YOLO deployment for keycloak

host_vars/gabriel.c3heaven.de

+# Before changing this, please make sure that the DNS entries exist, otherwise
+# acmetool will fail horribly!
 acmetool_cert_domains:
  - gabriel.c3heaven.de
  - c3heaven.de
  - lists.c3heaven.de
+ - sso.c3heaven.de
  - wiki.c3heaven.de
 
 nginx_http_locations:

inventory

@@ -15,3 +15,9 @@ gabriel.c3heaven.de
 # Grafana
 #[monitoring]
 #monitoring.c3heaven.de
+
+# Keycloak server
+#
+# These are the Keycloak SSO servers (typically just one)
+[keycloak]
+gabriel.c3heaven.de

keycloak.yml

+# Install and configure Keycloak and its dependencies
+#
+# Please run services-base.yml first.
+
+- name: install and configure Keycloak
+  hosts: keycloak
+  become: yes
+  roles:
+   - keycloak

roles/keycloak/defaults/main.yml

+keycloak_version: "7.0.0"

roles/keycloak/handlers/main.yml

+- name: restart keycloak
+  systemd:
+    name: keycloak
+    state: restarted

roles/keycloak/tasks/main.yml

+- name: install Java
+  apt:
+    name: default-jre
+    state: present
+
+- name: add keycloak user
+  user:
+    name: keycloak
+    system: yes
+    home: /var/lib/keycloak
+    shell: /bin/false
+    create_home: no
+    state: present
+
+- name: check if keycloak is installed
+  stat:
+    path: "/var/lib/keycloak"
+  register: keycloak_installed
+
+- name: download keycloak
+  get_url:
+    url: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.tar.gz"
+    dest: "/tmp/keycloak.tar.gz"
+  when: "keycloak_installed.stat.exists == false"
+
+- name: extract keycloak
+  unarchive:
+    src: "/tmp/keycloak.tar.gz"
+    dest: "/tmp"
+    owner: root
+    group: keycloak
+    remote_src: yes
+  when: "keycloak_installed.stat.exists == false"
+
+- name: install keycloak into target location
+  command: "mv /tmp/keycloak-7.0.0 /var/lib/keycloak"
+  when: "keycloak_installed.stat.exists == false"
+
+- name: fix permissions of keycloak files
+  file:
+    name: "/var/lib/keycloak/{{ item }}"
+    mode: 0600
+    owner: keycloak
+    group: keycloak
+  with_items:
+   - "standalone/configuration/application-roles.properties"
+   - "standalone/configuration/application-users.properties"
+   - "standalone/configuration/logging.properties"
+   - "standalone/configuration/mgmt-groups.properties"
+   - "standalone/configuration/mgmt-users.properties"
+
+- name: create keycloak config, data and log directories
+  file:
+    name: "/var/lib/keycloak/standalone/{{ item }}"
+    owner: keycloak
+    group: keycloak
+    mode: 0700
+    state: directory
+  with_items:
+   - "configuration"
+   - "data"
+   - "log"
+
+- name: create standalone.xml
+  template:
+    src: "standalone.xml.j2"
+    dest: "/var/lib/keycloak/standalone/configuration/standalone.xml"
+    owner: root
+    group: keycloak
+    mode: 0644
+  notify: restart keycloak
+
+- name: install keycloak systemd unit
+  template:
+    src: "keycloak.service.j2"
+    dest: "/etc/systemd/system/keycloak.service"
+
+- name: start keycloak
+  systemd:
+    daemon_reload: yes
+    name: keycloak
+    enabled: yes
+    state: started

roles/keycloak/templates/keycloak.service.j2

+[Unit]
+Description=The WildFly Application Server
+After=network.target
+
+[Service]
+Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
+User=keycloak
+ExecStart=/var/lib/keycloak/bin/standalone.sh
+
+[Install]
+WantedBy=multi-user.target