132 lines
3.7 KiB
YAML
132 lines
3.7 KiB
YAML
- name: Update default SELinux contexts
|
|
community.general.sefcontext:
|
|
target: "{{ keycloak_install_dir }}/postgres(/.*)?"
|
|
setype: "container_file_t"
|
|
selevel: "{{ keycloak_selinux_level }}"
|
|
state: present
|
|
become: true
|
|
notify: "keycloak selinux context changed"
|
|
|
|
- name: Create keycloak directories.
|
|
ansible.builtin.file:
|
|
path: "{{ keycloak_install_dir }}"
|
|
owner: "root"
|
|
group: "root"
|
|
state: directory
|
|
mode: "0700"
|
|
become: true
|
|
|
|
- name: Ensure keycloak postgres directory exists.
|
|
block:
|
|
- name: Stat keycloak postgres dir.
|
|
ansible.builtin.stat:
|
|
path: "{{ keycloak_install_dir }}/postgres"
|
|
become: true
|
|
register: keycloak_stat_postgres_dir
|
|
|
|
- name: Create keycloak postgres directory.
|
|
ansible.builtin.file:
|
|
path: "{{ keycloak_install_dir }}/postgres"
|
|
owner: "{{ keycloak_stat_postgres_dir.stat.uid | default('root') }}"
|
|
group: "{{ keycloak_stat_postgres_dir.stat.gid | default('root') }}"
|
|
state: directory
|
|
mode: "0700"
|
|
setype: "container_file_t"
|
|
selevel: "{{ keycloak_selinux_level }}"
|
|
become: true
|
|
|
|
- name: Deploy keycloak environment file.
|
|
ansible.builtin.template:
|
|
src: keycloak.env.j2
|
|
dest: "{{ keycloak_install_dir }}/keycloak.env"
|
|
mode: "0600"
|
|
owner: "root"
|
|
group: "root"
|
|
become: true
|
|
notify: "keycloak service changed"
|
|
|
|
- name: Deploy keycloak postgres environment file.
|
|
ansible.builtin.template:
|
|
src: keycloak-postgres.env.j2
|
|
dest: "{{ keycloak_install_dir }}/keycloak-postgres.env"
|
|
mode: "0600"
|
|
owner: "root"
|
|
group: "root"
|
|
become: true
|
|
notify: "keycloak postgres service changed"
|
|
|
|
- name: Ensure container image is present on the host.
|
|
containers.podman.podman_image:
|
|
name: "{{ item.name }}"
|
|
state: present
|
|
tag: "{{ item.tag }}"
|
|
loop:
|
|
- name: "{{ keycloak_containerimage }}"
|
|
tag: "{{ keycloak_image_tag }}"
|
|
- name: "{{ keycloak_postgres_containerimage }}"
|
|
tag: "{{ keycloak_postgres_image_tag }}"
|
|
become: true
|
|
|
|
- name: Add caddy config file.
|
|
block:
|
|
- name: Check caddy config dir.
|
|
ansible.builtin.stat:
|
|
path: "{{ caddy_install_dir }}/config"
|
|
become: true
|
|
register: caddy_stat_config_dir
|
|
|
|
- name: Template caddy config for keycloak.
|
|
ansible.builtin.template:
|
|
src: keycloak.caddy.j2
|
|
dest: "{{ caddy_install_dir }}/config/keycloak.caddy"
|
|
mode: "0600"
|
|
setype: "container_file_t"
|
|
selevel: "{{ caddy_selinux_level }}"
|
|
owner: "{{ caddy_stat_config_dir.stat.uid }}"
|
|
group: "{{ caddy_stat_config_dir.stat.gid }}"
|
|
notify: "caddy config changed"
|
|
become: true
|
|
|
|
- name: Create keycloak container file.
|
|
ansible.builtin.template:
|
|
src: keycloak.container.j2
|
|
dest: "/etc/containers/systemd/keycloak.container"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
become: true
|
|
notify: "keycloak service changed"
|
|
|
|
- name: Create keycloak postgres container file.
|
|
ansible.builtin.template:
|
|
src: keycloak-postgres.container.j2
|
|
dest: "/etc/containers/systemd/keycloak-postgres.container"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
become: true
|
|
notify: "keycloak postgres service changed"
|
|
|
|
- name: Create keycloak network file.
|
|
ansible.builtin.template:
|
|
src: keycloak.network.j2
|
|
dest: /etc/containers/systemd/keycloak.network
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
notify: "keycloak network changed"
|
|
|
|
- name: Flush handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Ensure keycloak services are started.
|
|
ansible.builtin.systemd:
|
|
state: started
|
|
enabled: true
|
|
name: "{{ item }}"
|
|
daemon_reload: true
|
|
loop:
|
|
- keycloak.service
|
|
- keycloak-postgres.service
|
|
become: true
|