diff --git a/.gitignore b/.gitignore
index ef79fe9..9cc2eb2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ docs/_build/
.mypy_cache/
*.retry
changelogs/.plugin-cache.yaml
+*.pem
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index 8137cfd..40923c9 100644
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -2,10 +2,6 @@
- name: Prepare
hosts: all
tasks:
- - name: Disable beta repos
- ansible.builtin.command: yum config-manager --disable '*beta*'
- ignore_errors: yes
-
- name: Install sudo
ansible.builtin.yum:
name:
diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml
index 1f77fe5..fd40a44 100644
--- a/molecule/quarkus/converge.yml
+++ b/molecule/quarkus/converge.yml
@@ -5,6 +5,12 @@
keycloak_quarkus_admin_pass: "remembertochangeme"
keycloak_admin_password: "remembertochangeme"
keycloak_realm: TestRealm
+ keycloak_quarkus_host: instance:8443
+ keycloak_quarkus_http_relative_path: ''
+ keycloak_quarkus_log: file
+ keycloak_quarkus_https_enabled: True
+ keycloak_quarkus_key_file: conf/key.pem
+ keycloak_quarkus_cert_file: conf/cert.pem
roles:
- role: keycloak_quarkus
- role: keycloak_realm
diff --git a/molecule/quarkus/molecule.yml b/molecule/quarkus/molecule.yml
index ea8ad61..785de19 100644
--- a/molecule/quarkus/molecule.yml
+++ b/molecule/quarkus/molecule.yml
@@ -16,7 +16,9 @@ platforms:
port_bindings:
- "8080/tcp"
- "8443/tcp"
- - "8009/tcp"
+ - "8009/tcp"
+ published_ports:
+ - 0.0.0.0:8443:8443/tcp
provisioner:
name: ansible
config_options:
diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml
index bda79cf..7d95f2f 100644
--- a/molecule/quarkus/prepare.yml
+++ b/molecule/quarkus/prepare.yml
@@ -6,3 +6,21 @@
ansible.builtin.yum:
name: sudo
state: present
+ - command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance'
+ delegate_to: localhost
+ - lineinfile:
+ dest: /etc/hosts
+ line: "127.0.0.1 instance"
+ state: present
+ delegate_to: localhost
+ become: yes
+ - file:
+ state: directory
+ path: /opt/keycloak/keycloak-18.0.0/conf/
+ - copy:
+ src: "{{ item }}"
+ dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}"
+ mode: 0444
+ loop:
+ - cert.pem
+ - key.pem
diff --git a/molecule/quarkus/verify.yml b/molecule/quarkus/verify.yml
index ef973cd..9b469a4 100644
--- a/molecule/quarkus/verify.yml
+++ b/molecule/quarkus/verify.yml
@@ -9,3 +9,19 @@
that:
- ansible_facts.services["keycloak.service"]["state"] == "running"
- ansible_facts.services["keycloak.service"]["status"] == "enabled"
+ - name: Fetch openID config
+ shell: |
+ curl https://instance:8443/realms/master/.well-known/openid-configuration -k | jq .
+ delegate_to: localhost
+ register: openid_config
+ - debug:
+ msg: " {{ openid_config.stdout | from_json }}"
+ delegate_to: localhost
+ - name: Verify endpoint URLs
+ assert:
+ that:
+ - (openid_config.stdout | from_json)["backchannel_authentication_endpoint"] == 'https://instance:8443/realms/master/protocol/openid-connect/ext/ciba/auth'
+ - (openid_config.stdout | from_json)['issuer'] == 'https://instance:8443/realms/master'
+ - (openid_config.stdout | from_json)['authorization_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/auth'
+ - (openid_config.stdout | from_json)['token_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/token'
+ delegate_to: localhost
diff --git a/playbooks/keycloak_quarkus.yml b/playbooks/keycloak_quarkus.yml
index ebed89b..b9bbbba 100644
--- a/playbooks/keycloak_quarkus.yml
+++ b/playbooks/keycloak_quarkus.yml
@@ -3,7 +3,13 @@
hosts: all
vars:
keycloak_admin_password: "remembertochangeme"
+ keycloak_quarkus_host: localhost:8443
+ keycloak_quarkus_http_relative_path: ''
+ keycloak_quarkus_log: file
+ keycloak_quarkus_https_enabled: True
+ keycloak_quarkus_key_file: conf/key.pem
+ keycloak_quarkus_cert_file: conf/cert.pem
collections:
- middleware_automation.keycloak
roles:
- - keycloak_quarkus
\ No newline at end of file
+ - keycloak_quarkus
diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml
index ba6ec40..b1ea1ee 100644
--- a/roles/keycloak_quarkus/tasks/install.yml
+++ b/roles/keycloak_quarkus/tasks/install.yml
@@ -84,9 +84,9 @@
- local_archive_path.stat.exists
become: yes
-- name: "Check target directory: {{ keycloak.home }}"
+- name: "Check target directory: {{ keycloak.home }}/bin/"
ansible.builtin.stat:
- path: "{{ keycloak.home }}"
+ path: "{{ keycloak.home }}/bin/"
register: path_to_workdir
become: yes
@@ -95,12 +95,12 @@
remote_src: yes
src: "{{ archive }}"
dest: "{{ keycloak_quarkus_dest }}"
- creates: "{{ keycloak.home }}"
+ creates: "{{ keycloak.home }}/bin/"
owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}"
become: yes
when:
- - new_version_downloaded.changed or not path_to_workdir.stat.exists
+ - (not path_to_workdir.stat.exists) or new_version_downloaded.changed
notify:
- restart keycloak
@@ -108,4 +108,4 @@
ansible.builtin.debug:
msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
when:
- - not new_version_downloaded.changed and path_to_workdir.stat.exists
+ - (not new_version_downloaded.changed) and path_to_workdir.stat.exists
diff --git a/roles/keycloak_quarkus/tasks/main.yml b/roles/keycloak_quarkus/tasks/main.yml
index 0ed3ece..cf855a2 100644
--- a/roles/keycloak_quarkus/tasks/main.yml
+++ b/roles/keycloak_quarkus/tasks/main.yml
@@ -41,6 +41,14 @@
notify:
- restart keycloak
+- name: Ensure logdirectory exists
+ ansible.builtin.file:
+ state: directory
+ path: "{{ keycloak.home }}/{{ keycloak.log.file | dirname }}"
+ owner: "{{ keycloak.service_user }}"
+ group: "{{ keycloak.service_group }}"
+ mode: 0775
+
- name: "Start and wait for keycloak service"
ansible.builtin.include_tasks: start.yml
@@ -52,6 +60,6 @@
- name: Link default logs directory
ansible.builtin.file:
state: link
- src: "{{ keycloak.home }}/{{ keycloak.log.file }}"
+ src: "{{ keycloak.home }}/{{ keycloak.log.file | dirname }}"
dest: /var/log/keycloak
force: yes