From d4058a775c42277a6e9bc3d58d9a8bbfccc99bea Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 26 Nov 2020 20:10:56 +0100 Subject: add role for app keycloak --- roles/apps/keycloak/tasks/main.yml | 105 +++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 roles/apps/keycloak/tasks/main.yml (limited to 'roles/apps/keycloak/tasks/main.yml') diff --git a/roles/apps/keycloak/tasks/main.yml b/roles/apps/keycloak/tasks/main.yml new file mode 100644 index 00000000..917aa68e --- /dev/null +++ b/roles/apps/keycloak/tasks/main.yml @@ -0,0 +1,105 @@ +--- +- name: create zfs datasets + when: keycloak_zfs is defined + block: + - name: create zfs base dataset + zfs: + name: "{{ keycloak_zfs.pool }}/{{ keycloak_zfs.name }}" + state: present + extra_zfs_properties: "{{ keycloak_zfs.properties | default(omit) }}" + + - name: create zfs volumes for instances + loop: "{{ keycloak_instances | dict2items }}" + loop_control: + label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})" + zfs: + name: "{{ keycloak_zfs.pool }}/{{ keycloak_zfs.name }}/{{ item.key }}" + state: present + extra_zfs_properties: "{{ item.value.zfs_properties | default(omit) }}" + + - name: configure keycloak base bath + set_fact: + keycloak_base_path: "{{ zfs_pools[keycloak_zfs.pool].mountpoint }}/{{ keycloak_zfs.name }}" + + +- name: create instance subdirectories + when: keycloak_zfs is not defined + loop: "{{ keycloak_instances | list }}" + file: + path: "{{ keycloak_base_path }}/{{ item }}" + state: directory + + + +- name: add group for keycloak app + group: + name: kc-app + gid: "{{ keycloak_app_gid }}" + +- name: add user for keycloak app + user: + name: kc-app + uid: "{{ keycloak_app_uid }}" + group: kc-app + password: "!" + +- name: create keycloak app subdirectory + loop: "{{ keycloak_instances | list }}" + file: + path: "{{ keycloak_base_path }}/{{ item }}/keycloak" + owner: "{{ keycloak_app_uid }}" + group: "{{ keycloak_app_gid }}" + state: directory + + +- name: add group for keycloak db + group: + name: kc-db + gid: "{{ keycloak_db_gid }}" + +- name: add user for keycloak db + user: + name: kc-db + uid: "{{ keycloak_db_uid }}" + group: kc-db + password: "!" + +- name: create keycloak database subdirectory + loop: "{{ keycloak_instances | dict2items}}" + loop_control: + label: "{{ item.key }} ({{ item.value.database.type }})" + file: + path: "{{ keycloak_base_path }}/{{ item.key }}/{{ item.value.database.type }}" + owner: "{{ keycloak_db_uid }}" + group: "{{ keycloak_db_gid }}" + state: directory + + +- name: install pod manifest + loop: "{{ keycloak_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + kubernetes_standalone_pod: + name: "keycloak-{{ item.key }}" + spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}" + mode: "0600" + include_role: + name: kubernetes/standalone/pod + + +- name: configure nginx vhost + loop: "{{ keycloak_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + nginx_vhost: + name: "keycloak-{{ item.key }}" + template: generic-proxy-no-buffering-with-acme + acme: true + hostnames: + - "{{ item.value.hostname }}" + client_max_body_size: "0" + proxy_pass: "http://127.0.0.1:{{ item.value.port }}/auth/" + include_role: + name: nginx/vhost -- cgit v1.2.3