2024-02-16 21:04:01 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: Check parameters
|
|
|
|
ansible.builtin.assert:
|
|
|
|
that:
|
2024-02-17 11:00:06 +02:00
|
|
|
- keycloak.podman.user is defined
|
|
|
|
- keycloak.db.password is defined
|
2024-02-16 21:04:01 +02:00
|
|
|
|
|
|
|
- name: Create PostgreSQL database
|
2024-02-17 11:00:06 +02:00
|
|
|
ansible.builtin.include_tasks: create_postgres_db.yml
|
2024-02-16 21:04:01 +02:00
|
|
|
vars:
|
2024-02-17 11:00:06 +02:00
|
|
|
user: "{{ keycloak.db.user }}"
|
|
|
|
database: "{{ keycloak.db.database }}"
|
|
|
|
password: "{{ keycloak.db.password }}"
|
|
|
|
access_host: "{{ keycloak.db.access_host | default(omit) }}"
|
2024-02-16 22:34:58 +02:00
|
|
|
args:
|
|
|
|
apply:
|
2024-02-17 11:00:06 +02:00
|
|
|
delegate_to: "{{ keycloak.db.ansible_host | default(omit) }}"
|
2024-02-16 21:04:01 +02:00
|
|
|
|
|
|
|
- name: Set up container user
|
2024-02-17 11:00:06 +02:00
|
|
|
ansible.builtin.include_role:
|
2024-02-16 21:04:01 +02:00
|
|
|
name: container-user
|
|
|
|
vars:
|
2024-02-17 11:00:06 +02:00
|
|
|
user: "{{ keycloak.podman.user }}"
|
|
|
|
home: "{{ keycloak.podman.home | default(omit) }}"
|
|
|
|
uid: "{{ keycloak.podman.uid | default(omit) }}"
|
2024-02-16 21:04:01 +02:00
|
|
|
|
|
|
|
- name: Create data directories
|
|
|
|
ansible.builtin.file:
|
|
|
|
state: directory
|
|
|
|
path: "{{ item }}"
|
|
|
|
with_items:
|
2024-02-17 11:00:06 +02:00
|
|
|
- "{{ keycloak.datadir }}/keystore/"
|
2024-02-16 21:04:01 +02:00
|
|
|
|
|
|
|
- name: Upload unit files
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: units/sso-keycloak.container.j2
|
|
|
|
dest: ~/.config/containers/systemd/sso-keycloak.container
|
|
|
|
become: true
|
2024-02-17 11:00:06 +02:00
|
|
|
become_user: "{{ keycloak.podman.user }}"
|
|
|
|
|
|
|
|
- name: Set up podman secrets
|
|
|
|
containers.podman.podman_secret:
|
|
|
|
name: "{{ item.key }}"
|
|
|
|
data: "{{ item.value }}"
|
|
|
|
state: present
|
|
|
|
skip_existing: false
|
|
|
|
force: true
|
|
|
|
vars:
|
|
|
|
secrets:
|
|
|
|
keycloak-admin-user: "{{ keycloak.admin.user }}"
|
|
|
|
keycloak-admin-password: "{{ keycloak.admin.password }}"
|
|
|
|
keycloak-db-host: "{{ keycloak.db.host }}"
|
|
|
|
keycloak-db-name: "{{ keycloak.db.database }}"
|
|
|
|
keycloak-db-user: "{{ keycloak.db.user }}"
|
|
|
|
keycloak-db-password: "{{ keycloak.db.password }}"
|
|
|
|
with_dict: "{{ secrets }}"
|
|
|
|
no_log: true # Secret values
|
2024-02-16 21:04:01 +02:00
|
|
|
|
2024-02-17 11:00:06 +02:00
|
|
|
become: true
|
|
|
|
become_user: "{{ keycloak.podman.user }}"
|
2024-02-16 21:04:01 +02:00
|
|
|
|
|
|
|
# Note: enabled in the unit file
|
|
|
|
- name: Start Keycloak
|
|
|
|
ansible.builtin.systemd_service:
|
|
|
|
scope: user
|
|
|
|
service: sso-keycloak.service
|
|
|
|
daemon_reload: true
|
|
|
|
state: started
|
|
|
|
become: true
|
2024-02-17 11:00:06 +02:00
|
|
|
become_user: "{{ keycloak.podman.user }}"
|
|
|
|
|
|
|
|
- name: Set up reverse proxy
|
|
|
|
ansible.builtin.include_tasks: create_vhost.yml
|
|
|
|
vars:
|
|
|
|
external_url: "{{ keycloak.reverse_proxy.external_url }}"
|
|
|
|
proxy_url: "{{ keycloak.reverse_proxy.proxy_url }}"
|
|
|
|
app_name: "{{ keycloak.reverse_proxy.app_name | default('keycloak') }}"
|
|
|
|
tls: "{{ keycloak.reverse_proxy.tls | default(omit) }}"
|
|
|
|
args:
|
|
|
|
apply:
|
|
|
|
delegate_to: "{{ keycloak.reverse_proxy.ansible_host | default(omit) }}"
|