diff --git a/README.md b/README.md index 162a556..02ef98c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ Role Name ========= -A role that installs the Keycloack IdM +A role that installs the keycloak IdM Role Variables -------------- @@ -9,17 +9,17 @@ Role Variables The most important variables are listed below: ``` yaml -keycloack_major_version: '10' -keycloack_minor_version: '0' -keycloack_point_version: '2' -keycloack_install_dir: '/opt/keycloack' -keycloack_log_directory: '/var/log/keycloack' +keycloak_major_version: '10' +keycloak_minor_version: '0' +keycloak_point_version: '2' +keycloak_install_dir: '/opt/keycloak' +keycloak_log_directory: '/var/log/keycloak' # domain clustered mode is not supported at this time -keycloack_wildfly_mode: 'standalone' -keycloack_wildfly_clustered: False -keycloack_listen: '127.0.0.1' -keycloack_java_min_heap: '2048m' -keycloack_java_max_heap: '{{ keycloack_java_min_heap }}' +keycloak_wildfly_mode: 'standalone' +keycloak_wildfly_clustered: False +keycloak_listen: '127.0.0.1' +keycloak_java_min_heap: '2048m' +keycloak_java_max_heap: '{{ keycloak_java_min_heap }}' ``` Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index 6d05f3d..33b7aa7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,12 +1,26 @@ --- -keycloack_major_version: '10' -keycloack_minor_version: '0' -keycloack_point_version: '2' -keycloack_install_dir: '/opt/keycloack' -keycloack_log_directory: '/var/log/keycloack' +keycloak_major_version: '10' +keycloak_minor_version: '0' +keycloak_point_version: '2' +keycloak_install_dir: '/opt/keycloak' +keycloak_log_directory: '/var/log/keycloak' # domain clustered mode is not supported at this time -keycloack_wildfly_mode: 'standalone' -keycloack_wildfly_clustered: False -keycloack_listen: '127.0.0.1' -keycloack_java_min_heap: '2048m' -keycloack_java_max_heap: '{{ keycloack_java_min_heap }}' +keycloak_wildfly_mode: 'standalone' +keycloak_wildfly_clustered: False +keycloak_listen: '127.0.0.1' +keycloak_java_min_heap: '2048m' +keycloak_java_max_heap: '{{ keycloak_java_min_heap }}' + +keycloak_use_external_db: True +keycloak_db: 'postgresql' +keycloak_db_module_name: 'org.{{ keycloak_db }}' +keycloak_db_module_path: 'org/{{ keycloak_db }}' +keycloak_db_class_name: '{{ keycloak_module_name }}.xa.PGXADataSource' +keycloak_jdbc_driver_version: '42.2.14' +keycloak_jdbc_driver: 'postgresql-{{ keycloak_jdbc_driver_version }}.jar' +keycloak_jdbc_driver_url: 'https://jdbc.postgresql.org/download/{{ keycloak_jdbc_driver }}' +keycloak_database_name: keycloak +keycloak_database_user: keycloak_u +#keycloak_database_password: 'define it into a vault file' +keycloak_database_host: 'localhost' +keycloak_database_max_pool_size: '50' diff --git a/handlers/main.yml b/handlers/main.yml index 27474e0..80714ed 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,2 +1,3 @@ --- -# handlers file for ansible-role-template \ No newline at end of file +- name: Restart Keycloak + service: name=keycloak state=restarted diff --git a/tasks/main.yml b/tasks/main.yml index cca8d58..89dd1da 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,48 +1,78 @@ --- -- name: Install the Keycloack distribution +- name: Install the keycloak distribution block: - - name: Create the keycloack user - user: name={{ keycloack_user }} home={{ keycloack_install_dir }} createhome=no shell=/usr/sbin/nologin system=yes + - name: Create the keycloak user + user: name={{ keycloak_user }} home={{ keycloak_install_dir }} createhome=no shell=/usr/sbin/nologin system=yes - - name: Create the keycloack installation directory, if it does not already exist. - file: dest={{ keycloack_install_dir }} owner=root group=root state=directory recurse=yes + - name: Create the keycloak installation directory, if it does not already exist. + file: dest={{ keycloak_install_dir }} owner=root group=root state=directory recurse=yes - - name: Download the Keycloack distribution - unarchive: remote_src=yes src={{ keycloack_download_url }} dest={{ keycloack_install_dir }} owner=root group=root + - name: Download the keycloak distribution + unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root args: - creates: '{{ keycloack_install_dir }}/{{ keycloack_distribution }}' + creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}' - - name: Create the Keycloack log directory - file: dest={{ keycloack_log_directory }} state=directory owner={{ keycloack_user }} group={{ keycloack_user }} mode='0755' + - name: Create the keycloak log directory + file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755' - - name: Fix the permissions of some Keycloack directories - file: dest={{ keycloack_install_dir }}/{{ keycloack_distribution }}/{{ keycloack_wildfly_mode }}/{{ item }} state=directory owner={{ keycloack_user }} group={{ keycloack_user }} mode='0755' - with_items: '{{ keycloack_owned_directories }}' + - name: Fix the permissions of some keycloak directories + file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/{{ item }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755' recurse=yes + with_items: '{{ keycloak_owned_directories }}' - - name: Remove the log directory inside the Keycloack distribution - file: dest={{ keycloack_install_dir }}/{{ keycloack_distribution }}/{{ keycloack_wildfly_mode }}/log state=absent + - name: Remove the log directory inside the keycloak distribution + file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent - - name: Remove the log directory inside the Keycloack distribution - file: dest={{ keycloack_install_dir }}/{{ keycloack_distribution }}/{{ keycloack_wildfly_mode }}/log state=absent + - name: Remove the log directory inside the keycloak distribution + file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent - name: Link to the external log directory - file: src={{ keycloack_log_directory }} dest={{ keycloack_install_dir }}/{{ keycloack_distribution }}/{{ keycloack_wildfly_mode }}/log state=link + file: src={{ keycloak_log_directory }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=link - tags: keycloack + tags: keycloak -- name: Manage the Keycloack installation +- name: Manage the keycloak external DB driver block: - - name: Install the keycloack systemd unit - template: src=keycloack.service.j2 dest=/etc/systemd/system/keycloack.service owner=root group=root mode=0644 - register: keycloack_unit + - name: Create the path to the DB driver + file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main state=directory + + - name: Get the JDBC driver + get_url: url='{{ keycloak_jdbc_driver_url }}' dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/{{ keycloak_jdbc_driver }} owner=root group=root mode=0444 + args: + creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/{{ keycloak_jdbc_driver }}' + notify: Restart keycloak + + - name: Install the JDBC module configuration + template: src=jdbc-module.xml.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/module.xml owner=root group=root mode=0444 + notify: Restart keycloak + + when: keycloak_use_external_db + tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ] + +- name: Manage the keycloak configuration + block: + - name: Install the standalone configuration files + template: src={{ item }}.j2 dest=dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/standalone/configuration/{{ item }} owner=root group={{ keycloak_user }} mode='0440' + with_items: + - standalone.xml + - standalone-ha.xml + notify: Restart keycloak + + tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ] + +- name: Manage the keycloak service + block: + - name: Install the keycloak systemd unit + template: src=keycloak.service.j2 dest=/etc/systemd/system/keycloak.service owner=root group=root mode=0644 + notify: Restart keycloak + register: keycloak_unit - name: Reload systemd systemd: daemon_reload: yes - when: keycloack_unit is changed + when: keycloak_unit is changed - tags: keycloack + - name: ensure that the keycloak service is running and enabled + service: name=keycloak state=started enabled=yes + + tags: [ 'keycloak', 'keycloak_service', 'keycloak_conf' ] -# Install the standalone.xml file with the db configuration -# Install the JDBC driver -# Ensure that the service il started diff --git a/templates/jdbc-module.xml.j2 b/templates/jdbc-module.xml.j2 new file mode 100644 index 0000000..cf5d2d0 --- /dev/null +++ b/templates/jdbc-module.xml.j2 @@ -0,0 +1,12 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/templates/keycloack.service.j2 b/templates/keycloack.service.j2 deleted file mode 100644 index 5f3cde8..0000000 --- a/templates/keycloack.service.j2 +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Keycloack Application Server -After=network.target - -[Service] -Type=idle -Environment=JBOSS_HOME={{ keycloack_runtime_home }} -Environment=JBOSS_LOG_DIR={{ keycloack_log_directory }} -Environment="JAVA_OPTS=-Xms{{ keycloack_java_min_heap }} -Xmx{{ keycloack_java_max_heap }}" -User={{ keycloack_user }} -Group={{ keycloack_user }} -ExecStart={{ keycloack_runtime_home }}/bin/standalone.sh -b {{ keycloack_listen }} {% if keycloack_wildfly_clustered %} --server-config=standalone-ha.xml{% endif %} -TimeoutStartSec=600 -TimeoutStopSec=600 - -[Install] -WantedBy=multi-user.target diff --git a/templates/keycloak.service.j2 b/templates/keycloak.service.j2 new file mode 100644 index 0000000..479e9fc --- /dev/null +++ b/templates/keycloak.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=Keycloak Application Server +After=network.target + +[Service] +Type=idle +Environment=JBOSS_HOME={{ keycloak_runtime_home }} +Environment=JBOSS_LOG_DIR={{ keycloak_log_directory }} +Environment="JAVA_OPTS=-Xms{{ keycloak_java_min_heap }} -Xmx{{ keycloak_java_max_heap }}" +User={{ keycloak_user }} +Group={{ keycloak_user }} +ExecStart={{ keycloak_runtime_home }}/bin/standalone.sh -b {{ keycloak_listen }} {% if keycloak_wildfly_clustered %} --server-config=standalone-ha.xml{% endif %} +TimeoutStartSec=600 +TimeoutStopSec=600 + +[Install] +WantedBy=multi-user.target diff --git a/templates/standalone-ha.xml.j2 b/templates/standalone-ha.xml.j2 new file mode 100644 index 0000000..249369f --- /dev/null +++ b/templates/standalone-ha.xml.j2 @@ -0,0 +1,679 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE + h2 + + sa + sa + + + {% if keycloak_use_external_db %} + + jdbc:{{ keycloak_db }}://{{ keycloak_database_host }}/{{ keycloak_database_name }} + {{ keycloak_db }} + + {{ keycloak_database_max_pool_size }} + + + + {{ keycloak_database_user }} + {{ keycloak_database_password }} + + + {% else %} + + jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE + h2 + + sa + sa + + + {% endif %} + + {% if keycloak_use_external_db %} + + {{ keycloak_db_class_name }} + + {% else %} + + org.h2.jdbcx.JdbcDataSource + + {% endif %} + + + + + + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + auth + + classpath:${jboss.home.dir}/providers/* + + master + 900 + + 2592000 + true + true + ${jboss.home.dir}/themes + + + + + + + + + + + + + jpa + + + basic + + + + + + + + + + + + + + + + + + + default + + + + + + + + ${keycloak.jta.lookup.provider:jboss} + + + + + + + + + + + ${keycloak.x509cert.lookup.provider:default} + + + + default + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/templates/standalone.xml.j2 b/templates/standalone.xml.j2 new file mode 100644 index 0000000..6ca569b --- /dev/null +++ b/templates/standalone.xml.j2 @@ -0,0 +1,618 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE + h2 + + sa + sa + + + {% if keycloak_use_external_db %} + + jdbc:{{ keycloak_db }}://{{ keycloak_database_host }}/{{ keycloak_database_name }} + {{ keycloak_db }} + + {{ keycloak_database_max_pool_size }} + + + + {{ keycloak_database_user }} + {{ keycloak_database_password }} + + + {% else %} + + jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE + h2 + + sa + sa + + + {% endif %} + + {% if keycloak_use_external_db %} + + {{ keycloak_db_class_name }} + + {% else %} + + org.h2.jdbcx.JdbcDataSource + + {% endif %} + + + + + + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + auth + + classpath:${jboss.home.dir}/providers/* + + master + 900 + + 2592000 + true + true + ${jboss.home.dir}/themes + + + + + + + + + + + + + jpa + + + basic + + + + + + + + + + + + + + + + + + + default + + + + + + + + ${keycloak.jta.lookup.provider:jboss} + + + + + + + + + + + ${keycloak.x509cert.lookup.provider:default} + + + + default + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/vars/main.yml b/vars/main.yml index 76116d7..fc71b3e 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -3,12 +3,12 @@ openjdk_pkgs: - jre - jdk -keycloack_user: 'keycloack' -keycloack_version: '{{ keycloack_major_version }}.{{ keycloack_minor_version }}.{{ keycloack_point_version }}' -keycloack_distribution: 'keycloak-{{ keycloack_version }}' -keycloack_distribution_archive: '{{ keycloack_distribution }}.tar.gz' -keycloack_download_url: 'https://downloads.jboss.org/keycloak/{{ keycloack_version }}/{{ keycloack_distribution_archive }}' -keycloack_runtime_home: '{{ keycloack_install_dir }}/{{ keycloack_distribution }}' -keycloack_owned_directories: +keycloak_user: 'keycloak' +keycloak_version: '{{ keycloak_major_version }}.{{ keycloak_minor_version }}.{{ keycloak_point_version }}' +keycloak_distribution: 'keycloak-{{ keycloak_version }}' +keycloak_distribution_archive: '{{ keycloak_distribution }}.tar.gz' +keycloak_download_url: 'https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_distribution_archive }}' +keycloak_runtime_home: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}' +keycloak_owned_directories: - data - tmp