ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-06 10:50:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

always create pidfile folder

Browse source 
add keycloak_service_runas feature flag
fix previous installs permissions
This commit is contained in:
Massimo Schiavon 2023-08-29 21:41:38 +02:00
parent c8ebbe72d2
commit 40c015d3e1
No known key found for this signature in database
GPG key ID: 5C896DA797460833
3 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
roles/keycloak/meta/argument_specs.yml
View file

@ -74,6 +74,11 @@ argument_specs:
default: "" default: ""
description: "Path to custom template for standalone.xml configuration" description: "Path to custom template for standalone.xml configuration"
type: "str" type: "str"
keycloak_service_runas:
# line 20 of keycloak/defaults/main.yml
default: false
description: "Enable execution of service as `keycloak_service_user`"
type: "bool"
keycloak_service_user: keycloak_service_user:
# line 29 of keycloak/defaults/main.yml # line 29 of keycloak/defaults/main.yml
default: "keycloak" default: "keycloak"

18
roles/keycloak/tasks/install.yml
View file

@ -53,20 +53,14 @@
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0750 mode: 0750
- name: Check pidfile folder
ansible.builtin.stat:
path: "{{ keycloak_service_pidfile | dirname }}"
register: keycloak_service_pidfile_stat
- name: Create pidfile folder - name: Create pidfile folder
become: yes become: yes
become_user: root
ansible.builtin.file: ansible.builtin.file:
dest: "{{ keycloak_service_pidfile | dirname }}" dest: "{{ keycloak_service_pidfile | dirname }}"
state: directory state: directory
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user if keycloak_service_runas else omit }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group if keycloak_service_runas else omit }}"
mode: "0750" mode: 0750
when: not keycloak_service_pidfile_stat.stat.exists
## check remote archive ## check remote archive
- name: Set download archive path - name: Set download archive path
@ -209,6 +203,12 @@
become: yes become: yes
changed_when: false changed_when: false
- name: Ensure permissions are correct on existing deploy
ansible.builtin.command: chown -R "{{ keycloak_service_user }}:{{ keycloak_service_group }}" "{{ keycloak.home }}"
when: keycloak_service_runas
become: yes
changed_when: false
# driver and configuration # driver and configuration
- name: "Install {{ keycloak_jdbc_engine }} driver" - name: "Install {{ keycloak_jdbc_engine }} driver"
ansible.builtin.include_tasks: jdbc_driver.yml ansible.builtin.include_tasks: jdbc_driver.yml

2
roles/keycloak/templates/keycloak.service.j2
View file

@ -8,8 +8,10 @@ StartLimitBurst={{ keycloak_service_startlimitburst }}
[Service] [Service]
Type=forking Type=forking
{% if keycloak_service_runas %}
User={{ keycloak_service_user }} User={{ keycloak_service_user }}
Group={{ keycloak_service_group }} Group={{ keycloak_service_group }}
{% endif -%}
EnvironmentFile=-/etc/sysconfig/keycloak EnvironmentFile=-/etc/sysconfig/keycloak
PIDFile={{ keycloak_service_pidfile }} PIDFile={{ keycloak_service_pidfile }}
ExecStart={{ keycloak_dest }}/keycloak-service.sh start ExecStart={{ keycloak_dest }}/keycloak-service.sh start