ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-07-29 08:01:33 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

#190: remove keycloak_quarkus_admin_user[_pass] once keycloak is bootstrapped

Browse source
This commit is contained in:
Helmut Wolf 2024-04-19 08:14:58 +02:00
commit 289b4767e0
8 changed files with 59 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
roles/keycloak_quarkus/tasks/bootstrapped.yml Normal file
View file

@ -0,0 +1,16 @@
---
- name: Write ansible custom facts
become: true
ansible.builtin.template:
src: keycloak.fact.j2
dest: /etc/ansible/facts.d/keycloak.fact
mode: '0644'
vars:
bootstrapped: true
- name: Re-read custom facts
ansible.builtin.setup:
filter: ansible_local
- name: Ensure that `KEYCLOAK_ADMIN[_PASSWORD]` get purged
ansible.builtin.include_tasks: systemd.yml

7
roles/keycloak_quarkus/tasks/install.yml
View file

@ -33,6 +33,13 @@
group: "{{ keycloak.service_group }}"
mode: '0750'
- name: Create directory for ansible custom facts
become: true
ansible.builtin.file:
state: directory
recurse: true
path: /etc/ansible/facts.d
## check remote archive
- name: Set download archive path
ansible.builtin.set_fact:

23
roles/keycloak_quarkus/tasks/main.yml
View file

@ -96,11 +96,6 @@
- name: "Start and wait for keycloak service"
ansible.builtin.include_tasks: start.yml
- name: Check service status
ansible.builtin.command: "systemctl status keycloak"
register: keycloak_service_status
changed_when: false
- name: Link default logs directory
ansible.builtin.file:
state: link
@ -108,3 +103,21 @@
dest: "{{ keycloak_quarkus_log_target }}"
force: true
become: true
- name: Check service status
ansible.builtin.systemd_service:
name: "{{ keycloak.service_name }}"
register: keycloak_service_status
changed_when: false
- name: "Trigger bootstrapped notification: remove `keycloak_quarkus_admin_user[_pass]` env vars"
when:
- not ansible_local.keycloak.general.bootstrapped | default(false) | bool # it was not bootstrapped prior to the current role's execution
- keycloak_service_status.status.ActiveState == "active" # but it is now
ansible.builtin.assert: { that: true, quiet: true }
changed_when: true
notify:
- bootstrapped
- name: Flush pending handlers
ansible.builtin.meta: flush_handlers