proxy -> proxy-headers. Also fix the systemd unit reload.
This commit is contained in:
parent
c90ec14535
commit
d9f914aff7
GPG Key ID:
147ABE6CEB9E20FF
|
|
@ -16,6 +16,7 @@ keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_di
|
|||
keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf'
|
||||
keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers'
|
||||
keycloak_data_directory: '{{ keycloak_runtime_home }}/data'
|
||||
keycloak_quarkus_directory: "{{ keycloak_runtime_home }}/lib/quarkus"
|
||||
keycloak_log_directory: '/var/log/keycloak'
|
||||
keycloak_service_name: keycloak
|
||||
keycloak_optimize_build_at_startup: true
|
||||
|
|
@ -81,7 +82,7 @@ keycloak_admin_user: kadmin
|
|||
keycloak_before_nginx: false
|
||||
keycloak_before_apache_httpd: false
|
||||
keycloak_behind_reverse_proxy: true
|
||||
keycloak_reverse_proxy_type: '{% if keycloak_https_enabled %}reencrypt{% else %}edge{% endif %}'
|
||||
keycloak_reverse_proxy_type: "xforwarded"
|
||||
keycloak_reverse_proxy_infinispan_attach_route: 'true'
|
||||
|
||||
keycloak_cluster: false
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
---
|
||||
- name: Manage the keycloak configuration
|
||||
- name: keycloak-configuration | Manage the keycloak configuration
|
||||
tags: ['keycloak', 'keycloak_db', 'keycloak_conf']
|
||||
block:
|
||||
- name: Install the Keycloak and infinispan configuration files
|
||||
ansible.builtin.template:
|
||||
src: '{{ item }}.j2'
|
||||
dest: '{{ keycloak_conf_directory }}/{{ item }}'
|
||||
owner: root
|
||||
group: root
|
||||
loop: '{{ keycloak_configuration_files }}'
|
||||
notify: Restart Keycloak
|
||||
|
||||
tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
|
||||
- name: keycloak-configuration | Install the Keycloak and infinispan configuration files
|
||||
ansible.builtin.template:
|
||||
src: '{{ item }}.j2'
|
||||
dest: '{{ keycloak_conf_directory }}/{{ item }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
loop: '{{ keycloak_configuration_files }}'
|
||||
notify: Restart Keycloak
|
||||
|
|
|
|||
|
|
@ -1,58 +1,67 @@
|
|||
---
|
||||
- name: Install the keycloak distribution
|
||||
- name: keycloak-install | Install the keycloak distribution
|
||||
tags: keycloak
|
||||
block:
|
||||
- name: Create the keycloak user
|
||||
ansible.builtin.user:
|
||||
name: '{{ keycloak_user }}'
|
||||
home: '{{ keycloak_install_dir }}'
|
||||
createhome: false
|
||||
shell: /usr/sbin/nologin
|
||||
system: true
|
||||
- name: keycloak-install | Create the keycloak user
|
||||
ansible.builtin.user:
|
||||
name: '{{ keycloak_user }}'
|
||||
home: '{{ keycloak_install_dir }}'
|
||||
createhome: false
|
||||
shell: /usr/sbin/nologin
|
||||
system: true
|
||||
|
||||
- name: Create the keycloak installation directory, if it does not already exist.
|
||||
ansible.builtin.file:
|
||||
dest: '{{ keycloak_install_dir }}'
|
||||
owner: root
|
||||
group: root
|
||||
state: directory
|
||||
recurse: true
|
||||
- name: keycloak-install | Create the keycloak installation directory, if it does not already exist.
|
||||
ansible.builtin.file:
|
||||
dest: '{{ keycloak_install_dir }}'
|
||||
owner: root
|
||||
group: root
|
||||
state: directory
|
||||
recurse: true
|
||||
|
||||
- name: Create the keycloak log directory
|
||||
file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
|
||||
- name: keycloak-install | Create the keycloak log directory
|
||||
ansible.builtin.file:
|
||||
dest: "{{ keycloak_log_directory }}"
|
||||
state: directory
|
||||
owner: "{{ keycloak_user }}"
|
||||
group: "{{ keycloak_user }}"
|
||||
mode: '0755'
|
||||
|
||||
- name: Download the keycloak distribution
|
||||
unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root
|
||||
args:
|
||||
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
|
||||
- name: keycloak-install | Download the keycloak distribution
|
||||
ansible.builtin.unarchive:
|
||||
remote_src: true
|
||||
src: "{{ keycloak_download_url }}"
|
||||
dest: "{{ keycloak_install_dir }}"
|
||||
owner: root
|
||||
group: root
|
||||
args:
|
||||
creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
|
||||
|
||||
- name: Set the permissions of the {{ keycloak_data_directory }} directory
|
||||
ansible.builtin.file:
|
||||
dest: '{{ keycloak_data_directory }}'
|
||||
state: directory
|
||||
owner: '{{ keycloak_user }}'
|
||||
group: '{{ keycloak_user }}'
|
||||
mode: 0750
|
||||
recurse: true
|
||||
tags: [ keycloak, keycloak_data_dir ]
|
||||
- name: keycloak-install | Set the permissions of {{ keycloak_data_directory }}
|
||||
ansible.builtin.file:
|
||||
dest: '{{ keycloak_data_directory }}'
|
||||
state: directory
|
||||
owner: '{{ keycloak_user }}'
|
||||
group: '{{ keycloak_user }}'
|
||||
mode: "0750"
|
||||
recurse: true
|
||||
tags: [keycloak, keycloak_data_dir]
|
||||
|
||||
|
||||
- name: Set the permissions of the {{ keycloak_runtime_home }}/lib/quarkus directory
|
||||
ansible.builtin.file:
|
||||
dest: '{{ keycloak_runtime_home }}/lib/quarkus'
|
||||
state: directory
|
||||
owner: '{{ keycloak_user }}'
|
||||
group: '{{ keycloak_user }}'
|
||||
mode: 0750
|
||||
recurse: true
|
||||
tags: [ keycloak, keycloak_data_dir ]
|
||||
|
||||
- name: Avatar directory
|
||||
ansible.builtin.file:
|
||||
dest: '{{ keycloak_external_avatar_dir }}'
|
||||
state: directory
|
||||
owner: '{{ keycloak_user }}'
|
||||
group: '{{ keycloak_user }}'
|
||||
mode: 0750
|
||||
when: not keycloak_external_avatar_dir_enabled
|
||||
- name: keycloak-install | Set the permissions of {{ keycloak_quarkus_directory }}
|
||||
ansible.builtin.file:
|
||||
dest: "{{ keycloak_quarkus_directory }}"
|
||||
state: directory
|
||||
owner: '{{ keycloak_user }}'
|
||||
group: '{{ keycloak_user }}'
|
||||
mode: "0750"
|
||||
recurse: true
|
||||
tags: [keycloak, keycloak_data_dir]
|
||||
|
||||
- name: keycloak-install | Avatar directory
|
||||
ansible.builtin.file:
|
||||
dest: '{{ keycloak_external_avatar_dir }}'
|
||||
state: directory
|
||||
owner: '{{ keycloak_user }}'
|
||||
group: '{{ keycloak_user }}'
|
||||
mode: "0750"
|
||||
when: not keycloak_external_avatar_dir_enabled
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: Get the keycloak providers
|
||||
maven_artifact:
|
||||
- name: keycloak-providers | Get the keycloak providers
|
||||
community.general.maven_artifactmaven_artifact:
|
||||
artifact_id: "{{ item.maven_id }}"
|
||||
version: "{{ item.maven_version | default('latest') }}"
|
||||
group_id: "{{ item.maven_group_id }}"
|
||||
|
|
@ -8,7 +8,7 @@
|
|||
repository_url: "{{ item.maven_repo_url }}"
|
||||
dest: "{{ keycloak_providers_directory }}/{{ item.name }}.{{ item.maven_extension | default('jar') }}"
|
||||
verify_checksum: always
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
loop: '{{ keycloak_remote_providers }}'
|
||||
when: item.maven_extension is not defined or item.maven_extension != "ear"
|
||||
notify: Restart Keycloak
|
||||
|
|
|
|||
|
|
@ -24,8 +24,8 @@
|
|||
group: root
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Restart Keycloak
|
||||
- Reload the systemd service
|
||||
- Restart Keycloak
|
||||
|
||||
- name: Reload the systemd service
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ https-port={{ keycloak_https_port }}
|
|||
|
||||
{% if keycloak_behind_reverse_proxy %}
|
||||
# The proxy address forwarding mode if the server is behind a reverse proxy.
|
||||
proxy={{ keycloak_reverse_proxy_type }}
|
||||
proxy-headers={{ keycloak_reverse_proxy_type }}
|
||||
{% endif %}
|
||||
|
||||
{% if keycloak_set_hostname %}
|
||||
|
|
|
|||
Loading…
Reference in New Issue