ansible/roles/install_keycloak/tasks/main.yml

67 lines
1.6 KiB
YAML
Raw Permalink Normal View History

2021-01-24 22:42:56 +01:00
---
2021-01-24 22:51:16 +01:00
- name: Ensure the directory exist
file:
path: /var/local/keycloak
state: directory
- name: Ensure the user keycloak exists
user:
name: keycloak
create_home: no
password_lock: yes
- name: Retrieve info about users
getent:
database: passwd
2021-01-25 00:05:13 +01:00
- name: Warning
debug:
msg: This is a test server, do not use in production
2021-01-26 00:11:28 +01:00
- name: Copy env variables
template:
src: dot_env.j2
dest: /var/local/keycloak/.env
mode: 0400
owner: root
group: staff
2021-01-26 19:53:14 +01:00
- name: Ensure the certificate directory exist
file:
path: /var/local/keycloak/certificates
state: directory
- name: Copy key
copy:
src: /var/certificates/{{ server_hostname }}_privkey.pem
dest: /var/local/keycloak/certificates/tls.key
remote_src: yes
owner: keycloak
group: keycloak
mode: 0644 # 0600
# I wanted to limite read access to the private key to one "keycloak" user,
# but It doesn't works because the user running some script inside the container
# has a fix uid (1000) and obviously this uid is taken on the host by the first
# user created... I hope you're serveur is well protected...
2021-01-26 19:53:14 +01:00
- name: Copy certificate
copy:
src: /var/certificates/{{ server_hostname }}_cert.pem
dest: /var/local/keycloak/certificates/tls.crt
remote_src: yes
owner: keycloak
group: keycloak
2021-01-26 19:53:14 +01:00
2021-01-24 22:42:56 +01:00
- name: Copy docker-compose.yml
template:
src: docker-compose.yml.j2
dest: /var/local/keycloak/docker-compose.yml
mode: 0644
owner: root
group: staff
2021-01-24 23:18:59 +01:00
- name: Start the container
docker_compose:
project_src: /var/local/keycloak