mauro.mugnaini
/
ansible-role-keycloak
forked from ISTI-ansible-roles/ansible-role-keycloak
1
0
Fork 0
Code Pull Requests Activity
ansible-role-keycloak/tasks/keycloak-certificates.yml

67 lines
2.4 KiB
YAML
Raw Permalink Blame History

---
- name: keycloak-certificates | TLS certificates management with Letsencrypt
when:
- keycloak_letsencrypt_certs
- letsencrypt_acme_install
tags: ['keycloak', 'keycloak_baremetal', 'keycloak_letsencrypt']
block:
- name: keycloak-certificates | Create the acme hooks directory if it does not yet exist
ansible.builtin.file:
dest: '{{ letsencrypt_acme_services_scripts_dir }}'
state: directory
owner: root
group: root
mode: "0755"
- name: keycloak-certificates | Copy the key file where keycloak expects it
ansible.builtin.copy:
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey'
dest: '{{ keycloak_conf_directory }}/server.key.pem'
owner: root
group: '{{ keycloak_user }}'
mode: "0640"
remote_src: true
notify: Restart Keycloak
- name: keycloak-certificates | Copy the certificate file where keycloak expects it
ansible.builtin.copy:
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain'
dest: '{{ keycloak_conf_directory }}/server.crt.pem'
owner: root
group: '{{ keycloak_user }}'
mode: "0640"
remote_src: true
notify: Restart Keycloak
- name: keycloak-certificates | Install a script that updates the certificates upon renewal
ansible.builtin.template:
src: keycloak-letsencrypt-hook.j2
dest: '{{ letsencrypt_acme_services_scripts_dir }}/keycloak'
owner: root
group: root
mode: "4555"
- name: keycloak-certificates | TLS certificates management without Letsencrypt
when: not keycloak_letsencrypt_certs
tags: ['keycloak', 'keycloak_baremetal', 'keycloak_letsencrypt']
block:
- name: keycloak-certificates | Copy the key file where keycloak expects it
ansible.builtin.copy:
src: '{{ keycloak_source_cert_key }}'
dest: '{{ keycloak_conf_directory }}/server.key.pem'
owner: root
group: '{{ keycloak_user }}'
mode: "0640"
remote_src: true
notify: Restart Keycloak
- name: keycloak-certificates | Copy the certificate file where keycloak expects it
ansible.builtin.copy:
src: '{{ keycloak_source_cert_file }}'
dest: '{{ keycloak_conf_directory }}/server.crt.pem'
owner: root
group: '{{ keycloak_user }}'
mode: "0640"
remote_src: true
notify: Restart Keycloak
View Git Blame Copy Permalink