mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-05 21:06:02 +02:00
4112bdf9fd
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
80 lines
2.3 KiB
YAML
80 lines
2.3 KiB
YAML
---
|
|
|
|
- name: install keycloak
|
|
pacman: name=keycloak,keycloak-metrics-spi,python-passlib state=present
|
|
|
|
- name: template keycloak config
|
|
template: src=standalone.xml.j2 dest=/etc/keycloak/standalone.xml owner=keycloak group=keycloak mode=600
|
|
notify:
|
|
- restart keycloak
|
|
|
|
- name: copy profile.properties
|
|
copy: src=profile.properties dest=/etc/keycloak/profile.properties owner=keycloak group=keycloak mode=600
|
|
notify:
|
|
- restart keycloak
|
|
|
|
- name: copy custom theme
|
|
copy: src=theme/archlinux dest=/opt/keycloak/themes owner=keycloak group=keycloak mode=755
|
|
notify:
|
|
- restart keycloak
|
|
|
|
- name: request a bearer token
|
|
uri:
|
|
url: http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/token
|
|
method: POST
|
|
body_format: form-urlencoded
|
|
body:
|
|
username: "{{ vault_keycloak_admin_user }}"
|
|
password: "{{ vault_keycloak_admin_password }}"
|
|
grant_type: password
|
|
client_id: admin-cli
|
|
ignore_errors: true
|
|
register: token
|
|
|
|
- name: create an admin user
|
|
command: /opt/keycloak/bin/add-user-keycloak.sh -r master -u "{{ vault_keycloak_admin_user }}" -p "{{ vault_keycloak_admin_password }}"
|
|
when: token.status == 401
|
|
|
|
- name: start and enable keycloak
|
|
service: name=keycloak enabled=yes state=started
|
|
|
|
- name: open firewall hole
|
|
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
|
|
when: configure_firewall
|
|
with_items:
|
|
- 80/tcp
|
|
- 443/tcp
|
|
tags:
|
|
- firewall
|
|
|
|
- name: create postgres keycloak user
|
|
postgresql_user: name="{{ keycloak_db_user }}" password="{{ keycloak_db_password }}"
|
|
become: true
|
|
become_user: postgres
|
|
become_method: su
|
|
no_log: true
|
|
|
|
- name: create keycloak db
|
|
postgresql_db: name=keycloak owner="{{ keycloak_db_user }}"
|
|
become: true
|
|
become_user: postgres
|
|
become_method: su
|
|
|
|
- name: create htpasswd for nginx prometheus endpoint
|
|
htpasswd:
|
|
path: "{{ keycloak_nginx_htpasswd }}"
|
|
name: "{{ vault_keycloak_nginx_user }}"
|
|
password: "{{ vault_keycloak_nginx_passwd }}"
|
|
owner: root
|
|
group: http
|
|
mode: 0640
|
|
|
|
- name: make nginx log dir
|
|
file: path="/var/log/nginx/{{ keycloak_domain }}" state=directory owner=root mode=0755
|
|
|
|
- name: set up nginx
|
|
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/keycloak.conf owner=root group=root mode=0644
|
|
notify:
|
|
- reload nginx
|
|
tags: ['nginx']
|