From f7f8dae5843f01906310bfaa5880c718c878694d Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Sun, 6 Jun 2021 17:10:40 +0200
Subject: [PATCH] keycloak: Use a better db password
---
group_vars/all/vault_keycloak.yml | 43 ++++++++++++----------
roles/keycloak/defaults/main.yml | 2 -
roles/keycloak/tasks/main.yml | 4 +-
roles/keycloak/templates/standalone.xml.j2 | 6 +--
4 files changed, 29 insertions(+), 26 deletions(-)
diff --git a/group_vars/all/vault_keycloak.yml b/group_vars/all/vault_keycloak.yml
index 3853c5c51..7023f8d87 100644
--- a/group_vars/all/vault_keycloak.yml
+++ b/group_vars/all/vault_keycloak.yml
@@ -1,20 +1,25 @@
$ANSIBLE_VAULT;1.1;AES256
-33633161366238616563613336356635353433646634623833303462623731616439336533396263
-3234313663646437663864316637623065326434643132630a643536666665346331316339363034
-39313739346138353061623139303034656339316262646161396338313065316461336636663661
-3163663737393062370a396238663831313366646138663161353930616532373936663533616535
-62613266386534343937313762323263363665366564313931646237663934616437326364313030
-37323034306165626130343639326564393239633033343633623261366431656139626136356434
-33666261303831346339653135363134646663323633306462616233623239333864353832393336
-30343335316463333134363937366335343561303434396364383362386139303933386630336233
-66616335633338353232636231333065326232383665613131393263336333653662393738633433
-66643063336531613030376462353962656536376336383838356162313864373434366639323064
-62366661396532356238663030303163623836313165643039623838383736346161373534623236
-30373764396663643861653238303535336235643762326134363238656464633463386135343665
-39306265653636656361633433333162333235633435386232646163316564323938646662363631
-63316462373137653138323535313933626430373631666236636534666232613262303439313739
-36353534333965326666643132636630383634353230303063313735353133643933643634303061
-39343162373463376332306330656535613833616137323738336337376230343863393363633037
-62613733306466626263643237303930386634373635643166653439613230656335366262666434
-62636334323733303932386464343834373239633831653263323862376335333236336563316136
-633064616535613235343934383333623930
+64326337646461313665316164323764313937643638663430643162313233653132366535303462
+3932656466316661353738313135373866663631333061650a613566316364393730653965393361
+64623737363334636163383137376230663630373236393935313633346363633636616161383462
+6235616162613134330a613231353965663539396636303235323438346663653466376339306638
+61353864633933363361636234313634323231356163383364616161623734636332626233666164
+61633930373263653038383866396431636138633963346133383266306132373339323135373362
+61383065303036336235316564336438393432656631333063363333663066316565323736343539
+33343731333566323530346466383333613561333034383131366138623437663030336466383231
+31363539323964363565663537623036396130313938646662323265386234623735363666636562
+34646130363336643032313533343537646365633530323536643765633135393331333339306466
+65643637633038376364333566393233343262323232373538393238653332366330656537373638
+62343564383833376162316365666230636234623161313036636462353031303936373332633839
+39366436386438383162653637343937326561303465376138633634636161643535373233396461
+64373236633834333565623830393339353539623163353463386364613862333039663364636235
+37626666636335366330376331613430356165376539623136613435653563633534613561373830
+64373038336238343131393839623830656232373634376430633164626564353435613036326631
+32393734633635326132326233353636623664656137643239363630613833353431333765616665
+33303538323266313335353865666237366436323665646439326162373962376430393033326363
+65613732353266376662383730666566343563386131313362303664326237393832363732353938
+33303635646530643062393432383266666435363566633365363061623966636535643864363337
+31646637646265353532383439313439353434653135616462636530613737393632623533383364
+32326238366436623664306330616635623065396466643262346461386464393133313162353766
+32383435353535316630316462303734303062366264633735646664656363656465313562653761
+30396261373236623065
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index db8cbd1dd..7f2812bdd 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -1,6 +1,4 @@
keycloak_db_name: keycloak
-keycloak_db_user: keycloak
-keycloak_db_password: keycloak
keycloak_domain: accounts.archlinux.org
keycloak_home_dir: /opt/keycloak
keycloak_port: "8443"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index cb11d9cae..9f1cb3f2c 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -48,14 +48,14 @@
- firewall
- name: create postgres keycloak user
- postgresql_user: name="{{ keycloak_db_user }}" password="{{ keycloak_db_password }}"
+ postgresql_user: name="{{ vault_keycloak_db_user }}" password="{{ vault_keycloak_db_password }}"
become: true
become_user: postgres
become_method: su
no_log: true
- name: create keycloak db
- postgresql_db: name=keycloak owner="{{ keycloak_db_user }}"
+ postgresql_db: name=keycloak owner="{{ vault_keycloak_db_user }}"
become: true
become_user: postgres
become_method: su
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index f240ae5f5..6ef12dff6 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -442,11 +442,11 @@
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
- <connection-url>jdbc:postgresql://localhost:5432/keycloak</connection-url>
+ <connection-url>jdbc:postgresql://localhost:5432/{{ keycloak_db_name }}</connection-url>
<driver>postgresql</driver>
<security>
- <user-name>keycloak</user-name>
- <password>keycloak</password>
+ <user-name>{{ vault_keycloak_db_user }}</user-name>
+ <password>{{ vault_keycloak_db_password }}</password>
</security>
</datasource>
<drivers>
--
GitLab