66 lines
1.6 KiB
YAML
66 lines
1.6 KiB
YAML
---
|
|
- name: Ensure the directory exist
|
|
file:
|
|
path: /var/local/keycloak
|
|
state: directory
|
|
|
|
- name: Ensure the user keycloak exists
|
|
user:
|
|
name: keycloak
|
|
create_home: no
|
|
password_lock: yes
|
|
|
|
- name: Retrieve info about users
|
|
getent:
|
|
database: passwd
|
|
|
|
- name: Warning
|
|
debug:
|
|
msg: This is a test server, do not use in production
|
|
|
|
- name: Copy env variables
|
|
template:
|
|
src: dot_env.j2
|
|
dest: /var/local/keycloak/.env
|
|
mode: 0400
|
|
owner: root
|
|
group: staff
|
|
|
|
- name: Ensure the certificate directory exist
|
|
file:
|
|
path: /var/local/keycloak/certificates
|
|
state: directory
|
|
|
|
- name: Copy key
|
|
copy:
|
|
src: /var/certificates/{{ server_hostname }}_privkey.pem
|
|
dest: /var/local/keycloak/certificates/tls.key
|
|
remote_src: yes
|
|
owner: keycloak
|
|
group: keycloak
|
|
mode: 0644 # 0600
|
|
# I wanted to limite read access to the private key to one "keycloak" user,
|
|
# but It doesn't works because the user running some script inside the container
|
|
# has a fix uid (1000) and obviously this uid is taken on the host by the first
|
|
# user created... I hope you're serveur is well protected...
|
|
|
|
- name: Copy certificate
|
|
copy:
|
|
src: /var/certificates/{{ server_hostname }}_cert.pem
|
|
dest: /var/local/keycloak/certificates/tls.crt
|
|
remote_src: yes
|
|
owner: keycloak
|
|
group: keycloak
|
|
|
|
- name: Copy docker-compose.yml
|
|
template:
|
|
src: docker-compose.yml.j2
|
|
dest: /var/local/keycloak/docker-compose.yml
|
|
mode: 0644
|
|
owner: root
|
|
group: staff
|
|
|
|
- name: Start the container
|
|
docker_compose:
|
|
project_src: /var/local/keycloak
|
|
|