--- ### tags: ### create_users ### create_groups ### update_realms ### update_deployment - name: "Setup DNS configuration for {{ inventory_hostname }}" include_role: name: _digitalocean tasks_from: domain vars: record_data: "{{ stage_server_ip }}" record_name: "{{ inventory_hostname }}" - name: "Check if {{ inventory_hostname }}/docker-compose.yml exists" stat: path: '{{ service_base_path }}/{{ inventory_hostname }}/docker-compose.yml' register: check_docker_compose_file tags: - update_deployment - name: "Stop {{ inventory_hostname }}" shell: docker-compose down args: chdir: '{{ service_base_path }}/{{ inventory_hostname }}' when: check_docker_compose_file.stat.exists ignore_errors: yes tags: - update_deployment - name: "Deploy docker templates for {{ inventory_hostname }}" include_role: name: _deploy tasks_from: templates vars: current_config: "_docker" current_base_path: "{{ service_base_path }}" current_destination: "{{ inventory_hostname }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" current_docker: "{{ keycloak_docker }}" - name: "Deploy service templates for {{ inventory_hostname }}" include_role: name: _deploy tasks_from: templates vars: current_config: "keycloak" current_base_path: "{{ service_base_path }}" current_destination: "{{ inventory_hostname }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" - name: "Update {{ inventory_hostname }}" shell: docker-compose pull args: chdir: '{{ service_base_path }}/{{ inventory_hostname }}' tags: - update_deployment - name: "Start {{ inventory_hostname }}" shell: docker-compose up -d args: chdir: '{{ service_base_path }}/{{ inventory_hostname }}' tags: - update_deployment - name: "Wait for {{ service_port_keycloak_external }}" wait_for: port: '{{ service_port_keycloak_external }}' delay: 60 - name: "Authenticate with Keycloak server" uri: url: "http://localhost:{{ service_port_keycloak_external }}/auth/realms/master/protocol/openid-connect/token" method: POST body_format: form-urlencoded body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password' retries: 5 delay: 5 register: keycloak_authentication tags: - create_users - create_groups - update_realms - name: "Setup realms" include_tasks: configure_realm.yml vars: current_realm_name: '{{ current_realm.name }}' current_realm_display_name: '{{ current_realm.display_name }}' current_realm_clients: '{{ current_realm.clients | default([]) }}' access_token: "{{ keycloak_authentication.json.access_token }}" with_items: "{{ keycloak.realms }}" loop_control: loop_var: current_realm tags: - update_realms - name: "Create realm users" include_tasks: create_realm_users.yml vars: current_realm_name: "{{ item.name }}" current_realm_users: "{{ item.users | default([]) }}" access_token: "{{ keycloak_authentication.json.access_token }}" with_items: "{{ keycloak.realms }}" tags: - create_users - update_realms - name: "Create realm groups" include_tasks: create_realm_groups.yml vars: current_realm_name: "{{ item.name }}" current_realm_groups: "{{ item.groups | default([]) }}" access_token: "{{ keycloak_authentication.json.access_token }}" with_items: "{{ keycloak.realms }}" tags: - create_groups - update_realms - name: "Activate event listeners" shell: | docker exec "{{ keycloak_id }} /bin/sh -c '/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD'" docker exec "{{ keycloak_id }} /bin/sh -c '/opt/jboss/keycloak/bin/kcadm.sh update events/config -s "eventsEnabled=true" -s "adminEventsEnabled=true" -s "eventsListeners+=metrics-listener"'" docker exec "{{ keycloak_id }} /bin/sh -c 'usr/bin/rm -f /opt/jboss/.keycloak/kcadm.config'" tags: - update_deployment