--- - name: create zfs datasets when: keycloak_zfs is defined block: - name: create zfs base dataset zfs: name: "{{ keycloak_zfs.pool }}/{{ keycloak_zfs.name }}" state: present extra_zfs_properties: "{{ keycloak_zfs.properties | default(omit) }}" - name: create zfs volumes for instances loop: "{{ keycloak_instances | dict2items }}" loop_control: label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})" zfs: name: "{{ keycloak_zfs.pool }}/{{ keycloak_zfs.name }}/{{ item.key }}" state: present extra_zfs_properties: "{{ item.value.zfs_properties | default(omit) }}" - name: configure keycloak base bath set_fact: keycloak_base_path: "{{ (zfs_pools[keycloak_zfs.pool].mountpoint, keycloak_zfs.name) | path_join }}" - name: create instance subdirectories when: keycloak_zfs is not defined loop: "{{ keycloak_instances | list }}" file: path: "{{ keycloak_base_path }}/{{ item }}" state: directory - name: add group for keycloak app group: name: kc-app gid: "{{ keycloak_app_gid }}" - name: add user for keycloak app user: name: kc-app uid: "{{ keycloak_app_uid }}" group: kc-app password: "!" - name: create keycloak app subdirectory loop: "{{ keycloak_instances | list }}" file: path: "{{ keycloak_base_path }}/{{ item }}/keycloak" owner: "{{ keycloak_app_uid }}" group: "{{ keycloak_app_gid }}" state: directory - name: add group for keycloak db group: name: kc-db gid: "{{ keycloak_db_gid }}" - name: add user for keycloak db user: name: kc-db uid: "{{ keycloak_db_uid }}" group: kc-db password: "!" - name: create keycloak database subdirectory loop: "{{ keycloak_instances | dict2items}}" loop_control: label: "{{ item.key }} ({{ item.value.database.type }})" file: path: "{{ keycloak_base_path }}/{{ item.key }}/{{ item.value.database.type }}" owner: "{{ keycloak_db_uid }}" group: "{{ keycloak_db_gid }}" state: directory - name: install pod manifest loop: "{{ keycloak_instances | dict2items }}" loop_control: label: "{{ item.key }}" vars: kubernetes_standalone_pod: name: "keycloak-{{ item.key }}" spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}" mode: "0600" include_role: name: kubernetes/standalone/pod - name: configure nginx vhost loop: "{{ keycloak_instances | dict2items }}" loop_control: label: "{{ item.key }}" vars: nginx_vhost: name: "keycloak-{{ item.key }}" template: generic-proxy-no-buffering-with-acme acme: true hostnames: - "{{ item.value.hostname }}" locations: '/': proxy_pass: "http://127.0.0.1:{{ item.value.port }}/auth/" extra_directives: |- client_max_body_size 0; include_role: name: nginx/vhost