# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # --- - name: Create Keycloak source directory file: path={{ keycloak_deployment_dir }} state=directory mode=0755 owner={{ user }} group={{ group }} become: yes - name: Create Keycloak source directory file: path={{ keycloak_source_dir }} state=directory mode=0755 owner={{ user }} group={{ group }} become: yes # Clone Keycloak repo - name: git checkout from Keycloak github repo {{ keycloak_repo }} # branch {{ keycloak_git_branch }} git: repo: "{{ keycloak_repo }}" dest: "{{ keycloak_source_dir }}" version: "9.0.2" force: yes register: checkout tags: update become: yes become_user: "{{ user }}" #- name: Run Keycloak maven build # command: mvn -Pdistribution -pl distribution/server-dist -am -Dmaven.test.skip clean install chdir="{{ keycloak_source_dir }}/" # environment: # MAVEN_OPTS: "-Xmx2048m" # register: build # tags: update # become: yes # become_user: "{{ user }}" - name: Delete configuration directories of the distributions file: state: absent path: "{{ keycloak_install_dir }}/standalone/configuration" become: yes become_user: "{{ user }}" ignore_errors: yes # Unarchive keycloak distribution - name: Unarchive keycloak unarchive: src: "{{ keycloak_source_dir }}/distribution/server-dist/target/keycloak-{{ keycloak_version }}.zip" dest: "{{ user_home }}" copy: no become: yes become_user: "{{ user }}" - name: Create modules/system/layers/keycloak/org/postgresql directory become: yes file: path: "{{ keycloak_deployment_dir }}/modules/system/layers/keycloak/org/postgresql/main" state: directory mode: 0755 owner: "{{ user }}" group: "{{ group }}" - name: copy module.xml to org/postgresql dir template: src: module.xml.j2 dest: "{{ keycloak_deployment_dir }}/modules/system/layers/keycloak/org/postgresql/main/module.xml" owner: "{{ user }}" group: "{{ group }}" mode: '0644' become: yes become_user: "{{ user }}" - name: Download postgresql jar ansible.builtin.get_url: url: https://jdbc.postgresql.org/download/postgresql-42.3.6.jar dest: "{{ keycloak_deployment_dir }}/modules/system/layers/keycloak/org/postgresql/main/postgresql-42.3.6.jar" mode: '0644' become: yes become_user: "{{ user }}" - name: Setup postgresql for keycloak include_tasks: setup_postgres.yml - name: Restore old server's dump file include_tasks: restore_db.yml tags: [never, migrate_db] # <---------------------------- Server Configuration --------------------------------> # SSL Configuration & postgresql - name: copy keycloak configuration file (Standalone) template: > src=standalone.xml.j2 dest="{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/standalone.xml" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" become: yes become_user: "{{ user }}" tags: - standalone # </------------------------------ Server Configuration ends ----------------------------> # <---------- setup init script for keycloak, starts the server after reboot -----------> - name: Create Keycloak run directory become: yes file: path: "{{ user_home }}/run" state: directory mode: 0755 owner: "{{ user }}" group: "{{ group }}" - name: Copy keycloak script to run directory template: > src=keycloak-standalone-init.j2 dest="{{ user_home }}/run/keycloak.sh" owner="{{ user }}" group="{{ group }}" mode="u=rwx,g=rx,o=rx" become: yes become_user: "{{ user }}" tags: - standalone - name: copy systemd script file (Standalone) for {{ user }} template: > src=keycloak.service.j2 dest="/etc/systemd/system/keycloak.service" owner="{{ user }}" group="{{ group }}" mode="u=rwx,g=rx,o=rx" become: yes tags: - standalone # <--------------------------start keycloak Identity server------------------------------> - name: reload systemctl daemon command: systemctl daemon-reload become: yes tags: - always - name: Restart Keycloak server service: name: keycloak state: restarted enabled: yes become: yes