Google Git
Sign in
apache / airavata / 08881207fbce8d59089d4bfde5c9559b4c06a2a2 / . / dev-tools / ansible / roles / keycloak / tasks / main.yml
blob: ecab7db87980cecdec9286ae001e93dafd00d361 [file] [log] [blame]
#
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
---
# Download keycloak distribution
- name: Download and unarchive keycloak
unarchive: src="{{ keycloak_downlaod_url }}"
dest="{{ user_home }}"
copy=no
owner="{{ user }}"
group="{{ group }}"
creates="{{user_home}}/{{ keycloak_install_dir }}/bin/standalone.sh"
become: true
become_user: "{{ user }}"
tags:
- always
# <---------------------------- Setup Mysql database for keycloak ------------------->
# create folder structure
- file:
path: "{{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main"
state: directory
mode: 0755
become: true
become_user: "{{ user }}"
tags:
- always
- name: Download and unarchive mysql jdbc driver
unarchive: src="{{ mysql_db_connector_download_url }}"
dest="{{ user_home }}"
copy=no
owner="{{ user }}"
group="{{ group }}"
creates="{{user_home}}/{{keycloak_db_connector_name}}/{{keycloak_db_connector_name}}-bin.jar"
become: true
become_user: "{{ user }}"
tags:
- always
- name: move jdbc connector to keycloak module
command: mv {{user_home}}/{{keycloak_db_connector_name}}/{{keycloak_db_connector_name}}-bin.jar {{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main/
become: true
become_user: "{{ user }}"
tags:
- always
- name: copy jdbc module configuration file
template: >
src=module.j2
dest="{{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main/module.xml"
owner="{{ user }}"
group="{{ group }}"
mode="u=rw,g=r,o=r"
become: true
become_user: "{{ user }}"
tags:
- always
# </---------------------------- Setup Mysql database for keycloak - END ------------------->
# <---------------------------- Server Configuration -------------------------------->
# Only Executed for haCluster mode (Mysql setup & without SSl configuration)
- name: copy keycloak configuration file (HaCluster)
template: >
src=standalone-ha.xml.j2
dest="{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/standalone-ha.xml"
owner="{{ user }}"
group="{{ group }}"
mode="u=rw,g=r,o=r"
become: true
become_user: "{{ user }}"
tags:
- hacluster
# Only Executed for standalone mode (SSL Configuration & MySql)
- name: copy keycloak configuration file (Standalone)
template: >
src=standalone.xml.j2
dest="{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/standalone.xml"
owner="{{ user }}"
group="{{ group }}"
mode="u=rw,g=r,o=r"
become: true
become_user: "{{ user }}"
tags:
- standalone
# Copy the SSL certificate files to remote
- name: copy ssl certificate files to remote
copy:
src: "{{keycloak_ssl_keystore_file}}"
dest: "{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/{{keycloak_ssl_keystore_file_name}}"
owner: "{{ user }}"
group: "{{ group }}"
mode: 0644
become: true
become_user: "{{ user }}"
tags:
- standalone
# </------------------------------ Server Configuration ends ---------------------------->
# <---------- setup init script for keycloak, starts the server after reboot ----------->
# Init script to start keycloak in HaCluster mode
- name: copy init script file (HaCluster)
template: >
src=keycloak-hacluster-init.j2
dest="/etc/init.d/keycloak"
owner="{{ user }}"
group="{{ group }}"
mode="u=rwx,g=r,o=r"
become: yes
become_user: root
tags:
- hacluster
# Init script to start keycloak in Standalone mode
- name: copy init script file (Standalone)
template: >
src=keycloak-standalone-init.j2
dest="/etc/init.d/keycloak"
owner="{{ user }}"
group="{{ group }}"
mode="u=rwx,g=rx,o=rx"
become: yes
become_user: root
tags:
- standalone
# System command to add the init script to enable on startup
- name: add init script to chkconfig and startup on boot
command: chkconfig --level 345 keycloak on
become: yes
become_user: root
tags:
- always
# </---------- setup init script for keycloak, starts the server after reboot ----------->
# <-------------------------Initialize a new admin for keycloak-------------------------->
- name: Add master realm admin account
command: "{{user_home}}/{{ keycloak_install_dir }}/bin/add-user-keycloak.sh -r master -u {{ keycloak_master_account_username }} -p {{ keycloak_master_account_password }}"
args:
creates: "{{user_home}}/{{ keycloak_install_dir }}/standalone/configuration/keycloak-add-user.json"
become: yes
become_user: root
tags:
- always
# <--------------------------open keycloak Identity server firewall port------------------------------>
- name: open firewall port {{ keycloak_server_port }}
firewalld: port="{{ keycloak_server_port }}/tcp"
zone=public permanent=true state=enabled immediate=yes
become: yes
become_user: root
tags:
- always
# <--------------------------start keycloak Identity server------------------------------>
- name: reload Keycloak init script
command: systemctl daemon-reload
become: yes
become_user: root
tags:
- always
# FIXME: restarting Keycloak server doesn't work
- name: stop Keycloak server
service: name=keycloak state=stopped
ignore_errors: yes
become: yes
become_user: root
tags:
- always
- name: start Keycloak server
service: name=keycloak state=started
become: yes
become_user: root
tags:
- always
...