thetribeio · micklenormand · Jun 21, 2024 · May 15, 2024
diff --git a/deploy/tasks/main.yaml b/deploy/tasks/main.yaml
@@ -10,7 +10,7 @@
 
 - name: Register artifact_url variable
   set_fact:
-    artifact_url: '{{ artifacts.json|json_query(query) }}'
+    artifact_url: '{{ artifacts.json | json_query(query) }}'
   vars:
     query: '[?path==`{{ (artifact_path is defined) | ternary(artifact_path, "home/circleci/project/" ~ artifact|default("")) }}`].url | [0]'
   when: artifact_file is not defined
@@ -42,7 +42,7 @@
    state: touch
    mode: 0644

 - name: Download the archive
  get_url:
    url: '{{ artifact_url }}'
    dest: '{{ deploy_helper.new_release_path }}/archive.tar.gz'
@@ -50,7 +50,7 @@
      Circle-Token: '{{ circleci_token }}'
  when: artifact_file is not defined

 - name: Copy the archive on the server
  copy:
    src: '{{ artifact_file }}'
    dest: '{{ deploy_helper.new_release_path }}/archive.tar.gz'

diff --git a/keycloak/defaults/main.yaml b/keycloak/defaults/main.yaml
@@ -0,0 +1,7 @@
+keycloak_version: "24.0.4"
+kc_db: "postgres"
+kc_db_url: "jdbc:postgresql://postgres:5432/keycloak"
+kc_db_username: "user"
+kc_db_password: "password"
+kc_hostname: "localhost"
+kc_log_level: "INFO"
diff --git a/keycloak/handlers/main.yaml b/keycloak/handlers/main.yaml
@@ -0,0 +1,7 @@
+---
+- name: Restart service keycloak
+  systemd:
+    name: 'keycloak'
+    state: restarted
+    daemon_reload: true
+    enabled: true
diff --git a/keycloak/tasks/main.yaml b/keycloak/tasks/main.yaml
@@ -0,0 +1,59 @@
+---
+- name: Install prerequisites for Keycloak
+  ansible.builtin.apt:
+    name:
+      - openjdk-17-jdk
+      - unzip
+    state: present
+
+- name: Download Keycloak
+  ansible.builtin.get_url:
+    url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
+    dest: "/tmp/keycloak-{{ keycloak_version }}.zip"
+    mode: '0644'
+
+- name: Extract Keycloak
+  ansible.builtin.unarchive:
+    src: "/tmp/keycloak-{{ keycloak_version }}.zip"
+    dest: "/opt/"
+    creates: "/opt/keycloak-{{ keycloak_version }}"
+    remote_src: true
+
+- name: Create a symbolic link for Keycloak
+  ansible.builtin.file:
+    src: "/opt/keycloak-{{ keycloak_version }}"
+    dest: "/opt/keycloak"
+    state: link
+
+- name: Create keycloak user
+  ansible.builtin.user:
+    name: keycloak
+    system: true
+    shell: /bin/false
+
+- name: Ensure data directory exists and is owned by user keycloak
+  ansible.builtin.file:
+    path: /opt/keycloak/data
+    state: directory
+    owner: keycloak
+    group: keycloak
+    mode: '0750'
+
+- name: Make kc.sh executable
+  ansible.builtin.file:
+    path: /opt/keycloak/bin/kc.sh
+    mode: '0755'
+
+- name: Configure Keycloak service
+  ansible.builtin.template:
+    src: keycloak.conf.j2
+    dest: "/etc/systemd/system/keycloak.service"
+    mode: '0644'
+  notify:
+    - restart service keycloak
+
+- name: Enable and start the Keycloak service
+  ansible.builtin.systemd:
+    name: keycloak
+    enabled: true
+    state: started
diff --git a/keycloak/templates/keycloak.conf.j2 b/keycloak/templates/keycloak.conf.j2
@@ -0,0 +1,25 @@
+[Unit]
+Description=Keycloak
+After=network.target
+
+[Service]
+Type=idle
+User=keycloak
+ExecStart=/opt/keycloak/bin/kc.sh start
+Environment="KC_DB={{ kc_db }}"
+Environment="KC_DB_URL={{ kc_db_url }}"
+Environment="KC_DB_USERNAME={{ kc_db_username }}"
+Environment="KC_DB_PASSWORD={{ kc_db_password|replace('\\', '\\x5c')|replace('"', '\\x22')|replace('%', '%%') }}"
+Environment="KC_LOG_LEVEL={{ kc_log_level }}"
+Environment="KEYCLOAK_ADMIN={{ keycloak_admin_username }}"
+Environment="KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password|replace('\\', '\\x5c')|replace('"', '\\x22')|replace('%', '%%')}}"
+Environment="KC_HOSTNAME={{ kc_hostname }}"
+Environment="KC_HOSTNAME_STRICT=false"
+Environment="KC_HTTP_RELATIVE_PATH=/"
+Environment="KC_PROXY=edge"
+Environment="KC_LOG_LEVEL=DEBUG"
+
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/site/tasks/main.yaml b/site/tasks/main.yaml
@@ -13,7 +13,7 @@
     name: htpasswd
   vars:
     htpasswd_path: /etc/nginx/{{ site }}.htpasswd
-    htpasswd_user: '{{ basic_auth_user|default(site) }}'
+    htpasswd_user: '{{ basic_auth_user | default(site) }}'
     htpasswd_password: '{{ basic_auth_password }}'
   when: basic_auth_password is defined and basic_auth_password is not none