add role keycloak_quarkus

2025-08-06 14:14:30 -07:00 · 2022-04-07 14:07:08 +02:00 · 2022-04-07 14:07:08 +02:00 · 419c862341
commit 419c862341
parent c7b6bc1d61
16 changed files with 666 additions and 0 deletions
--- a/roles/keycloak_quarkus/tasks/fastpackages.yml
+++ b/roles/keycloak_quarkus/tasks/fastpackages.yml
@ -0,0 +1,21 @@
+---
+- block:
+  - name: "Check if packages are already installed"
+    ansible.builtin.command: "rpm -q {{ packages_list | join(' ') }}"
+    args:
+      warn: no
+    register: rpm_info
+    changed_when: rpm_info.failed
+
+  rescue:
+    - name: "Add missing packages to the yum install list"
+      ansible.builtin.set_fact:
+        packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | flatten }}"
+      when: rpm_info.failed
+
+- name: "Install packages: {{ packages_to_install }}"
+  become: yes
+  ansible.builtin.yum:
+    name: "{{ packages_to_install }}"
+    state: present
+  when: packages_to_install | default([]) | length > 0
--- a/roles/keycloak_quarkus/tasks/firewalld.yml
+++ b/roles/keycloak_quarkus/tasks/firewalld.yml
@ -0,0 +1,25 @@
+---
+- name: Ensure required package firewalld are installed
+  ansible.builtin.include_tasks: fastpackages.yml
+  vars:
+    packages_list:
+      - firewalld
+
+- name: Enable and start the firewalld service
+  become: yes
+  ansible.builtin.systemd:
+    name: firewalld
+    enabled: yes
+    state: started
+
+- name: "Configure firewall for {{ keycloak.service_name }} ports"
+  become: yes
+  firewalld:
+    port: "{{ item }}"
+    permanent: true
+    state: enabled
+    immediate: yes
+  loop:
+    - "{{ keycloak_quarkus_http_port }}/tcp"
+    - "{{ keycloak_quarkus_https_port }}/tcp"
+    - "{{ keycloak_quarkus_jgroups_port }}/tcp"
--- a/roles/keycloak_quarkus/tasks/install.yml
+++ b/roles/keycloak_quarkus/tasks/install.yml
@ -0,0 +1,110 @@
+---
+- name: Validate parameters
+  ansible.builtin.assert:
+    that:
+      - keycloak.home is defined
+      - keycloak_quarkus_service_user is defined
+      - keycloak_quarkus_dest is defined
+      - keycloak_quarkus_archive is defined
+      - keycloak_quarkus_download_url is defined
+      - keycloak_quarkus_version is defined
+    quiet: true
+
+- name: Check for an existing deployment
+  become: yes
+  ansible.builtin.stat:
+    path: "{{ keycloak.home }}"
+  register: existing_deploy
+
+- name: "Create {{ keycloak.service_name }} service user/group"
+  become: yes
+  ansible.builtin.user:
+    name: "{{ keycloak.service_user }}"
+    home: /opt/keycloak
+    system: yes
+    create_home: no
+
+- name: "Create {{ keycloak.service_name }} install location"
+  become: yes
+  ansible.builtin.file:
+    dest: "{{ keycloak_quarkus_dest }}"
+    state: directory
+    owner: "{{ keycloak.service_user }}"
+    group: "{{ keycloak.service_group }}"
+    mode: 0750
+
+## check remote archive
+- name: Set download archive path
+  ansible.builtin.set_fact:
+    archive: "{{ keycloak_quarkus_dest }}/{{ keycloak.bundle }}"
+
+- name: Check download archive path
+  become: yes
+  ansible.builtin.stat:
+    path: "{{ archive }}"
+  register: archive_path
+
+## download to controller
+- name: Check local download archive path
+  ansible.builtin.stat:
+    path: "{{ lookup('env', 'PWD') }}"
+  register: local_path
+  delegate_to: localhost
+
+- name: Download keycloak archive
+  ansible.builtin.get_url:
+    url: "{{ keycloak_quarkus_download_url }}"
+    dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+  delegate_to: localhost
+  when:
+    - archive_path is defined
+    - archive_path.stat is defined
+    - not archive_path.stat.exists
+    - not keycloak.offline_install
+
+- name: Check downloaded archive
+  ansible.builtin.stat:
+    path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+  register: local_archive_path
+  delegate_to: localhost
+
+## copy and unpack
+- name: Copy archive to target nodes
+  ansible.builtin.copy:
+    src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+    dest: "{{ archive }}"
+    owner: "{{ keycloak.service_user }}"
+    group: "{{ keycloak.service_group }}"
+    mode: 0750
+  register: new_version_downloaded
+  when:
+    - not archive_path.stat.exists
+    - local_archive_path.stat is defined
+    - local_archive_path.stat.exists
+  become: yes
+
+- name: "Check target directory: {{ keycloak.home }}"
+  ansible.builtin.stat:
+    path: "{{ keycloak.home }}"
+  register: path_to_workdir
+  become: yes
+
+- name: "Extract Keycloak archive on target"
+  ansible.builtin.unarchive:
+    remote_src: yes
+    src: "{{ archive }}"
+    dest: "{{ keycloak_quarkus_dest }}"
+    creates: "{{ keycloak.home }}"
+    owner: "{{ keycloak.service_user }}"
+    group: "{{ keycloak.service_group }}"
+  become: yes
+  when:
+    - new_version_downloaded.changed or not path_to_workdir.stat.exists
+  notify:
+    - restart keycloak
+
+- name: Inform decompression was not executed
+  ansible.builtin.debug:
+    msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
+  when:
+    - not new_version_downloaded.changed and path_to_workdir.stat.exists
--- a/roles/keycloak_quarkus/tasks/main.yml
+++ b/roles/keycloak_quarkus/tasks/main.yml
@ -0,0 +1,41 @@
+---
+# tasks file for keycloak
+
+- name: Check prerequisites
+  ansible.builtin.include_tasks: prereqs.yml
+  tags:
+    - prereqs
+
+- name: Include firewall config tasks
+  ansible.builtin.include_tasks: firewalld.yml
+  when: keycloak_quarkus_configure_firewalld
+  tags:
+    - firewall
+
+- name: Include install tasks
+  ansible.builtin.include_tasks: install.yml
+  tags:
+    - install
+
+- name: Include systemd tasks
+  ansible.builtin.include_tasks: systemd.yml
+  tags:
+    - systemd
+
+- name: "Configure config for keycloak service"
+  ansible.builtin.template:
+    src: keycloak.conf.j2
+    dest: "{{ keycloak.home }}/conf/keycloak.conf"
+    owner: "{{ keycloak.service_user }}"
+    group: "{{ keycloak.service_group }}"
+    mode: 0644
+  notify:
+    - restart keycloak
+
+- name: "Start and wait for keycloak service"
+  ansible.builtin.include_tasks: start.yml
+
+- name: Check service status
+  ansible.builtin.command: "systemctl status keycloak"
+  register: keycloak_service_status
+  changed_when: False
--- a/roles/keycloak_quarkus/tasks/prereqs.yml
+++ b/roles/keycloak_quarkus/tasks/prereqs.yml
@ -0,0 +1,34 @@
+---
+- name: Validate admin console password
+  ansible.builtin.assert:
+    that:
+      - keycloak_quarkus_admin_pass | length > 12
+    quiet: True
+    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass variable to a 12+ char long string"
+    success_msg: "{{ 'Console administrator password OK' }}"
+
+- name: Validate configuration
+  ansible.builtin.assert:
+    that:
+      - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
+    quiet: True
+    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
+    success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}"
+
+# - name: Validate credentials
+#   ansible.builtin.assert:
+#     that:
+#       - (rhn_username is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install
+#       - (rhn_password is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install
+#     quiet: True
+#     fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined"
+#     success_msg: "{{ 'Installing Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Installing keycloak.org' }}"
+
+- name: Ensure required packages are installed
+  ansible.builtin.include_tasks: fastpackages.yml
+  vars:
+    packages_list:
+      - "{{ keycloak_quarkus_jvm_package }}"
+      - unzip
+      - procps-ng
+      - initscripts
--- a/roles/keycloak_quarkus/tasks/restart.yml
+++ b/roles/keycloak_quarkus/tasks/restart.yml
@ -0,0 +1,7 @@
+---
+- name: "Restart and enable {{ keycloak.service_name }} service"
+  ansible.builtin.systemd:
+    name: keycloak
+    enabled: yes
+    state: restarted
+  become: yes
--- a/roles/keycloak_quarkus/tasks/start.yml
+++ b/roles/keycloak_quarkus/tasks/start.yml
@ -0,0 +1,15 @@
+---
+- name: "Start {{ keycloak.service_name }} service"
+  ansible.builtin.systemd:
+    name: keycloak
+    enabled: yes
+    state: started
+  become: yes
+
+- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
+  ansible.builtin.uri:
+    url: "{{ keycloak.health_url }}"
+  register: keycloak_status
+  until: keycloak_status.status == 200
+  retries: 25
+  delay: 10
--- a/roles/keycloak_quarkus/tasks/systemd.yml
+++ b/roles/keycloak_quarkus/tasks/systemd.yml
@ -0,0 +1,29 @@
+---
+- name: "Configure sysconfig file for keycloak service"
+  become: yes
+  ansible.builtin.template:
+    src: keycloak-sysconfig.j2
+    dest: /etc/sysconfig/keycloak
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart keycloak
+
+- name: "Configure systemd unit file for keycloak service"
+  ansible.builtin.template:
+    src: keycloak.service.j2
+    dest: /etc/systemd/system/keycloak.service
+    owner: root
+    group: root
+    mode: 0644
+  become: yes
+  register: systemdunit
+  notify:
+    - restart keycloak
+
+- name: Reload systemd
+  become: yes
+  ansible.builtin.systemd:
+    daemon_reload: yes
+  when: systemdunit.changed