Google Git
Sign in
apache / airavata / 14e6e7599c120d16a12bb4f883d803a4190e544b / . / dev-tools / ansible / roles / keycloak / tasks / main.yml
blob: 44a5506f9b321c4a22362a0f160c90d835e09a38 [file] [log] [blame]
#
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
---
- name: Install httpd
yum: name="httpd" state=latest update_cache=yes
become: yes
- name: allow httpd to proxy to Keycloak process
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
become: yes
- name: Enable http/s service on public zone (for certbot verification)
firewalld: service={{ item }} permanent=true state=enabled zone=public immediate=True
with_items:
- http
- https
become: yes
# TODO: it seems like a virtual host config of some type is needed for the following to work
- name: copy basic virtual host file so certbot can verify domain
template: src="basic-vhost.conf.j2" dest=/etc/httpd/conf.d/basic-vhost.conf backup=yes
become: yes
- name: start httpd
service: name=httpd state=started enabled=yes
become: yes
- name: check if SSL certificate exists
stat:
path: "{{ keycloak_ssl_certificate_file }}"
register: stat_ssl_cert_result
become: yes
- name: generate certificate if it doesn't exist
command: certbot --apache -d {{ keycloak_vhost_servername }} certonly
become: yes
when: not stat_ssl_cert_result.stat.exists
- name: Add keycloak virtual host config that proxies to the keycloak server
template: src="vhost.conf.j2" dest=/etc/httpd/conf.d/keycloak.conf backup=yes
become: yes
notify:
- restart httpd
# Download keycloak distribution
- name: Download and unarchive keycloak
unarchive: src="{{ keycloak_downlaod_url }}"
dest="{{ user_home }}"
copy=no
owner="{{ user }}"
group="{{ group }}"
creates="{{user_home}}/{{ keycloak_install_dir }}/bin/standalone.sh"
become: true
become_user: "{{ user }}"
tags:
- always
# <---------------------------- Setup Mysql database for keycloak ------------------->
# create folder structure
- file:
path: "{{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main"
state: directory
mode: 0755
become: true
become_user: "{{ user }}"
tags:
- always
- name: Download and unarchive mysql jdbc driver
unarchive: src="{{ mysql_db_connector_download_url }}"
dest="{{ user_home }}"
copy=no
owner="{{ user }}"
group="{{ group }}"
creates="{{user_home}}/{{keycloak_db_connector_name}}/{{keycloak_db_connector_name}}-bin.jar"
become: true
become_user: "{{ user }}"
tags:
- always
- name: move jdbc connector to keycloak module
command: mv {{user_home}}/{{keycloak_db_connector_name}}/{{keycloak_db_connector_name}}-bin.jar {{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main/
become: true
become_user: "{{ user }}"
tags:
- always
- name: copy jdbc module configuration file
template: >
src=module.j2
dest="{{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main/module.xml"
owner="{{ user }}"
group="{{ group }}"
mode="u=rw,g=r,o=r"
become: true
become_user: "{{ user }}"
tags:
- always
# </---------------------------- Setup Mysql database for keycloak - END ------------------->
# <---------------------------- Server Configuration -------------------------------->
# Only Executed for standalone mode (SSL Configuration & MySql)
- name: copy keycloak configuration file (Standalone)
template: >
src=standalone.xml.j2
dest="{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/standalone.xml"
owner="{{ user }}"
group="{{ group }}"
mode="u=rw,g=r,o=r"
become: true
become_user: "{{ user }}"
tags:
- standalone
# </------------------------------ Server Configuration ends ---------------------------->
# <---------- setup init script for keycloak, starts the server after reboot ----------->
# Init script to start keycloak in Standalone mode
- name: copy init script file (Standalone)
template: >
src=keycloak-standalone-init.j2
dest="/etc/init.d/keycloak"
owner="{{ user }}"
group="{{ group }}"
mode="u=rwx,g=rx,o=rx"
become: yes
become_user: root
tags:
- standalone
# System command to add the init script to enable on startup
- name: add init script to chkconfig and startup on boot
command: chkconfig --level 345 keycloak on
become: yes
become_user: root
tags:
- always
# </---------- setup init script for keycloak, starts the server after reboot ----------->
# <-------------------------Initialize a new admin for keycloak-------------------------->
- name: Add master realm admin account
command: "{{user_home}}/{{ keycloak_install_dir }}/bin/add-user-keycloak.sh -r master -u {{ keycloak_master_account_username }} -p {{ keycloak_master_account_password }}"
args:
creates: "{{user_home}}/{{ keycloak_install_dir }}/standalone/configuration/keycloak-add-user.json"
become: yes
become_user: root
tags:
- always
# <--------------------------start keycloak Identity server------------------------------>
- name: reload Keycloak init script
command: systemctl daemon-reload
become: yes
become_user: root
tags:
- always
# FIXME: restarting Keycloak server doesn't work
- name: stop Keycloak server
service: name=keycloak state=stopped
ignore_errors: yes
become: yes
become_user: root
tags:
- always
- name: start Keycloak server
service: name=keycloak state=started
become: yes
become_user: root
tags:
- always
...