Blame - tasks/main.yml - ansible/role/keycloak

blob: aa31ddb4a0c88895a03592ae84c6145ff1c4e97d [file] [log] [blame]

Hung-Wei Chiu	6a075af	2021-09-09 22:33:06 +0000	[diff] [blame]	1	---
				2	# keycloak tasks/main.yml
				3	#
				4	# SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org>
				5	# SPDX-License-Identifier: Apache-2.0
				6
				7	- name: include OS-specific tasks
				8	include_tasks: "{{ ansible_os_family }}.yml"
				9
				10	- name: Create group for Keycloak
				11	group:
				12	name: "{{ keycloak_groupname }}"
				13
				14	- name: Create user for Keycloak
				15	user:
				16	name: "{{ keycloak_username }}"
				17	group: "{{ keycloak_groupname }}"
				18	comment: "{{ keycloak_comment }}"
				19	shell: "{{ keycloak_shell }}"
				20	system: true
				21	password_lock: true
				22
				23	- name: Create keycloak dist directory
				24	file:
				25	path: "{{ keycloak_dist_dir }}"
				26	owner: "{{ keycloak_username }}"
				27	group: "{{ keycloak_groupname }}"
				28	state: directory
				29	mode: 0700
				30
				31	- name: Download keycloak
				32	get_url:
				33	url: "{{ keycloak_download_url }}"
				34	dest: "{{ keycloak_dist_dir }}"
				35	timeout: 30
				36	checksum: "{{ keycloak_checksum }}"
				37	become: true
				38	become_user: "{{ keycloak_username }}"
				39
				40	- name: Extract keycloak
				41	unarchive:
				42	remote_src: true
				43	src: "{{ keycloak_dist_dir }}/keycloak-{{ keycloak_version }}.tar.gz"
				44	dest: "{{ keycloak_base_dir }}"
				45	owner: "{{ keycloak_username }}"
				46	group: "{{ keycloak_groupname }}"
				47	creates: "{{ keycloak_base_dir }}/keycloak-{{ keycloak_version }}"
				48
				49	- name: Link Keycloak distro to working dir
				50	file:
				51	state: "link"
				52	src: "{{ keycloak_base_dir }}/keycloak-{{ keycloak_version }}"
				53	dest: "{{ keycloak_working_dir }}"
				54
				55	- name: Check admin account
				56	command:
				57	chdir: "{{ keycloak_working_dir }}/bin/"
				58	cmd: >
				59	./kcadm.sh get users
Hung-Wei Chiu	7260e78	2021-09-14 18:33:46 +0000	[diff] [blame^]	60	--server {{ keycloak_server }}/auth
Hung-Wei Chiu	6a075af	2021-09-09 22:33:06 +0000	[diff] [blame]	61	--realm master --user {{ keycloak_admin_username }}
				62	--password {{ keycloak_admin_password }}
				63	register: kcadm_result
				64	changed_when: false
				65	failed_when: false
				66
				67	- name: Create admin account
				68	command:
				69	chdir: "{{ keycloak_working_dir }}/bin/"
				70	cmd: >
				71	./add-user-keycloak.sh
				72	--realm master --user {{ keycloak_admin_username }}
				73	--password {{ keycloak_admin_password }}
				74	when: kcadm_result.rc != 0
				75	notify:
				76	- "start-keycloak"
				77	- "restart-keycloak"
Hung-Wei Chiu	718cd26	2021-09-13 18:20:21 +0000	[diff] [blame]	78	- name: Flush handlers to start keycloak server before configuring it via API
				79	meta: flush_handlers
				80
				81	- name: Wait for Keycloak to be ready
				82	uri:
				83	url: "http://localhost:9990/health"
				84	method: GET
				85	return_content: "yes"
				86	timeout: 5
				87	body_format: raw
				88	follow_redirects: "no"
				89	status_code: 200
				90	register: result
				91	until: result.status == 200
				92	retries: 60
				93	delay: 5
				94
				95	- name: Configure Keycloak client
				96	community.general.keycloak_client:
Hung-Wei Chiu	7260e78	2021-09-14 18:33:46 +0000	[diff] [blame^]	97	auth_keycloak_url: "{{ keycloak_server }}/auth"
Hung-Wei Chiu	718cd26	2021-09-13 18:20:21 +0000	[diff] [blame]	98	auth_realm: "{{ item.auth_realm }}"
				99	auth_username: "{{ keycloak_admin_username }}"
				100	auth_password: "{{ keycloak_admin_password }}"
				101	client_id: "{{ item.client_id }}"
				102	name: "{{ item.name }}"
				103	protocol: "{{ item.protocol }}"
				104	description: "{{ item.description }}"
				105	attributes: "{{ item.attributes }}"
				106	redirect_uris: "{{ item.redirect_uris }}"
				107	protocol_mappers: "{{ item.protocol_mappers }}"
				108	state: present
				109	with_items: "{{ keycloak_client_settings }}"
Hung-Wei Chiu	7260e78	2021-09-14 18:33:46 +0000	[diff] [blame^]	110
				111	- name: "Create Token for Keycloak service"
				112	uri:
				113	url: "{{ keycloak_server }}/auth/realms/master/protocol/openid-connect/token"
				114	method: POST
				115	body_format: form-urlencoded
				116	body:
				117	username: "{{ keycloak_admin_username }}"
				118	password: "{{ keycloak_admin_password }}"
				119	grant_type: "password"
				120	client_id: "admin-cli"
				121	register: keycloak_token
				122
				123	- name: "Get existing LDAP configuration"
				124	uri:
				125	url: "{{ keycloak_admin_api }}/components?type=org.keycloak.storage.UserStorageProvider"
				126	method: GET
				127	headers:
				128	Accept: "application/json"
				129	Authorization: "Bearer {{ keycloak_token.json.access_token }}"
				130	register: keycloak_components_list
				131
				132	- name: Check if the Keycloak already has the LDAP configuration
				133	set_fact:
				134	ldap_id: "{{ item.id }}"
				135	with_items: "{{ keycloak_components_list.json }}"
				136	when: item.name == "ldap"
				137
				138	- name: Generate a local json file for LDAP configuration
				139	become: false
				140	delegate_to: localhost
				141	template:
				142	src: "ldap.config.j2"
				143	dest: "/tmp/ldap.config"
				144	mode: "0600"
				145	changed_when: false
				146
				147	- name: "Create LDAP Provider if not exist"
				148	uri:
				149	url: "{{ keycloak_admin_api }}/components"
				150	method: POST
				151	src: /tmp/ldap.config
				152	status_code: [201]
				153	headers:
				154	Content-Type: application/json
				155	Authorization: "Bearer {{ keycloak_token.json.access_token }}"
				156	register: keycloak_create_ldap_response
				157	when: ldap_id is not defined
				158
				159	- name: "Update LDAP Provider if exist"
				160	uri:
				161	url: "{{ keycloak_admin_api }}/components/{{ ldap_id }}"
				162	method: PUT
				163	src: /tmp/ldap.config
				164	status_code: [204]
				165	headers:
				166	Content-Type: application/json
				167	Authorization: "Bearer {{ keycloak_token.json.access_token }}"
				168	when: ldap_id is defined
				169
				170	- name: Update LDAP_ID with new created LDAP components
				171	set_fact:
				172	ldap_id: "{{ keycloak_create_ldap_response.location \| basename }}"
				173	when: ldap_id is not defined
				174
				175	- name: Generate a local json file for LDAP mapper configuration
				176	become: false
				177	delegate_to: localhost
				178	template:
				179	src: "{{ item }}.j2"
				180	dest: "/tmp/{{ item }}"
				181	mode: "0600"
				182	with_items:
				183	- ldap.mapper.group
				184	- keycloak.event.config
				185	changed_when: false
				186
				187	- name: Create LDAP mapper from local json configuraiton
				188	uri:
				189	url: "{{ keycloak_admin_api }}/components/"
				190	method: POST
				191	src: "/tmp/{{ item }}"
				192	status_code: [201]
				193	headers:
				194	Content-Type: application/json
				195	Authorization: "Bearer {{ keycloak_token.json.access_token }}"
				196	with_items:
				197	- ldap.mapper.group
				198
				199	- name: Create LDAP mapper from local json configuraiton
				200	uri:
				201	url: "{{ keycloak_admin_api }}/events/config"
				202	method: PUT
				203	src: "/tmp/keycloak.event.config"
				204	status_code: [204]
				205	headers:
				206	Content-Type: application/json
				207	Authorization: "Bearer {{ keycloak_token.json.access_token }}"
				208
				209	- name: Remove local LDAP json file
				210	delegate_to: localhost
				211	file:
				212	path: "/tmp/{{ item }}"
				213	state: absent
				214	with_items:
				215	- ldap.config
				216	- ldap.mapper.group
				217	- keycloak.event.config
				218	changed_when: false