register: existing_deploy
@@ -21,25 +21,25 @@
when: existing_deploy.stat.exists and keycloak_quarkus_force_install | bool when: existing_deploy.stat.exists and keycloak_quarkus_force_install | bool
block: block:
- name: "Stop the old {{ keycloak.service_name }} service" - name: "Stop the old {{ keycloak.service_name }} service"
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
failed_when: false failed_when: false
ansible.builtin.systemd: ansible.builtin.systemd:
name: keycloak name: keycloak
state: stopped state: stopped
- name: "Remove the old {{ keycloak.service_name }} deployment" - name: "Remove the old {{ keycloak.service_name }} deployment"
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
path: "{{ keycloak_quarkus_home }}" path: "{{ keycloak_quarkus_home }}"
state: absent state: absent
- name: Check for an existing deployment after possible forced removal - name: Check for an existing deployment after possible forced removal
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ keycloak_quarkus_home }}" path: "{{ keycloak_quarkus_home }}"
register: existing_deploy register: existing_deploy
- name: "Create {{ keycloak.service_name }} service user/group" - name: "Create {{ keycloak.service_name }} service user/group"
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
ansible.builtin.user: ansible.builtin.user:
name: "{{ keycloak.service_user }}" name: "{{ keycloak.service_user }}"
home: /opt/keycloak home: /opt/keycloak
@@ -47,7 +47,7 @@
create_home: false create_home: false
- name: "Create {{ keycloak.service_name }} install location" - name: "Create {{ keycloak.service_name }} install location"
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
dest: "{{ keycloak_quarkus_dest }}" dest: "{{ keycloak_quarkus_dest }}"
state: directory state: directory
@@ -56,7 +56,7 @@
mode: '0750' mode: '0750'
- name: Create directory for ansible custom facts - name: Create directory for ansible custom facts
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
recurse: true recurse: true
@@ -68,7 +68,7 @@
archive: "{{ keycloak_quarkus_dest }}/{{ keycloak.bundle }}" archive: "{{ keycloak_quarkus_dest }}/{{ keycloak.bundle }}"
- name: Check download archive path - name: Check download archive path
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ archive }}" path: "{{ archive }}"
register: archive_path register: archive_path
@@ -172,13 +172,13 @@
- not archive_path.stat.exists - not archive_path.stat.exists
- local_archive_path.stat is defined - local_archive_path.stat is defined
- local_archive_path.stat.exists - local_archive_path.stat.exists
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
- name: "Check target directory: {{ keycloak.home }}/bin/" - name: "Check target directory: {{ keycloak.home }}/bin/"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ keycloak.home }}/bin/" path: "{{ keycloak.home }}/bin/"
register: path_to_workdir register: path_to_workdir
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
- name: "Extract Keycloak archive on target" # noqa no-handler need to run this here - name: "Extract Keycloak archive on target" # noqa no-handler need to run this here
ansible.builtin.unarchive: ansible.builtin.unarchive:
@@ -188,7 +188,7 @@
creates: "{{ keycloak.home }}/bin/" creates: "{{ keycloak.home }}/bin/"
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
when: when:
- (not path_to_workdir.stat.exists) or new_version_downloaded.changed - (not path_to_workdir.stat.exists) or new_version_downloaded.changed
notify: notify:
@@ -207,7 +207,7 @@
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0640' mode: '0640'
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
when: when:
- keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled - keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled
- keycloak_quarkus_key_file_copy_enabled is defined and keycloak_quarkus_key_file_copy_enabled - keycloak_quarkus_key_file_copy_enabled is defined and keycloak_quarkus_key_file_copy_enabled
@@ -220,7 +220,7 @@
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0644' mode: '0644'
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
when: when:
- keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled - keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled
- keycloak_quarkus_cert_file_copy_enabled is defined and keycloak_quarkus_cert_file_copy_enabled - keycloak_quarkus_cert_file_copy_enabled is defined and keycloak_quarkus_cert_file_copy_enabled
@@ -240,7 +240,7 @@
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0640' mode: '0640'
checksum: "{{ item.checksum | default(omit) }}" checksum: "{{ item.checksum | default(omit) }}"
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
loop: "{{ keycloak_quarkus_providers }}" loop: "{{ keycloak_quarkus_providers }}"
when: item.url is defined and item.url | length > 0 when: item.url is defined and item.url | length > 0
notify: "{{ ['invalidate keycloak theme cache', 'rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or item.restart else [] }}" notify: "{{ ['invalidate keycloak theme cache', 'rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or item.restart else [] }}"
@@ -269,7 +269,7 @@
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0640' mode: '0640'
checksum: "{{ item.checksum | default(omit) }}" checksum: "{{ item.checksum | default(omit) }}"
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
loop: "{{ keycloak_quarkus_providers }}" loop: "{{ keycloak_quarkus_providers }}"
when: item.maven is defined when: item.maven is defined
no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}" no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}"
@@ -283,7 +283,7 @@
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0640' mode: '0640'
remote_src: "{{ item.remote | default(false) }}" remote_src: "{{ item.remote | default(false) }}"
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
loop: "{{ keycloak_quarkus_providers }}" loop: "{{ keycloak_quarkus_providers }}"
when: item.local_path is defined when: item.local_path is defined
notify: "{{ ['invalidate keycloak theme cache', 'rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or item.restart else [] }}" notify: "{{ ['invalidate keycloak theme cache', 'rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or item.restart else [] }}"
@@ -295,7 +295,7 @@
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0750' mode: '0750'
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
loop: "{{ keycloak_quarkus_supported_policy_types }}" loop: "{{ keycloak_quarkus_supported_policy_types }}"
- name: "Install custom policies" - name: "Install custom policies"
@@ -305,7 +305,7 @@
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0640' mode: '0640'
become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}"
loop: "{{ keycloak_quarkus_policies }}" loop: "{{ keycloak_quarkus_policies }}"
when: item.url is defined and item.url | length > 0 when: item.url is defined and item.url | length > 0
notify: "restart keycloak" notify: "restart keycloak"

2
roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml
View File

@@ -8,4 +8,4 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ keycloak.home }}/data/tmp/kc-gzip-cache" path: "{{ keycloak.home }}/data/tmp/kc-gzip-cache"
state: absent state: absent
become: "{{ keycloak_quarkus_invalidate_theme_cache_require_privilege_escalation }}" become: "{{ keycloak_quarkus_invalidate_theme_cache_require_privilege_escalation | default(true) }}"

2
roles/keycloak_quarkus/tasks/iptables.yml
View File

@@ -6,7 +6,7 @@
- iptables - iptables
- name: "Configure firewall ports for {{ keycloak.service_name }}" - name: "Configure firewall ports for {{ keycloak.service_name }}"
become: "{{ keycloak_quarkus_iptables_require_privilege_escalation }}" become: "{{ keycloak_quarkus_iptables_require_privilege_escalation | default(true) }}"
ansible.builtin.iptables: ansible.builtin.iptables:
destination_port: "{{ item }}" destination_port: "{{ item }}"
action: "insert" action: "insert"

2
roles/keycloak_quarkus/tasks/jdbc_driver.yml
View File

@@ -17,6 +17,6 @@
url_password: "{{ keycloak_quarkus_jdbc_download_pass | default(omit) }}" url_password: "{{ keycloak_quarkus_jdbc_download_pass | default(omit) }}"
validate_certs: "{{ keycloak_quarkus_jdbc_download_validate_certs | default(omit) }}" validate_certs: "{{ keycloak_quarkus_jdbc_download_validate_certs | default(omit) }}"
mode: '0640' mode: '0640'
become: "{{ keycloak_quarkus_jdbc_driver_require_privilege_escalation }}" become: "{{ keycloak_quarkus_jdbc_driver_require_privilege_escalation | default(true) }}"
notify: notify:
- restart keycloak - restart keycloak

8
roles/keycloak_quarkus/tasks/main.yml
View File

@@ -82,7 +82,7 @@
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0640' mode: '0640'
become: "{{ keycloak_quarkus_require_privilege_escalation }}" become: "{{ keycloak_quarkus_require_privilege_escalation | default(true) }}"
loop: "{{ keycloak_quarkus_config_files }}" loop: "{{ keycloak_quarkus_config_files }}"
notify: notify:
- rebuild keycloak config - rebuild keycloak config
@@ -95,7 +95,7 @@
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0775' mode: '0775'
become: "{{ keycloak_quarkus_require_privilege_escalation }}" become: "{{ keycloak_quarkus_require_privilege_escalation | default(true) }}"
- name: Ensure tmp-directory exists - name: Ensure tmp-directory exists
ansible.builtin.file: ansible.builtin.file:
@@ -104,7 +104,7 @@
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: '0755' mode: '0755'
become: "{{ keycloak_quarkus_require_privilege_escalation }}" become: "{{ keycloak_quarkus_require_privilege_escalation | default(true) }}"
- name: Flush pending handlers - name: Flush pending handlers
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
@@ -118,7 +118,7 @@
src: "{{ keycloak.log.file | dirname }}" src: "{{ keycloak.log.file | dirname }}"
dest: "{{ keycloak_quarkus_log_target }}" dest: "{{ keycloak_quarkus_log_target }}"
force: true force: true
become: "{{ keycloak_quarkus_require_privilege_escalation }}" become: "{{ keycloak_quarkus_require_privilege_escalation | default(true) }}"
- name: Check service status - name: Check service status
ansible.builtin.systemd_service: ansible.builtin.systemd_service:

2
roles/keycloak_quarkus/tasks/rebuild_config.yml
View File

@@ -3,5 +3,5 @@
- name: "Rebuild {{ keycloak.service_name }} config" - name: "Rebuild {{ keycloak.service_name }} config"
ansible.builtin.shell: | # noqa blocked_modules shell is necessary here ansible.builtin.shell: | # noqa blocked_modules shell is necessary here
env -i bash -c "set -a ; source {{ keycloak_quarkus_sysconf_file }} ; {{ keycloak.home }}/bin/kc.sh build " env -i bash -c "set -a ; source {{ keycloak_quarkus_sysconf_file }} ; {{ keycloak.home }}/bin/kc.sh build "
become: "{{ keycloak_quarkus_rebuild_config_require_privilege_escalation }}" become: "{{ keycloak_quarkus_rebuild_config_require_privilege_escalation | default(true) }}"
changed_when: true changed_when: true

2
roles/keycloak_quarkus/tasks/restart.yml
View File

@@ -5,7 +5,7 @@
enabled: true enabled: true
state: restarted state: restarted
daemon_reload: true daemon_reload: true
become: "{{ keycloak_quarkus_restart_require_privilege_escalation }}" become: "{{ keycloak_quarkus_restart_require_privilege_escalation | default(true) }}"
- name: "Wait until {{ keycloak.service_name }} service becomes active {{ keycloak.health_url }}" - name: "Wait until {{ keycloak.service_name }} service becomes active {{ keycloak.health_url }}"
ansible.builtin.uri: ansible.builtin.uri:

2
roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml
View File

@@ -16,5 +16,5 @@
enabled: true enabled: true
state: restarted state: restarted
daemon_reload: true daemon_reload: true
become: "{{ keycloak_quarkus_restart_require_privilege_escalation }}" become: "{{ keycloak_quarkus_restart_require_privilege_escalation | default(true) }}"
when: inventory_hostname != ansible_play_hosts | first when: inventory_hostname != ansible_play_hosts | first

2
roles/keycloak_quarkus/tasks/start.yml
View File

@@ -5,7 +5,7 @@
enabled: true enabled: true
state: started state: started
daemon_reload: true daemon_reload: true
become: "{{ keycloak_quarkus_start_require_privilege_escalation }}" become: "{{ keycloak_quarkus_start_require_privilege_escalation | default(true) }}"
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
ansible.builtin.uri: ansible.builtin.uri:

4
roles/keycloak_quarkus/tasks/systemd.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: "Configure sysconfig file for {{ keycloak.service_name }} service" - name: "Configure sysconfig file for {{ keycloak.service_name }} service"
become: "{{ keycloak_quarkus_systemd_require_privilege_escalation }}" become: "{{ keycloak_quarkus_systemd_require_privilege_escalation | default(true) }}"
ansible.builtin.template: ansible.builtin.template:
src: keycloak-sysconfig.j2 src: keycloak-sysconfig.j2
dest: "{{ keycloak_quarkus_sysconf_file }}" dest: "{{ keycloak_quarkus_sysconf_file }}"
@@ -20,7 +20,7 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
become: "{{ keycloak_quarkus_systemd_require_privilege_escalation }}" become: "{{ keycloak_quarkus_systemd_require_privilege_escalation | default(true) }}"
register: systemdunit register: systemdunit
notify: notify:
- rebuild keycloak config - rebuild keycloak config