diff --git a/deploy/tasks/main.yaml b/deploy/tasks/main.yaml index 29131fe..add5a6c 100644 --- a/deploy/tasks/main.yaml +++ b/deploy/tasks/main.yaml @@ -10,7 +10,7 @@ - name: Register artifact_url variable set_fact: - artifact_url: '{{ artifacts.json|json_query(query) }}' + artifact_url: '{{ artifacts.json | json_query(query) }}' vars: query: '[?path==`{{ (artifact_path is defined) | ternary(artifact_path, "home/circleci/project/" ~ artifact|default("")) }}`].url | [0]' when: artifact_file is not defined diff --git a/keycloak/defaults/main.yaml b/keycloak/defaults/main.yaml new file mode 100644 index 0000000..193e0d5 --- /dev/null +++ b/keycloak/defaults/main.yaml @@ -0,0 +1,7 @@ +keycloak_version: "24.0.4" +kc_db: "postgres" +kc_db_url: "jdbc:postgresql://postgres:5432/keycloak" +kc_db_username: "user" +kc_db_password: "password" +kc_hostname: "localhost" +kc_log_level: "INFO" diff --git a/keycloak/handlers/main.yaml b/keycloak/handlers/main.yaml new file mode 100644 index 0000000..b89e2eb --- /dev/null +++ b/keycloak/handlers/main.yaml @@ -0,0 +1,7 @@ +--- +- name: Restart service keycloak + systemd: + name: 'keycloak' + state: restarted + daemon_reload: true + enabled: true diff --git a/keycloak/tasks/main.yaml b/keycloak/tasks/main.yaml new file mode 100644 index 0000000..9566688 --- /dev/null +++ b/keycloak/tasks/main.yaml @@ -0,0 +1,59 @@ +--- +- name: Install prerequisites for Keycloak + ansible.builtin.apt: + name: + - openjdk-17-jdk + - unzip + state: present + +- name: Download Keycloak + ansible.builtin.get_url: + url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip" + dest: "/tmp/keycloak-{{ keycloak_version }}.zip" + mode: '0644' + +- name: Extract Keycloak + ansible.builtin.unarchive: + src: "/tmp/keycloak-{{ keycloak_version }}.zip" + dest: "/opt/" + creates: "/opt/keycloak-{{ keycloak_version }}" + remote_src: true + +- name: Create a symbolic link for Keycloak + ansible.builtin.file: + src: "/opt/keycloak-{{ keycloak_version }}" + dest: "/opt/keycloak" + state: link + +- name: Create keycloak user + ansible.builtin.user: + name: keycloak + system: true + shell: /bin/false + +- name: Ensure data directory exists and is owned by user keycloak + ansible.builtin.file: + path: /opt/keycloak/data + state: directory + owner: keycloak + group: keycloak + mode: '0750' + +- name: Make kc.sh executable + ansible.builtin.file: + path: /opt/keycloak/bin/kc.sh + mode: '0755' + +- name: Configure Keycloak service + ansible.builtin.template: + src: keycloak.conf.j2 + dest: "/etc/systemd/system/keycloak.service" + mode: '0644' + notify: + - restart service keycloak + +- name: Enable and start the Keycloak service + ansible.builtin.systemd: + name: keycloak + enabled: true + state: started diff --git a/keycloak/templates/keycloak.conf.j2 b/keycloak/templates/keycloak.conf.j2 new file mode 100644 index 0000000..b8e1c8c --- /dev/null +++ b/keycloak/templates/keycloak.conf.j2 @@ -0,0 +1,25 @@ +[Unit] +Description=Keycloak +After=network.target + +[Service] +Type=idle +User=keycloak +ExecStart=/opt/keycloak/bin/kc.sh start +Environment="KC_DB={{ kc_db }}" +Environment="KC_DB_URL={{ kc_db_url }}" +Environment="KC_DB_USERNAME={{ kc_db_username }}" +Environment="KC_DB_PASSWORD={{ kc_db_password|replace('\\', '\\x5c')|replace('"', '\\x22')|replace('%', '%%') }}" +Environment="KC_LOG_LEVEL={{ kc_log_level }}" +Environment="KEYCLOAK_ADMIN={{ keycloak_admin_username }}" +Environment="KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password|replace('\\', '\\x5c')|replace('"', '\\x22')|replace('%', '%%')}}" +Environment="KC_HOSTNAME={{ kc_hostname }}" +Environment="KC_HOSTNAME_STRICT=false" +Environment="KC_HTTP_RELATIVE_PATH=/" +Environment="KC_PROXY=edge" +Environment="KC_LOG_LEVEL=DEBUG" + +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/site/tasks/main.yaml b/site/tasks/main.yaml index 7a3837b..24426a7 100644 --- a/site/tasks/main.yaml +++ b/site/tasks/main.yaml @@ -13,7 +13,7 @@ name: htpasswd vars: htpasswd_path: /etc/nginx/{{ site }}.htpasswd - htpasswd_user: '{{ basic_auth_user|default(site) }}' + htpasswd_user: '{{ basic_auth_user | default(site) }}' htpasswd_password: '{{ basic_auth_password }}' when: basic_auth_password is defined and basic_auth_password is not none