gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f3fc209a02'
${ noResults }
hetzner-ansible/roles/keycloak/tasks/main.yml

181 lines
5.4 KiB
YAML
Raw Blame History

---
### tags:
### create_users
### create_groups
### update_realms
### update_deployment
### configure_container
- name: "Setup DNS configuration for {{ inventory_hostname }}"
include_role:
name: _digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}"
- name: "Check if {{ inventory_hostname }}/docker-compose.yml exists"
stat:
path: '{{ service_base_path }}/{{ inventory_hostname }}/docker-compose.yml'
register: check_docker_compose_file
tags:
- update_deployment
- name: "Stop {{ inventory_hostname }}"
shell: docker-compose down
args:
chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
when: check_docker_compose_file.stat.exists
ignore_errors: yes
tags:
- update_deployment
- name: "Deploy docker templates for {{ inventory_hostname }}"
include_role:
name: _deploy
tasks_from: templates
vars:
current_config: "_docker"
current_base_path: "{{ service_base_path }}"
current_destination: "{{ inventory_hostname }}"
current_owner: "{{ docker_owner }}"
current_group: "{{ docker_group }}"
current_docker: "{{ keycloak_docker }}"
- name: "Deploy service templates for {{ inventory_hostname }}"
include_role:
name: _deploy
tasks_from: templates
vars:
current_config: "keycloak"
current_base_path: "{{ service_base_path }}"
current_destination: "{{ inventory_hostname }}"
current_owner: "{{ docker_owner }}"
current_group: "{{ docker_group }}"
- name: "Update {{ inventory_hostname }}"
shell: docker-compose pull
args:
chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
tags:
- update_deployment
- name: "Start {{ inventory_hostname }}"
shell: docker-compose up -d
args:
chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
tags:
- update_deployment
- name: "Setting local keycloak url"
set_fact:
keycloak_server_url: "http://localhost:{{ service_port_keycloak_external }}"
when: "'keycloak' in group_names"
- name: "Wait for <localhost:{{ keycloak_server_url }}>"
wait_for:
host: "localhost"
port: '{{ service_port_keycloak_external }}'
delay: 60
- name: "Authenticate with Keycloak server"
uri:
url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token"
method: POST
body_format: form-urlencoded
body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password'
retries: 5
delay: 5
register: keycloak_authentication
tags:
- create_users
- create_groups
- update_realms
- name: "Printing master realm access_token"
debug:
msg: "{{ keycloak_authentication.json.access_token }}"
tags:
- always
when:
- debug
- name: "Setting smardigo-theme for master realm"
community.general.keycloak_realm:
id: "master"
realm: "master"
auth_realm: "master"
auth_client_id: "admin-cli"
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
auth_keycloak_url: "{{ keycloak_server_url }}/auth"
account_theme: "smardigo-theme"
admin_theme: "smardigo-theme"
login_theme: "smardigo-theme"
registration_allowed: no
reset_password_allowed: no
login_with_email_allowed: no
duplicate_emails_allowed: yes
internationalization_enabled: yes
default_locale: "de"
supported_locales:
- "de"
- "en"
events_enabled: yes
events_expiration: 604800
admin_events_enabled: yes
smtp_server:
host: "{{ shared_service_mail_hostname }}"
from: "{{ keycloak_id }}@smardigo.digital"
events_listeners:
- "jboss-logging"
- "metrics-listener"
state: present
tags:
- update_realms
- name: "Setup realms"
include_tasks: configure_realm.yml
vars:
current_realm_name: '{{ current_realm.name }}'
current_realm_display_name: '{{ current_realm.display_name }}'
current_realm_clients: '{{ current_realm.clients | default([]) }}'
access_token: "{{ keycloak_authentication.json.access_token }}"
with_items: "{{ keycloak.realms }}"
loop_control:
loop_var: current_realm
tags:
- update_realms
- name: "Create realm users"
include_tasks: create_realm_users.yml
vars:
current_realm_name: "{{ item.name }}"
current_realm_users: "{{ item.users | default([]) }}"
access_token: "{{ keycloak_authentication.json.access_token }}"
with_items: "{{ keycloak.realms }}"
tags:
- create_users
- update_realms
- name: "Create realm groups"
include_tasks: create_realm_groups.yml
vars:
current_realm_name: "{{ item.name }}"
current_realm_groups: "{{ item.groups | default([]) }}"
access_token: "{{ keycloak_authentication.json.access_token }}"
with_items: "{{ keycloak.realms }}"
tags:
- create_groups
- update_realms
#- name: "Activate event listeners"
# shell: |
# docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD"
# docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'"
# docker exec {{ keycloak_id }} /bin/sh -c "usr/bin/rm -f /opt/jboss/.keycloak/kcadm.config"
# tags:
# - update_deployment
# - configure_container
Reference in New Issue View Git Blame Copy Permalink