blob: a54f0397d2332f6b14c6423e5dd13168dab35474 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
---
- name: create zfs datasets
when: keycloak_zfs is defined
block:
- name: create zfs base dataset
zfs:
name: "{{ keycloak_zfs.pool }}/{{ keycloak_zfs.name }}"
state: present
extra_zfs_properties: "{{ keycloak_zfs.properties | dehumanize_zfs_properties | default(omit) }}"
- name: create zfs volumes for instances
loop: "{{ keycloak_instances | dict2items }}"
loop_control:
label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})"
zfs:
name: "{{ keycloak_zfs.pool }}/{{ keycloak_zfs.name }}/{{ item.key }}"
state: present
extra_zfs_properties: "{{ item.value.zfs_properties | dehumanize_zfs_properties | default(omit) }}"
- name: configure keycloak base bath
set_fact:
keycloak_base_path: "{{ (zfs_pools[keycloak_zfs.pool].mountpoint, keycloak_zfs.name) | path_join }}"
- name: create instance subdirectories
when: keycloak_zfs is not defined
loop: "{{ keycloak_instances | list }}"
file:
path: "{{ keycloak_base_path }}/{{ item }}"
state: directory
- name: add group for keycloak app
group:
name: kc-app
gid: "{{ keycloak_app_gid }}"
- name: add user for keycloak app
user:
name: kc-app
uid: "{{ keycloak_app_uid }}"
group: kc-app
password: "!"
- name: create keycloak app subdirectory
loop: "{{ keycloak_instances | list }}"
file:
path: "{{ keycloak_base_path }}/{{ item }}/keycloak"
owner: "{{ keycloak_app_uid }}"
group: "{{ keycloak_app_gid }}"
state: directory
- name: add group for keycloak db
group:
name: kc-db
gid: "{{ keycloak_db_gid }}"
- name: add user for keycloak db
user:
name: kc-db
uid: "{{ keycloak_db_uid }}"
group: kc-db
password: "!"
- name: create keycloak database subdirectory
loop: "{{ keycloak_instances | dict2items}}"
loop_control:
label: "{{ item.key }} ({{ item.value.database.type }})"
file:
path: "{{ keycloak_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
owner: "{{ keycloak_db_uid }}"
group: "{{ keycloak_db_gid }}"
state: directory
- name: install pod manifest
loop: "{{ keycloak_instances | dict2items }}"
loop_control:
label: "{{ item.key }}"
vars:
kubernetes_standalone_pod:
name: "keycloak-{{ item.key }}"
spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}"
mode: "0600"
include_role:
name: kubernetes/standalone/pod
- name: configure nginx vhost
loop: "{{ keycloak_instances | dict2items }}"
loop_control:
label: "{{ item.key }}"
vars:
nginx_vhost:
name: "keycloak-{{ item.key }}"
template: generic-proxy-no-buffering-with-acme
acme: true
hostnames:
- "{{ item.value.hostname }}"
locations:
'/':
proxy_pass: "http://127.0.0.1:{{ item.value.port }}/auth/"
extra_directives: |-
client_max_body_size 0;
include_role:
name: nginx/vhost
|
