mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
master
infrastructure/roles/keycloak/tasks/main.yml

76 lines
2.6 KiB
YAML
Raw Permalink Blame History

- name: Install keycloak
pacman: name=keycloak,keycloak-archlinux-theme,keycloak-metrics-spi,keycloak-hcaptcha,python-passlib state=present
- name: Create postgres keycloak user
postgresql_user: name="{{ vault_keycloak_db_user }}" password="{{ vault_keycloak_db_password }}"
become: true
become_user: postgres
become_method: ansible.builtin.su
no_log: true
- name: Create keycloak db
postgresql_db: name="{{ keycloak_db_name }}" owner="{{ vault_keycloak_db_user }}"
become: true
become_user: postgres
become_method: ansible.builtin.su
- name: Template keycloak config
template: src=keycloak.conf.j2 dest=/etc/keycloak/keycloak.conf owner=root group=keycloak mode=640
no_log: true
notify:
- Restart keycloak
- name: Create drop-in directory for keycloak.service
file: path=/etc/systemd/system/keycloak.service.d state=directory owner=root group=root mode=0755
- name: Get service facts
service_facts:
- name: Create an admin user when first starting keycloak
when: ansible_facts.services["keycloak.service"]["state"] != "running"
block:
- name: Install admin creation drop-in for keycloak.service
copy: src=create-keycloak-admin.conf dest=/etc/systemd/system/keycloak.service.d/ owner=root group=root mode=0644
- name: Install temporary environment file with admin credentials
template: src=admin-user.conf.j2 dest=/etc/keycloak/admin-user.conf owner=root group=root mode=0600
no_log: true
- name: Start and enable keycloak
systemd_service: name=keycloak enabled=yes daemon_reload=yes state=started
- name: Wait for keycloak to initialize
wait_for: port={{ keycloak_port }}
always:
- name: Remove admin credentials once keycloak is running
file: path=/etc/keycloak/admin-user.conf state=absent
- name: Remove admin creation drop-in
file: path=/etc/systemd/system/keycloak.service.d/create-keycloak-admin.conf state=absent
notify:
- Daemon reload
- name: Create htpasswd for nginx prometheus endpoint
htpasswd:
path: "{{ keycloak_nginx_htpasswd }}"
name: "{{ vault_keycloak_nginx_user }}"
password: "{{ vault_keycloak_nginx_passwd }}"
owner: root
group: http
mode: '0640'
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ keycloak_domain }}"]
- name: Make nginx log dir
file: path="/var/log/nginx/{{ keycloak_domain }}" state=directory owner=root mode=0755
- name: Set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/keycloak.conf owner=root group=root mode=0644
notify:
- Reload nginx
tags: ['nginx']
View Git Blame Copy Permalink