2022-09-23 13:52:06 +02:00
|
|
|
---
|
|
|
|
- name: TLS certificates management with Letsencrypt
|
|
|
|
block:
|
|
|
|
- name: Create the acme hooks directory if it does not yet exist
|
|
|
|
file:
|
|
|
|
dest: '{{ letsencrypt_acme_services_scripts_dir }}'
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
|
|
|
|
- name: Copy the key file where keycloak expects it
|
|
|
|
copy:
|
|
|
|
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey'
|
|
|
|
dest: '{{ keycloak_conf_directory }}/server.key.pem'
|
|
|
|
owner: root
|
2022-09-24 18:23:27 +02:00
|
|
|
group: '{{ keycloak_user }}'
|
2022-09-23 13:52:06 +02:00
|
|
|
mode: 0640
|
|
|
|
remote_src: true
|
2022-09-24 18:26:21 +02:00
|
|
|
notify: Restart Keycloak
|
2022-09-23 13:52:06 +02:00
|
|
|
|
|
|
|
- name: Copy the certificate file where keycloak expects it
|
|
|
|
copy:
|
|
|
|
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain'
|
|
|
|
dest: '{{ keycloak_conf_directory }}/server.crt.pem'
|
|
|
|
owner: root
|
2022-09-24 18:23:27 +02:00
|
|
|
group: '{{ keycloak_user }}'
|
2022-09-23 13:52:06 +02:00
|
|
|
mode: 0640
|
|
|
|
remote_src: true
|
2022-09-24 18:26:21 +02:00
|
|
|
notify: Restart Keycloak
|
2022-09-23 13:52:06 +02:00
|
|
|
|
|
|
|
- name: Install a script that updates the certificates upon renewal
|
|
|
|
template:
|
|
|
|
src: keycloak-letsencrypt-hook.j2
|
|
|
|
dest: '{{ letsencrypt_acme_services_scripts_dir }}/keycloak'
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 4555
|
|
|
|
|
|
|
|
when:
|
|
|
|
- keycloak_letsencrypt_certs
|
|
|
|
- letsencrypt_acme_install
|
|
|
|
tags: ['keycloak', 'keycloak_baremetal', 'keycloak_letsencrypt']
|