Commit ce36ab02 authored by MichiK's avatar MichiK

YOLO deployment for keycloak

parent ac2068a7
# Before changing this, please make sure that the DNS entries exist, otherwise
# acmetool will fail horribly!
acmetool_cert_domains:
- gabriel.c3heaven.de
- c3heaven.de
- lists.c3heaven.de
- sso.c3heaven.de
- wiki.c3heaven.de
nginx_http_locations:
......
......@@ -15,3 +15,9 @@ gabriel.c3heaven.de
# Grafana
#[monitoring]
#monitoring.c3heaven.de
# Keycloak server
#
# These are the Keycloak SSO servers (typically just one)
[keycloak]
gabriel.c3heaven.de
# Install and configure Keycloak and its dependencies
#
# Please run services-base.yml first.
- name: install and configure Keycloak
hosts: keycloak
become: yes
roles:
- keycloak
keycloak_version: "7.0.0"
- name: restart keycloak
systemd:
name: keycloak
state: restarted
- name: install Java
apt:
name: default-jre
state: present
- name: add keycloak user
user:
name: keycloak
system: yes
home: /var/lib/keycloak
shell: /bin/false
create_home: no
state: present
- name: check if keycloak is installed
stat:
path: "/var/lib/keycloak"
register: keycloak_installed
- name: download keycloak
get_url:
url: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.tar.gz"
dest: "/tmp/keycloak.tar.gz"
when: "keycloak_installed.stat.exists == false"
- name: extract keycloak
unarchive:
src: "/tmp/keycloak.tar.gz"
dest: "/tmp"
owner: root
group: keycloak
remote_src: yes
when: "keycloak_installed.stat.exists == false"
- name: install keycloak into target location
command: "mv /tmp/keycloak-7.0.0 /var/lib/keycloak"
when: "keycloak_installed.stat.exists == false"
- name: fix permissions of keycloak files
file:
name: "/var/lib/keycloak/{{ item }}"
mode: 0600
owner: keycloak
group: keycloak
with_items:
- "standalone/configuration/application-roles.properties"
- "standalone/configuration/application-users.properties"
- "standalone/configuration/logging.properties"
- "standalone/configuration/mgmt-groups.properties"
- "standalone/configuration/mgmt-users.properties"
- name: create keycloak config, data and log directories
file:
name: "/var/lib/keycloak/standalone/{{ item }}"
owner: keycloak
group: keycloak
mode: 0700
state: directory
with_items:
- "configuration"
- "data"
- "log"
- name: create standalone.xml
template:
src: "standalone.xml.j2"
dest: "/var/lib/keycloak/standalone/configuration/standalone.xml"
owner: root
group: keycloak
mode: 0644
notify: restart keycloak
- name: install keycloak systemd unit
template:
src: "keycloak.service.j2"
dest: "/etc/systemd/system/keycloak.service"
- name: start keycloak
systemd:
daemon_reload: yes
name: keycloak
enabled: yes
state: started
[Unit]
Description=The WildFly Application Server
After=network.target
[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
User=keycloak
ExecStart=/var/lib/keycloak/bin/standalone.sh
[Install]
WantedBy=multi-user.target
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment