ansible/roles/install_keycloak/tasks/main.yml
2021-01-27 01:23:23 +01:00

66 lines
1.6 KiB
YAML

---
- name: Ensure the directory exist
file:
path: /var/local/keycloak
state: directory
- name: Ensure the user keycloak exists
user:
name: keycloak
create_home: no
password_lock: yes
- name: Retrieve info about users
getent:
database: passwd
- name: Warning
debug:
msg: This is a test server, do not use in production
- name: Copy env variables
template:
src: dot_env.j2
dest: /var/local/keycloak/.env
mode: 0400
owner: root
group: staff
- name: Ensure the certificate directory exist
file:
path: /var/local/keycloak/certificates
state: directory
- name: Copy key
copy:
src: /var/certificates/{{ server_hostname }}_privkey.pem
dest: /var/local/keycloak/certificates/tls.key
remote_src: yes
owner: keycloak
group: keycloak
mode: 0644 # 0600
# I wanted to limite read access to the private key to one "keycloak" user,
# but It doesn't works because the user running some script inside the container
# has a fix uid (1000) and obviously this uid is taken on the host by the first
# user created... I hope you're serveur is well protected...
- name: Copy certificate
copy:
src: /var/certificates/{{ server_hostname }}_cert.pem
dest: /var/local/keycloak/certificates/tls.crt
remote_src: yes
owner: keycloak
group: keycloak
- name: Copy docker-compose.yml
template:
src: docker-compose.yml.j2
dest: /var/local/keycloak/docker-compose.yml
mode: 0644
owner: root
group: staff
- name: Start the container
docker_compose:
project_src: /var/local/keycloak