hetzner-ansible/roles/keycloak/tasks/main.yml

---

### tags:
###   create_users
###   update_realms
###   update_deployment

- name: "Send mattermost messsge"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
    method: POST
    body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
    body_format: json
    headers:
      Content-Type: "application/json"
  delegate_to: 127.0.0.1
  become: false
  when:
    - send_status_messages

- name: "Setup DNS configuration for {{ service_name }}"
  include_role:
    name: _digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ service_name }}"

- name: "Check if {{ service_name }}/docker-compose.yml exists"
  stat:
    path: '{{ service_base_path }}/{{ service_name }}/docker-compose.yml'
  register: check_docker_compose_file
  tags:
    - update_deployment

- name: "Stop {{ service_name }}"
  shell: docker-compose down
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  when: check_docker_compose_file.stat.exists
  ignore_errors: yes
  tags:
    - update_deployment

- name: "Deploy docker templates for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ service_name }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
    current_docker: "{{ keycloak_docker }}"

- name: "Deploy service templates for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: templates
  vars:
    current_config: "keycloak"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ service_name }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"

- name: "Update {{ service_name }}"
  shell: docker-compose pull
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  tags:
    - update_deployment

- name: "Start {{ service_name }}"
  shell: docker-compose up -d
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  tags:
    - update_deployment

- name: "Update landing page for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: caddy_landing_page
  vars:
    current_services: [
      {
        current_name: "{{ service_name }}",
        current_url: "{{ http_s }}://{{ keycloak_id }}.{{ domain }}",
        current_version: "{{ keycloak_version }}",
        current_date: "{{ ansible_date_time.iso8601 }}",
      },
    ]
  tags:
    - update_deployment

- name: "Wait for {{ service_port_keycloak_external }}"
  wait_for:
    port: '{{ service_port_keycloak_external }}'
    delay: 60

- name: "Authenticate with Keycloak server"
  uri:
    url: "http://localhost:{{ service_port_keycloak_external }}/auth/realms/master/protocol/openid-connect/token"
    method: POST
    body_format: form-urlencoded
    body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password'
  retries: 5
  delay: 5
  register: keycloak_authentication
  tags:
    - create_users
    - update_realms

- name: "Create user storage provider in master realm"
  include_tasks: configure_user_storage_provider_ldap.yml
  vars:
    access_token: "{{ keycloak_authentication.json.access_token }}"
    realm: master
    provider_name: '{{ item.name }}'
    ldap_username: '{{ item.username }}'
    ldap_password: '{{ item.password }}'
    ldap_connection_url: '{{ item.connection_url }}'
    ldap_username_attribute: '{{ item.username_attribute }}'
    usersDn: '{{ item.usersDn }}'
    custom_user_search_filter: '{{ item.custom_user_search_filter }}'
    search_scope: '{{ item.search_scope }}'
    hardcoded_user_roles: '{{ item.hardcoded_user_roles }}'
  with_items: "{{ keycloak.master.ldap | default([]) }}"
  when: keycloak.master is defined
  tags:
    - update_realms

- name: "Setup realms"
  include_tasks: configure_realm.yml
  vars:
    current_realm_name: '{{ current_realm.name }}'
    current_realm_display_name: '{{ current_realm.display_name }}'
    current_realm_clients: '{{ current_realm.clients | default([]) }}'
    current_realm_ldaps: '{{ current_realm.ldaps | default([]) }}'
    access_token: "{{ keycloak_authentication.json.access_token }}"
  with_items: "{{ keycloak.realms }}"
  loop_control:
    loop_var: current_realm
  tags:
    - update_realms

- name: "Create realm users"
  include_tasks: create_realm_users.yml
  vars:
    current_realm_name: "{{ item.name }}"
    current_realm_users: "{{ item.users | default([]) }}"
    access_token: "{{ keycloak_authentication.json.access_token }}"
  with_items: "{{ keycloak.realms }}"
  tags:
    - create_users
    - update_realms

- name: "Send mattermost messsge"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
    method: POST
    body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
    body_format: json
    headers:
      Content-Type: "application/json"
  delegate_to: 127.0.0.1
  become: false
  when:
    - send_status_messages