Code owners
Assign users and groups as approvers for specific file changes. Learn more.
main.yml 1.97 KiB
---
- name: install keycloak
pacman: name=keycloak,keycloak-metrics-spi,python-passlib state=present
- name: template keycloak config
template: src=standalone.xml.j2 dest=/etc/keycloak/standalone.xml owner=keycloak group=keycloak mode=600
notify:
- restart keycloak
- name: copy profile.properties
copy: src=profile.properties dest=/etc/keycloak/profile.properties owner=keycloak group=keycloak mode=600
notify:
- restart keycloak
- name: copy custom theme
copy: src=theme/archlinux dest=/opt/keycloak/themes owner=keycloak group=keycloak mode=600
notify:
- restart keycloak
- name: create an admin user
command: /opt/keycloak/bin/add-user-keycloak.sh -r master -u "{{ vault_keycloak_admin_user }}" -p "{{ vault_keycloak_admin_password }}"
args:
creates: /opt/keycloak/standalone/configuration/keycloak-add-user.json
- name: start and enable keycloak
service: name=keycloak enabled=yes state=started
- name: open firewall hole
firewalld: port={{ item }} permanent=true state=enabled immediate=yes
when: configure_firewall
with_items:
- 80/tcp
- 443/tcp
tags:
- firewall
- name: create postgres keycloak user
postgresql_user: name="{{ keycloak_db_user }}" password="{{ keycloak_db_password }}"
become: yes
become_user: postgres
become_method: su
no_log: True
- name: create keycloak db
postgresql_db: name=keycloak owner="{{ keycloak_db_user }}"
become: yes
become_user: postgres
become_method: su
- name: create htpasswd for nginx prometheus endpoint
htpasswd:
path: "{{ keycloak_nginx_htpasswd }}"
name: "{{ vault_keycloak_nginx_user }}"
password: "{{ vault_keycloak_nginx_passwd }}"
owner: root
group: http
mode: 0640
- name: make nginx log dir
file: path="/var/log/nginx/{{ keycloak_domain }}" state=directory owner=root mode=0755
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/keycloak.conf owner=root group=root mode=0644
notify:
- reload nginx
tags: ['nginx']