-
Evangelos Foutras authored
Fixes: 26f289b7 ("Capitalize the first letter of all task names")
Evangelos Foutras authoredFixes: 26f289b7 ("Capitalize the first letter of all task names")
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
main.yml 2.72 KiB
- name: Install keycloak
pacman: name=jre11-openjdk,keycloak,keycloak-archlinux-theme,keycloak-metrics-spi,python-passlib state=present
- name: Create postgres keycloak user
postgresql_user: name="{{ vault_keycloak_db_user }}" password="{{ vault_keycloak_db_password }}"
become: true
become_user: postgres
become_method: su
no_log: true
- name: Create keycloak db
postgresql_db: name="{{ keycloak_db_name }}" owner="{{ vault_keycloak_db_user }}"
become: true
become_user: postgres
become_method: su
- name: Template keycloak config
template: src=keycloak.conf.j2 dest=/etc/keycloak/keycloak.conf owner=root group=keycloak mode=640
no_log: true
notify:
- Restart keycloak
- name: Create drop-in directory for keycloak.service
file: path=/etc/systemd/system/keycloak.service.d state=directory owner=root group=root mode=0755
- name: Get service facts
service_facts:
- name: Create an admin user when first starting keycloak
block:
- name: Install admin creation drop-in for keycloak.service
copy: src=create-keycloak-admin.conf dest=/etc/systemd/system/keycloak.service.d/ owner=root group=root mode=0644
- name: Install temporary environment file with admin credentials
template: src=admin-user.conf.j2 dest=/etc/keycloak/admin-user.conf owner=root group=root mode=0600
no_log: true
- name: Start and enable keycloak
service: name=keycloak enabled=yes daemon_reload=yes state=started
- name: Wait for keycloak to initialize
wait_for: port={{ keycloak_port }}
always:
- name: Remove admin credentials once keycloak is running
file: path=/etc/keycloak/admin-user.conf state=absent
- name: Remove admin creation drop-in
file: path=/etc/systemd/system/keycloak.service.d/create-keycloak-admin.conf state=absent
notify:
- Daemon reload
when: ansible_facts.services["keycloak.service"]["state"] != "running"
- name: Open firewall hole
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
when: configure_firewall
with_items:
- 80/tcp
- 443/tcp
tags:
- firewall
- name: Create htpasswd for nginx prometheus endpoint
htpasswd:
path: "{{ keycloak_nginx_htpasswd }}"
name: "{{ vault_keycloak_nginx_user }}"
password: "{{ vault_keycloak_nginx_passwd }}"
owner: root
group: http
mode: 0640