ansible-role-keycloak/tasks/main.yml

---
- name: Install the keycloak distribution
  block:
  - name: Create the keycloak user
    user: name={{ keycloak_user }} home={{ keycloak_install_dir }} createhome=no shell=/usr/sbin/nologin system=yes

  - name: Create the keycloak installation directory, if it does not already exist.
    file: dest={{ keycloak_install_dir }} owner=root group=root state=directory recurse=yes

  - name: Download the keycloak distribution
    unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root
    args:
      creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'

  - name: Create the keycloak log directory
    file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'

  - name: Fix the permissions of some keycloak directories
    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/{{ item }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0750' recurse=yes
    with_items: '{{ keycloak_owned_directories }}'

  - name: Remove the log directory inside the keycloak distribution
    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent

  - name: Remove the log directory inside the keycloak distribution
    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent

  - name: Link to the external log directory
    file: src={{ keycloak_log_directory }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=link

  tags: keycloak

- name: Manage the keycloak external DB driver
  block:
  - name: Create the path to the DB driver
    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main state=directory

  - name: Get the JDBC driver
    get_url: url={{ keycloak_jdbc_driver_url }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/{{ keycloak_jdbc_driver }} owner=root group=root mode=0444
    notify: Restart Keycloak

  - name: Install the JDBC module configuration
    template: src=jdbc-module.xml.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/module.xml owner=root group=root mode=0444
    notify: Restart Keycloak

  when: keycloak_use_external_db
  tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]

- name: Manage the keycloak configuration
  block:
  - name: Install the standalone configuration files
    template: src={{ item }}.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/standalone/configuration/{{ item }} owner=root group={{ keycloak_user }} mode='0440'
    with_items:
      - standalone.xml
      - standalone-ha.xml
    notify: Restart Keycloak

  - name: Create the admin user
    shell: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/bin/add-user-keycloak.sh -u {{ keycloak_admin_user }} -p {{ keycloak_admin_password }} && chown {{ keycloak_user }} {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json && chmod 600 {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
    args:
      creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
    notify: Restart Keycloak
    tags: [ 'keycloak', 'keycloak_user', 'keycloak_conf' ]

  tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]

- name: Manage the keycloak service
  block:
  - name: Install the keycloak systemd unit
    template: src=keycloak.service.j2 dest=/etc/systemd/system/keycloak.service owner=root group=root mode=0644
    notify: Restart Keycloak
    register: keycloak_unit

  - name: Reload systemd
    systemd:
        daemon_reload: yes
    when: keycloak_unit is changed

  - name: ensure that the keycloak service is running and enabled
    service: name=keycloak state=started enabled=yes

  tags: [ 'keycloak', 'keycloak_service', 'keycloak_conf' ]