Hung-Wei Chiu | 6a075af | 2021-09-09 22:33:06 +0000 | [diff] [blame] | 1 | --- |
| 2 | # keycloak tasks/main.yml |
| 3 | # |
| 4 | # SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org> |
| 5 | # SPDX-License-Identifier: Apache-2.0 |
| 6 | |
| 7 | - name: include OS-specific tasks |
| 8 | include_tasks: "{{ ansible_os_family }}.yml" |
| 9 | |
| 10 | - name: Create group for Keycloak |
| 11 | group: |
| 12 | name: "{{ keycloak_groupname }}" |
| 13 | |
| 14 | - name: Create user for Keycloak |
| 15 | user: |
| 16 | name: "{{ keycloak_username }}" |
| 17 | group: "{{ keycloak_groupname }}" |
| 18 | comment: "{{ keycloak_comment }}" |
| 19 | shell: "{{ keycloak_shell }}" |
| 20 | system: true |
| 21 | password_lock: true |
| 22 | |
| 23 | - name: Create keycloak dist directory |
| 24 | file: |
| 25 | path: "{{ keycloak_dist_dir }}" |
| 26 | owner: "{{ keycloak_username }}" |
| 27 | group: "{{ keycloak_groupname }}" |
| 28 | state: directory |
| 29 | mode: 0700 |
| 30 | |
| 31 | - name: Download keycloak |
| 32 | get_url: |
| 33 | url: "{{ keycloak_download_url }}" |
| 34 | dest: "{{ keycloak_dist_dir }}" |
| 35 | timeout: 30 |
| 36 | checksum: "{{ keycloak_checksum }}" |
| 37 | become: true |
| 38 | become_user: "{{ keycloak_username }}" |
| 39 | |
| 40 | - name: Extract keycloak |
| 41 | unarchive: |
| 42 | remote_src: true |
| 43 | src: "{{ keycloak_dist_dir }}/keycloak-{{ keycloak_version }}.tar.gz" |
| 44 | dest: "{{ keycloak_base_dir }}" |
| 45 | owner: "{{ keycloak_username }}" |
| 46 | group: "{{ keycloak_groupname }}" |
| 47 | creates: "{{ keycloak_base_dir }}/keycloak-{{ keycloak_version }}" |
| 48 | |
| 49 | - name: Link Keycloak distro to working dir |
| 50 | file: |
| 51 | state: "link" |
| 52 | src: "{{ keycloak_base_dir }}/keycloak-{{ keycloak_version }}" |
| 53 | dest: "{{ keycloak_working_dir }}" |
| 54 | |
| 55 | - name: Check admin account |
| 56 | command: |
| 57 | chdir: "{{ keycloak_working_dir }}/bin/" |
| 58 | cmd: > |
| 59 | ./kcadm.sh get users |
Hung-Wei Chiu | 7260e78 | 2021-09-14 18:33:46 +0000 | [diff] [blame^] | 60 | --server {{ keycloak_server }}/auth |
Hung-Wei Chiu | 6a075af | 2021-09-09 22:33:06 +0000 | [diff] [blame] | 61 | --realm master --user {{ keycloak_admin_username }} |
| 62 | --password {{ keycloak_admin_password }} |
| 63 | register: kcadm_result |
| 64 | changed_when: false |
| 65 | failed_when: false |
| 66 | |
| 67 | - name: Create admin account |
| 68 | command: |
| 69 | chdir: "{{ keycloak_working_dir }}/bin/" |
| 70 | cmd: > |
| 71 | ./add-user-keycloak.sh |
| 72 | --realm master --user {{ keycloak_admin_username }} |
| 73 | --password {{ keycloak_admin_password }} |
| 74 | when: kcadm_result.rc != 0 |
| 75 | notify: |
| 76 | - "start-keycloak" |
| 77 | - "restart-keycloak" |
Hung-Wei Chiu | 718cd26 | 2021-09-13 18:20:21 +0000 | [diff] [blame] | 78 | - name: Flush handlers to start keycloak server before configuring it via API |
| 79 | meta: flush_handlers |
| 80 | |
| 81 | - name: Wait for Keycloak to be ready |
| 82 | uri: |
| 83 | url: "http://localhost:9990/health" |
| 84 | method: GET |
| 85 | return_content: "yes" |
| 86 | timeout: 5 |
| 87 | body_format: raw |
| 88 | follow_redirects: "no" |
| 89 | status_code: 200 |
| 90 | register: result |
| 91 | until: result.status == 200 |
| 92 | retries: 60 |
| 93 | delay: 5 |
| 94 | |
| 95 | - name: Configure Keycloak client |
| 96 | community.general.keycloak_client: |
Hung-Wei Chiu | 7260e78 | 2021-09-14 18:33:46 +0000 | [diff] [blame^] | 97 | auth_keycloak_url: "{{ keycloak_server }}/auth" |
Hung-Wei Chiu | 718cd26 | 2021-09-13 18:20:21 +0000 | [diff] [blame] | 98 | auth_realm: "{{ item.auth_realm }}" |
| 99 | auth_username: "{{ keycloak_admin_username }}" |
| 100 | auth_password: "{{ keycloak_admin_password }}" |
| 101 | client_id: "{{ item.client_id }}" |
| 102 | name: "{{ item.name }}" |
| 103 | protocol: "{{ item.protocol }}" |
| 104 | description: "{{ item.description }}" |
| 105 | attributes: "{{ item.attributes }}" |
| 106 | redirect_uris: "{{ item.redirect_uris }}" |
| 107 | protocol_mappers: "{{ item.protocol_mappers }}" |
| 108 | state: present |
| 109 | with_items: "{{ keycloak_client_settings }}" |
Hung-Wei Chiu | 7260e78 | 2021-09-14 18:33:46 +0000 | [diff] [blame^] | 110 | |
| 111 | - name: "Create Token for Keycloak service" |
| 112 | uri: |
| 113 | url: "{{ keycloak_server }}/auth/realms/master/protocol/openid-connect/token" |
| 114 | method: POST |
| 115 | body_format: form-urlencoded |
| 116 | body: |
| 117 | username: "{{ keycloak_admin_username }}" |
| 118 | password: "{{ keycloak_admin_password }}" |
| 119 | grant_type: "password" |
| 120 | client_id: "admin-cli" |
| 121 | register: keycloak_token |
| 122 | |
| 123 | - name: "Get existing LDAP configuration" |
| 124 | uri: |
| 125 | url: "{{ keycloak_admin_api }}/components?type=org.keycloak.storage.UserStorageProvider" |
| 126 | method: GET |
| 127 | headers: |
| 128 | Accept: "application/json" |
| 129 | Authorization: "Bearer {{ keycloak_token.json.access_token }}" |
| 130 | register: keycloak_components_list |
| 131 | |
| 132 | - name: Check if the Keycloak already has the LDAP configuration |
| 133 | set_fact: |
| 134 | ldap_id: "{{ item.id }}" |
| 135 | with_items: "{{ keycloak_components_list.json }}" |
| 136 | when: item.name == "ldap" |
| 137 | |
| 138 | - name: Generate a local json file for LDAP configuration |
| 139 | become: false |
| 140 | delegate_to: localhost |
| 141 | template: |
| 142 | src: "ldap.config.j2" |
| 143 | dest: "/tmp/ldap.config" |
| 144 | mode: "0600" |
| 145 | changed_when: false |
| 146 | |
| 147 | - name: "Create LDAP Provider if not exist" |
| 148 | uri: |
| 149 | url: "{{ keycloak_admin_api }}/components" |
| 150 | method: POST |
| 151 | src: /tmp/ldap.config |
| 152 | status_code: [201] |
| 153 | headers: |
| 154 | Content-Type: application/json |
| 155 | Authorization: "Bearer {{ keycloak_token.json.access_token }}" |
| 156 | register: keycloak_create_ldap_response |
| 157 | when: ldap_id is not defined |
| 158 | |
| 159 | - name: "Update LDAP Provider if exist" |
| 160 | uri: |
| 161 | url: "{{ keycloak_admin_api }}/components/{{ ldap_id }}" |
| 162 | method: PUT |
| 163 | src: /tmp/ldap.config |
| 164 | status_code: [204] |
| 165 | headers: |
| 166 | Content-Type: application/json |
| 167 | Authorization: "Bearer {{ keycloak_token.json.access_token }}" |
| 168 | when: ldap_id is defined |
| 169 | |
| 170 | - name: Update LDAP_ID with new created LDAP components |
| 171 | set_fact: |
| 172 | ldap_id: "{{ keycloak_create_ldap_response.location | basename }}" |
| 173 | when: ldap_id is not defined |
| 174 | |
| 175 | - name: Generate a local json file for LDAP mapper configuration |
| 176 | become: false |
| 177 | delegate_to: localhost |
| 178 | template: |
| 179 | src: "{{ item }}.j2" |
| 180 | dest: "/tmp/{{ item }}" |
| 181 | mode: "0600" |
| 182 | with_items: |
| 183 | - ldap.mapper.group |
| 184 | - keycloak.event.config |
| 185 | changed_when: false |
| 186 | |
| 187 | - name: Create LDAP mapper from local json configuraiton |
| 188 | uri: |
| 189 | url: "{{ keycloak_admin_api }}/components/" |
| 190 | method: POST |
| 191 | src: "/tmp/{{ item }}" |
| 192 | status_code: [201] |
| 193 | headers: |
| 194 | Content-Type: application/json |
| 195 | Authorization: "Bearer {{ keycloak_token.json.access_token }}" |
| 196 | with_items: |
| 197 | - ldap.mapper.group |
| 198 | |
| 199 | - name: Create LDAP mapper from local json configuraiton |
| 200 | uri: |
| 201 | url: "{{ keycloak_admin_api }}/events/config" |
| 202 | method: PUT |
| 203 | src: "/tmp/keycloak.event.config" |
| 204 | status_code: [204] |
| 205 | headers: |
| 206 | Content-Type: application/json |
| 207 | Authorization: "Bearer {{ keycloak_token.json.access_token }}" |
| 208 | |
| 209 | - name: Remove local LDAP json file |
| 210 | delegate_to: localhost |
| 211 | file: |
| 212 | path: "/tmp/{{ item }}" |
| 213 | state: absent |
| 214 | with_items: |
| 215 | - ldap.config |
| 216 | - ldap.mapper.group |
| 217 | - keycloak.event.config |
| 218 | changed_when: false |