proxy -> proxy-headers. Also fix the systemd unit reload.

2024-03-29 18:20:27 +01:00 · 2024-03-29 18:20:27 +01:00 · d9f914aff7
parent c90ec14535
commit d9f914aff7
6 changed files with 75 additions and 65 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -16,6 +16,7 @@ keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_di
 keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf'
 keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers'
 keycloak_data_directory: '{{ keycloak_runtime_home }}/data'
 keycloak_quarkus_directory: "{{ keycloak_runtime_home }}/lib/quarkus"
 keycloak_log_directory: '/var/log/keycloak'
 keycloak_service_name: keycloak
 keycloak_optimize_build_at_startup: true
@ -81,7 +82,7 @@ keycloak_admin_user: kadmin
 keycloak_before_nginx: false
 keycloak_before_apache_httpd: false
 keycloak_behind_reverse_proxy: true
-keycloak_reverse_proxy_type: '{% if keycloak_https_enabled %}reencrypt{% else %}edge{% endif %}'
+keycloak_reverse_proxy_type: "xforwarded"
 keycloak_reverse_proxy_infinispan_attach_route: 'true'
 keycloak_cluster: false
--- a/tasks/keycloak-configuration.yml
+++ b/tasks/keycloak-configuration.yml
@ -1,13 +1,13 @@
 ---
- name: Manage the keycloak configuration
+- name: keycloak-configuration | Manage the keycloak configuration
  tags: ['keycloak', 'keycloak_db', 'keycloak_conf']
  block:
-  - name: Install the Keycloak and infinispan configuration files
+    - name: keycloak-configuration | Install the Keycloak and infinispan configuration files
-    ansible.builtin.template:
+      ansible.builtin.template:
-      src: '{{ item }}.j2'
+        src: '{{ item }}.j2'
-      dest: '{{ keycloak_conf_directory }}/{{ item }}'
+        dest: '{{ keycloak_conf_directory }}/{{ item }}'
-      owner: root
+        owner: root
-      group: root
+        group: root
-    loop: '{{ keycloak_configuration_files }}'
+        mode: "0644"
-    notify: Restart Keycloak
+      loop: '{{ keycloak_configuration_files }}'
-
+      notify: Restart Keycloak
  tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
--- a/tasks/keycloak-install.yml
+++ b/tasks/keycloak-install.yml
@ -1,58 +1,67 @@
 ---
- name: Install the keycloak distribution
+- name: keycloak-install | Install the keycloak distribution
  tags: keycloak
  block:
-  - name: Create the keycloak user
+    - name: keycloak-install | Create the keycloak user
-    ansible.builtin.user:
+      ansible.builtin.user:
-      name: '{{ keycloak_user }}'
+        name: '{{ keycloak_user }}'
-      home: '{{ keycloak_install_dir }}'
+        home: '{{ keycloak_install_dir }}'
-      createhome: false
+        createhome: false
-      shell: /usr/sbin/nologin
+        shell: /usr/sbin/nologin
-      system: true
+        system: true
-  - name: Create the keycloak installation directory, if it does not already exist.
+    - name: keycloak-install | Create the keycloak installation directory, if it does not already exist.
-    ansible.builtin.file:
+      ansible.builtin.file:
-      dest: '{{ keycloak_install_dir }}'
+        dest: '{{ keycloak_install_dir }}'
-      owner: root
+        owner: root
-      group: root
+        group: root
-      state: directory
+        state: directory
-      recurse: true
+        recurse: true
-  - name: Create the keycloak log directory
+    - name: keycloak-install | Create the keycloak log directory
-    file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
+      ansible.builtin.file:
        dest: "{{ keycloak_log_directory }}"
        state: directory
        owner: "{{ keycloak_user }}"
        group: "{{ keycloak_user }}"
        mode: '0755'
-  - name: Download the keycloak distribution
+    - name: keycloak-install | Download the keycloak distribution
-    unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root
+      ansible.builtin.unarchive:
-    args:
+        remote_src: true
-      creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
+        src: "{{ keycloak_download_url }}"
        dest: "{{ keycloak_install_dir }}"
        owner: root
        group: root
      args:
        creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
-  - name: Set the permissions of the {{ keycloak_data_directory }} directory 
+    - name: keycloak-install | Set the permissions of {{ keycloak_data_directory }}
-    ansible.builtin.file:
+      ansible.builtin.file:
-      dest: '{{ keycloak_data_directory }}'
+        dest: '{{ keycloak_data_directory }}'
-      state: directory
+        state: directory
-      owner: '{{ keycloak_user }}'
+        owner: '{{ keycloak_user }}'
-      group: '{{ keycloak_user }}'
+        group: '{{ keycloak_user }}'
-      mode: 0750
+        mode: "0750"
-      recurse: true
+        recurse: true
-    tags: [ keycloak, keycloak_data_dir ]
+      tags: [keycloak, keycloak_data_dir]
-  - name: Set the permissions of the {{ keycloak_runtime_home }}/lib/quarkus directory 
+    - name: keycloak-install | Set the permissions of {{ keycloak_quarkus_directory }}
-    ansible.builtin.file:
+      ansible.builtin.file:
-      dest: '{{ keycloak_runtime_home }}/lib/quarkus'
+        dest: "{{ keycloak_quarkus_directory }}"
-      state: directory
+        state: directory
-      owner: '{{ keycloak_user }}'
+        owner: '{{ keycloak_user }}'
-      group: '{{ keycloak_user }}'
+        group: '{{ keycloak_user }}'
-      mode: 0750
+        mode: "0750"
-      recurse: true
+        recurse: true
-    tags: [ keycloak, keycloak_data_dir ]
+      tags: [keycloak, keycloak_data_dir]
  - name: Avatar directory
    ansible.builtin.file:
      dest: '{{ keycloak_external_avatar_dir }}'
      state: directory
      owner: '{{ keycloak_user }}'
      group: '{{ keycloak_user }}'
      mode: 0750
    when: not keycloak_external_avatar_dir_enabled
    - name: keycloak-install | Avatar directory
      ansible.builtin.file:
        dest: '{{ keycloak_external_avatar_dir }}'
        state: directory
        owner: '{{ keycloak_user }}'
        group: '{{ keycloak_user }}'
        mode: "0750"
      when: not keycloak_external_avatar_dir_enabled
--- a/tasks/keycloak-providers.yml
+++ b/tasks/keycloak-providers.yml
@ -1,6 +1,6 @@
 ---
- name: Get the keycloak providers
+- name: keycloak-providers | Get the keycloak providers
-  maven_artifact:
+  community.general.maven_artifactmaven_artifact:
    artifact_id: "{{ item.maven_id }}"
    version: "{{ item.maven_version | default('latest') }}"
    group_id: "{{ item.maven_group_id }}"
@ -8,7 +8,7 @@
    repository_url: "{{ item.maven_repo_url }}"
    dest: "{{ keycloak_providers_directory }}/{{ item.name }}.{{ item.maven_extension | default('jar') }}"
    verify_checksum: always
-    mode: 0644
+    mode: "0644"
  loop: '{{ keycloak_remote_providers }}'
  when: item.maven_extension is not defined or item.maven_extension != "ear"
  notify: Restart Keycloak
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -24,8 +24,8 @@
        group: root
        mode: "0644"
      notify:
        - Restart Keycloak
        - Reload the systemd service
        - Restart Keycloak
    - name: Reload the systemd service
      ansible.builtin.meta: flush_handlers
--- a/templates/keycloak.conf.j2
+++ b/templates/keycloak.conf.j2
@ -31,7 +31,7 @@ https-port={{ keycloak_https_port }}
 {% if keycloak_behind_reverse_proxy %}
 # The proxy address forwarding mode if the server is behind a reverse proxy.
-proxy={{ keycloak_reverse_proxy_type }}
+proxy-headers={{ keycloak_reverse_proxy_type }}
 {% endif %}
 {% if keycloak_set_hostname %}