mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2025-04-06 10:50:31 -07:00
#190: remove keycloak_quarkus_admin_user[_pass] once keycloak is bootstrapped
This commit is contained in:
Helmut Wolf
parent
9a961f743b
commit
289b4767e0
8 changed files with 59 additions and 6 deletions
|
|
@ -152,6 +152,14 @@ Role Variables
|
||||||
|`keycloak_quarkus_admin_url`| Base URL for accessing the administration console, including scheme, host, port and path | `no` |
|
|`keycloak_quarkus_admin_url`| Base URL for accessing the administration console, including scheme, host, port and path | `no` |
|
||||||
|`keycloak_quarkus_ks_vault_pass`| The password for accessing the keystore vault SPI | `no` |
|
|`keycloak_quarkus_ks_vault_pass`| The password for accessing the keystore vault SPI | `no` |
|
||||||
|
|
||||||
|
Role custom facts
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
The role uses the following [custom facts](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html#adding-custom-facts) found in `/etc/ansible/facts.d/keycloak.fact` (and thus identified by the `ansible_local.keycloak.` prefix):
|
||||||
|
|
||||||
|
| Variable | Description |
|
||||||
|
|:---------|:------------|
|
||||||
|
|`general.bootstrapped` | A custom fact indicating whether this role has been used for bootstrapping keycloak on the respective host before; set to `false` (e.g., when starting off with a new, empty database) ensures that the initial admin user as defined by `keycloak_quarkus_admin_user[_pass]` gets created |
|
||||||
|
|
||||||
License
|
License
|
||||||
-------
|
-------
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,9 @@
|
||||||
- name: "Rebuild {{ keycloak.service_name }} config"
|
- name: "Rebuild {{ keycloak.service_name }} config"
|
||||||
ansible.builtin.include_tasks: rebuild_config.yml
|
ansible.builtin.include_tasks: rebuild_config.yml
|
||||||
listen: "rebuild keycloak config"
|
listen: "rebuild keycloak config"
|
||||||
|
- name: "Bootstrapped"
|
||||||
|
ansible.builtin.include_tasks: bootstrapped.yml
|
||||||
|
listen: bootstrapped
|
||||||
- name: "Restart {{ keycloak.service_name }}"
|
- name: "Restart {{ keycloak.service_name }}"
|
||||||
ansible.builtin.include_tasks: restart.yml
|
ansible.builtin.include_tasks: restart.yml
|
||||||
listen: "restart keycloak"
|
listen: "restart keycloak"
|
||||||
|
|
|
||||||
16
roles/keycloak_quarkus/tasks/bootstrapped.yml
Normal file
16
roles/keycloak_quarkus/tasks/bootstrapped.yml
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
- name: Write ansible custom facts
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: keycloak.fact.j2
|
||||||
|
dest: /etc/ansible/facts.d/keycloak.fact
|
||||||
|
mode: '0644'
|
||||||
|
vars:
|
||||||
|
bootstrapped: true
|
||||||
|
|
||||||
|
- name: Re-read custom facts
|
||||||
|
ansible.builtin.setup:
|
||||||
|
filter: ansible_local
|
||||||
|
|
||||||
|
- name: Ensure that `KEYCLOAK_ADMIN[_PASSWORD]` get purged
|
||||||
|
ansible.builtin.include_tasks: systemd.yml
|
||||||
|
|
@ -33,6 +33,13 @@
|
||||||
group: "{{ keycloak.service_group }}"
|
group: "{{ keycloak.service_group }}"
|
||||||
mode: '0750'
|
mode: '0750'
|
||||||
|
|
||||||
|
- name: Create directory for ansible custom facts
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: directory
|
||||||
|
recurse: true
|
||||||
|
path: /etc/ansible/facts.d
|
||||||
|
|
||||||
## check remote archive
|
## check remote archive
|
||||||
- name: Set download archive path
|
- name: Set download archive path
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
|
|
|
||||||
|
|
@ -96,11 +96,6 @@
|
||||||
- name: "Start and wait for keycloak service"
|
- name: "Start and wait for keycloak service"
|
||||||
ansible.builtin.include_tasks: start.yml
|
ansible.builtin.include_tasks: start.yml
|
||||||
|
|
||||||
- name: Check service status
|
|
||||||
ansible.builtin.command: "systemctl status keycloak"
|
|
||||||
register: keycloak_service_status
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Link default logs directory
|
- name: Link default logs directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
state: link
|
state: link
|
||||||
|
|
@ -108,3 +103,21 @@
|
||||||
dest: "{{ keycloak_quarkus_log_target }}"
|
dest: "{{ keycloak_quarkus_log_target }}"
|
||||||
force: true
|
force: true
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
- name: Check service status
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: "{{ keycloak.service_name }}"
|
||||||
|
register: keycloak_service_status
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: "Trigger bootstrapped notification: remove `keycloak_quarkus_admin_user[_pass]` env vars"
|
||||||
|
when:
|
||||||
|
- not ansible_local.keycloak.general.bootstrapped | default(false) | bool # it was not bootstrapped prior to the current role's execution
|
||||||
|
- keycloak_service_status.status.ActiveState == "active" # but it is now
|
||||||
|
ansible.builtin.assert: { that: true, quiet: true }
|
||||||
|
changed_when: true
|
||||||
|
notify:
|
||||||
|
- bootstrapped
|
||||||
|
|
||||||
|
- name: Flush pending handlers
|
||||||
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,10 @@
|
||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
|
{% if not ansible_local.keycloak.general.bootstrapped | default(false) | bool %}
|
||||||
KEYCLOAK_ADMIN={{ keycloak_quarkus_admin_user }}
|
KEYCLOAK_ADMIN={{ keycloak_quarkus_admin_user }}
|
||||||
KEYCLOAK_ADMIN_PASSWORD='{{ keycloak_quarkus_admin_pass }}'
|
KEYCLOAK_ADMIN_PASSWORD='{{ keycloak_quarkus_admin_pass }}'
|
||||||
|
{% else %}
|
||||||
|
{{ keycloak.bootstrap_mnemonic }}
|
||||||
|
{% endif %}
|
||||||
PATH={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
PATH={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}
|
JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}
|
||||||
JAVA_OPTS={{ keycloak_quarkus_java_opts }}
|
JAVA_OPTS={{ keycloak_quarkus_java_opts }}
|
||||||
|
|
|
||||||
2
roles/keycloak_quarkus/templates/keycloak.fact.j2
Normal file
2
roles/keycloak_quarkus/templates/keycloak.fact.j2
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
[general]
|
||||||
|
bootstrapped={{ bootstrapped | lower }}
|
||||||
|
|
@ -15,3 +15,4 @@ keycloak: # noqa var-naming this is an internal dict of interpolated values
|
||||||
file: "{{ keycloak_quarkus_home }}/{{ keycloak_quarkus_log_file }}"
|
file: "{{ keycloak_quarkus_home }}/{{ keycloak_quarkus_log_file }}"
|
||||||
level: "{{ keycloak_quarkus_log_level }}"
|
level: "{{ keycloak_quarkus_log_level }}"
|
||||||
format: "{{ keycloak_quarkus_log_format }}"
|
format: "{{ keycloak_quarkus_log_format }}"
|
||||||
|
bootstrap_mnemonic: "# ansible-middleware/keycloak: bootstrapped"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue